RadioCSIRT English Edition – Your Cybersecurity Update for Monday, 1 December 2025 (Ep.37)
Welcome to your daily cybersecurity briefing.
Mattermost Patches Silent Security Flaw
CERT-FR reports an "unspecified security issue" in Mattermost Server (MMSA-2025-00545). While technical details remain undisclosed by the vendor, the vulnerability impacts multiple branches including 10.11, 10.12, 11.0, and 11.1. Given the platform's role in centralizing sensitive internal communications, administrators are urged to apply the November 27th updates immediately.
Security Policy Bypass in Stormshield VPN Client
A logic flaw identified as CVE-2025-11955 affects the Stormshield Network VPN Client (v7.5.109). This vulnerability allows local users or attackers to bypass security policies enforced by the administrator, effectively neutralizing network restrictions and compliance rules on the endpoint.
VMware Tanzu & Stemcells Massive Security Overhaul
VMware has released a critical sweep of updates for Tanzu Platform and Ubuntu Stemcells (Jammy/Noble) to address a massive backlog of vulnerabilities dating as far back as 2022. Running outdated builds exposes application workloads to dozens of known CVEs, requiring an immediate upgrade to the November 30th releases.
Critical RCE and DoS Vulnerabilities in Zabbix
Zabbix has issued alerts for severe vulnerabilities affecting both Agents (specifically on AIX) and Servers across versions 6.0 through 7.4. The flaws expose infrastructure to Arbitrary Code Execution, Denial of Service, and security bypass. Due to the high privileges and visibility of monitoring systems, this is a critical priority for patching.
Don’t Think – Patch Now !
Listen to the full show here
Sources:
CERT-FR – Mattermost Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1052/
CERT-FR – Stormshield VPN Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1053/
CERT-FR – VMware Tanzu Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1054/
CERT-FR – Zabbix Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1055/
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com
Welcome to your daily cybersecurity briefing.
Mattermost Patches Silent Security Flaw
CERT-FR reports an "unspecified security issue" in Mattermost Server (MMSA-2025-00545). While technical details remain undisclosed by the vendor, the vulnerability impacts multiple branches including 10.11, 10.12, 11.0, and 11.1. Given the platform's role in centralizing sensitive internal communications, administrators are urged to apply the November 27th updates immediately.
Security Policy Bypass in Stormshield VPN Client
A logic flaw identified as CVE-2025-11955 affects the Stormshield Network VPN Client (v7.5.109). This vulnerability allows local users or attackers to bypass security policies enforced by the administrator, effectively neutralizing network restrictions and compliance rules on the endpoint.
VMware Tanzu & Stemcells Massive Security Overhaul
VMware has released a critical sweep of updates for Tanzu Platform and Ubuntu Stemcells (Jammy/Noble) to address a massive backlog of vulnerabilities dating as far back as 2022. Running outdated builds exposes application workloads to dozens of known CVEs, requiring an immediate upgrade to the November 30th releases.
Critical RCE and DoS Vulnerabilities in Zabbix
Zabbix has issued alerts for severe vulnerabilities affecting both Agents (specifically on AIX) and Servers across versions 6.0 through 7.4. The flaws expose infrastructure to Arbitrary Code Execution, Denial of Service, and security bypass. Due to the high privileges and visibility of monitoring systems, this is a critical priority for patching.
Don’t Think – Patch Now !
Listen to the full show here
Sources:
CERT-FR – Mattermost Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1052/
CERT-FR – Stormshield VPN Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1053/
CERT-FR – VMware Tanzu Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1054/
CERT-FR – Zabbix Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1055/
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.