CCTR.53.DEC.25

Monday morning cyber coffee read CCTR.53.DEC.25

WatchGuard has observed threat actors actively exploiting a critical risk vulnerability (CVE-2025-14733) in WatchGuard Fireware OS. Successful exploitation allows a remote, unauthenticated attacker to take control of the affected Firebox firewall device, access sensitive configurations and credentials, pivot into internal networks and undermine trust across connected environments.

Patch now, assume compromise and hunt aggressively.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027

Fortinet has observed active abuse in the wild of a five-year-old vulnerability (CVE-2020-12812). Under specific configurations, FortiGate firewalls using LDAP authentication with two-factor authentication (2FA) enabled may allow attackers to bypass 2FA and authenticate directly against LDAP.

This issue is lower impact than the recent WatchGuard vulnerability, as exploitation has certain dependencies and does not provide direct control over the impacted firewall.

Review your exposure if you’re using FortiGate deployments using LDAP authentication with 2FA enabled.

• Implement recommended mitigation configuration.

• Review VPN and authentication logs for indicators of 2FA bypass and unusual access behaviour.

https://www.fortinet.com/blog/psirt-blogs/product-security-advisory-and-analysis-observed-abuse-of-fg-ir-19-283

A high-severity vulnerability (CVE-2025-14847) has been identified in MongoDB that can lead to sensitive information disclosure. Exposed data may include internal in-memory information that could assist attackers in further exploitation.

Check whether you are running a vulnerable MongoDB version. If yes, time to upgrade.

https://jira.mongodb.org/browse/SERVER-115508