Advisories 23 September 2025 / 0 Comments

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Scope: SAP S/4HANA

Severity: Red

A critical code-injection flaw in S/4HANA is being exploited in the wild to breach exposed servers. Apply SAP’s August 11 security note and restrict external exposure.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

RELATED ADVISORIES

Advisories 23 September 2025

Microsoft Exchange 2016 & 2019 Reach End of Support in 30 Days

Scope: Microsoft Exchange Server 2016 & 2019 (On-Premises)

Severity: Amber (High)

Microsoft has reminded administrators that Exchange Server 2016 and Exchange Server 2019 will reach end of extended support on October 14, 2025. After that date, Microsoft will no longer provide technical support, bug fixes for newly discovered issues, time zone updates, or security patches. Servers running those versions may continue to function, but will be increasingly vulnerable to newly discovered security risks. Microsoft advises migration to Exchange Online or upgrading to Exchange Server Subscription Edition (SE). .

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware

Advisories 23 September 2025

Chrome zero-day (CVE-2025-6554) – sandbox escape/type confusion

Advisories 12 September 2025

Android September 2025 – two actively exploited elevation-of-privilege flaws

Advisories 12 September 2025

Spoofing and Remote Code Execution chain vulnerability

Advisories 24 July 2025

Connection Hijacking Vulnerability- Huawei

Advisories 25 November 2024

Cross-site Scripting (XSS) Vulnerability- SPLUNK (Cisco)

Advisories 25 November 2024