Weekly digests
Weekly digest3 min read

Weekly threat intelligence digest — 2025-W32

Weekly security intelligence digest covering 1 items, 1 CVEs. 1 critical, 0 high, 0 medium, 0 low.

S
sebastion
threat-intelligenceweekly-digestvulnerability

Weekly threat intelligence digest: August 4 - 10, 2025

Executive summary

This week tracked 1 curated intelligence items and 1 newly published CVEs. The risk profile remained acute, with 1 critical and 0 high severity disclosures in public reporting. Priority themes were vulnerability and active exploitation pressure around internet-exposed enterprise software.

Critical & high priority

1. Critical SonicWall SMA Vulnerability Actively Exploited by Ransomware Groups

  • What happened: SonicWall released an emergency advisory for a critical stack-based buffer overflow vulnerability in SMA 100 series secure remote access appliances. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog after multiple ransomware affiliates were observed exploiting it for initial access into enterprise networks. The vulnerability requires no authentication and can be exploited remotely to gain root-level access to the appliance, which is typically positioned at the network perimeter.
  • Who's affected: Organizations using SonicWall SMA 100 series appliances for remote access VPN. These devices are commonly deployed in small to mid-sized businesses, branch offices, and managed service provider environments. The SMA 100 series is legacy but remains widely deployed, with many organizations unable to quickly migrate to newer platforms.
  • What to do: Patch or mitigate affected systems on an expedited timeline, validate exposure from external attack paths, and add targeted detections for known exploitation behavior.

Notable developments

Most tracked items this week were critical/high vulnerability stories, with no major medium or informational shifts requiring separate strategic treatment.

Vulnerability landscape

This week saw 1 newly published CVEs in NVD-aligned tracking for the reporting window.

  • Critical: 1
  • High: 0
  • Medium: 0
  • Low: 0
  • Top affected vendors: SMA (4), SonicWall (1)

Priority CVEs observed in this window included:

  • CVE-2025-38201 (Critical): Vendor advisory lists a high-priority issue requiring review.

Recommended actions

  1. Prioritize internet-facing patching: Resolve critical and high-severity items first, with strict SLA enforcement for edge systems.
  2. Harden identity and admin pathways: Require phishing-resistant MFA, reduce standing privileges, and audit privileged sessions.
  3. Operationalize detections: Convert this week's CVEs and campaign behaviors into SIEM/SOAR detections and threat hunts.
  4. Protect recovery paths: Isolate and test backups, then validate restoration workflows against ransomware and destructive attack scenarios.

Looking ahead

For August 11 - 17, 2025, expect continued exploitation attempts against newly disclosed enterprise software flaws, plus copycat scanning after proof-of-concept publication. Teams should maintain elevated monitoring for externally exposed assets and review compensating controls where patch windows are delayed.

Newsletter

One email a week. Security research, engineering deep-dives and AI security insights - written for practitioners. No noise.

Back to weekly digests