Remote Code Execution

CISA renews warnings about CVE-2025-47812, a CVSS 10.0 vulnerability in Wing FTP Server that grants attackers root/SYSTEM access. Over 8,000 servers remain exposed.

CVE-2025-20265 in Cisco Secure Firewall Management Center allows unauthenticated attackers to execute commands as root via RADIUS authentication. Patch immediately.

CISA adds CVE-2026-22719 to Known Exploited Vulnerabilities catalog after confirming active exploitation of VMware Aria Operations command injection flaw.