Main navigation

Home
About Us
News and Updates
Advisories
Report an Incident
Publications

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Advisories 23 September 2025

Microsoft Exchange 2016 & 2019 Reach End of Support in 30 Days

Advisories 23 September 2025

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware

Advisories 23 September 2025

Chrome zero-day (CVE-2025-6554) – sandbox escape/type confusion

Advisories 12 September 2025

Android September 2025 – two actively exploited elevation-of-privilege flaws

Advisories 12 September 2025

Advisories 23 September 2025 / 0 Comments

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware

Scope: WinRAR (archive utility)

Severity: Red

A path traversal flaw allowed archives to write files to attacker-chosen paths; exploited in phishing to install RomCom malware. Upgrade to WinRAR 7.13+ and block untrusted archives. .

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

RELATED ADVISORIES

Advisories 23 September 2025

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Scope: SAP S/4HANA

Severity: Red

Microsoft Exchange 2016 & 2019 Reach End of Support in 30 Days

Advisories 23 September 2025

Chrome zero-day (CVE-2025-6554) – sandbox escape/type confusion

Advisories 12 September 2025

Android September 2025 – two actively exploited elevation-of-privilege flaws

Advisories 12 September 2025

Spoofing and Remote Code Execution chain vulnerability

Advisories 24 July 2025

Connection Hijacking Vulnerability- Huawei

Advisories 25 November 2024

Cross-site Scripting (XSS) Vulnerability- SPLUNK (Cisco)

Advisories 25 November 2024

Recent Advisories

01

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation
02

Microsoft Exchange 2016 & 2019 Reach End of Support in 30 Days
03

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware
04

Chrome zero-day (CVE-2025-6554) – sandbox escape/type confusion
05

Android September 2025 – two actively exploited elevation-of-privilege flaws
06

Spoofing and Remote Code Execution chain vulnerability

Contact info

National Information Technology Authority - Uganda,Palm Courts, Plot 7A, Rotary Avenue (Former Lugogo Bypass)

P.O. Box 33151, Kampala - Uganda
+256-417 801038
Map Location
[email protected]

Useful Links

Home
About Us
News and Updates
Advasories
Report Incident
Publications

Subscribe to our Mailing List

Stay up to date with our Newsletter (The Computer Emergency Response Team/Coordination Center (CERT.UG/CC))

The subscriber's email address.

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware

RELATED ADVISORIES

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Recent Advisories

Categories