SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, October 23rd, 2025: Blue Angle Software Exploit; Oracle CPU; Rust tar library vulnerability.
7 snips
Oct 23, 2025 Discover the latest exploits targeting Blue Angel Software, with intriguing honeypot detections suggesting a connection to CVE-2025-34033. Oracle's recent critical patch update tackles an impressive 374 vulnerabilities, focusing on significant flaws in their e-Business Suite. Plus, explore the Rust TAR library's vulnerabilities, revealing potential risks from unmaintained packages and the challenge of managing security disclosures. Tune in for expert insights on these pressing cyber threats!
AI Snips
Chapters
Transcript
Episode notes
Embedded Devices Expose Classic Command Injection
- Many embedded devices use Blue Angel webctrl.cgi and expose OS command injection via ping/debug features.
- Johannes Ulrich observed attacks likely related to CVE-2025-34033 or a close variant targeting that parameter handling.
Stage Oracle CPU Patches Carefully
- Test Oracle CPU patches carefully rather than rushing deployment.
- Treat Oracle updates as significant changes and stage them due to breadth and complexity of affected products.
SQLite Flaw Drives Multiple High‑Severity Oracle Fixes
- Oracle's October CPU covers hundreds of vulnerabilities across many products, including new e‑Business Suite issues.
- Several high‑severity 9.8 CVSS issues stem from an underlying SQLite vulnerability present in Oracle products.