Advisory ID: NCC-CSIRT-2025-015
Summary:
The NCC-CSIRT has been notified of critical security vulnerabilities in a wide range of software products. These vulnerabilities, if exploited, could allow attackers to compromise systems, disrupt critical communications, and gain unauthorized access to enterprise and government networks.
These vulnerabilities affect Google Chrome, Microsoft Edge, IBM enterprise solutions, and Asterisk VoIP systems. Exploitation of these flaws could allow attackers to execute arbitrary code, perform remote denial-of-service (DoS) attacks, steal sensitive data, and compromise critical communication and enterprise systems.
Damage/Probability: High/Critical
Product(s):
- Google Chrome
- Microsoft Edge
- IBM Enterprise Products (Cognos Command Center, Cognos Dashboards on Cloud Pak for Data, Db2 Bridge, QRadar SIEM & Incident Forensics, Sterling Connect, Sterling External Authentication Server, Sterling Secure Proxy, WebSphere Remote Server)
- Asterisk VoIP Software
Version(s):
- Google Chrome: Versions earlier than 139.0.7258.154 on Linux; Versions 139.0.7258.154 and .155 on Windows and macOS
- Microsoft Edge: Versions before 139.0.3405.125
- Asterisk: 18.26.x prior to 18.26.4, 18.9-cert1x prior to 18.9-cert17, 20.15.x prior to 20.15.2, 21.10.x prior to 21.10.2, 22.5.x before 22.5.2
- IBM Products: Multiple enterprise solutions (as listed above)
Platform(s):
Linux, Windows, macOS, Cloud-based deployments, Enterprise environments with IBM products, VoIP/PBX Systems.
Description:
This advisory is based on a security alert issued by the French National Cybersecurity Agency (ANSSI) through its CERT-FR, received by the Office of the National Security Adviser (ONSA). The alert details multiple critical vulnerabilities:
Google Chrome & Microsoft Edge: Vulnerabilities in outdated versions that could allow attackers to exploit browsers as entry points into enterprise and government systems.
IBM Enterprise Products: Multiple critical flaws across various IBM software solutions, exposing organizations to unauthorized access and system compromise.
Asterisk VoIP Software: Multiple versions were found vulnerable, enabling attackers to trigger remote DoS attacks, potentially disrupting VoIP and PBX operations.
These vulnerabilities carry significant risks, especially considering that web browsers remain primary attack vectors for cybercriminals. Exploitation could enable attackers to bypass security controls, disrupt communication, or gain unauthorized access to sensitive systems.
Impacts:
- Unauthorized access to enterprise and personal systems
- Service disruption of critical communication infrastructure (VoIP, PBXs)
- Compromise of financial and operational data through IBM enterprise products
- Potential large-scale cyberattacks leveraging browsers as entry points
Solutions:
- Immediately apply the latest security patches released by Google, Microsoft, IBM, and Asterisk for the affected products.
- Ensure that systems running vulnerable versions are updated to the recommended versions or later.
- Conduct vulnerability scans and continuous monitoring of enterprise systems to detect and mitigate exploitation attempts.
- Educate staff and system administrators on the heightened risks associated with outdated browsers and enterprise applications.
- Strengthen endpoint protection, including web filtering and intrusion detection systems, to prevent initial access through compromised browsers.
References: