RadioCSIRT – Your Cybersecurity News for Wednesday, December 10th, 2025 (Ep.46) episode artwork

EPISODE · Dec 10, 2025 · 8 MIN

RadioCSIRT – Your Cybersecurity News for Wednesday, December 10th, 2025 (Ep.46)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your daily cybersecurity podcast.Microsoft refuses to fix a critical RCE vulnerability in the .NET framework affecting the SoapHttpClientProtocol class. Revealed at Black Hat Europe by researcher Piotr Bazydło from WatchTowr, the flaw enables arbitrary file writes through SOAP URL manipulation. Exploitation relies on unexpected support for FILE and FTP protocols by a class designed to handle HTTP only. Confirmed vulnerable products include Ivanti Endpoint Manager, Umbraco 8 CMS, and Barracuda Service Center, but the actual number of affected applications is likely massive.CERT-FR publishes advisory CERTFR-2025-AVI-1088 concerning four critical vulnerabilities in Ivanti Endpoint Manager 2024. CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662 enable remote arbitrary code execution, security policy bypass, and XSS injection. Only versions prior to 2024 SU4 SR1 are affected. The patch has been available since December 9th, 2025.CERT-FR also issues advisory CERTFR-2025-AVI-1084 concerning 17 Fortinet security bulletins covering 18 CVEs. The entire Fortinet portfolio is affected: FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiWeb, FortiSandbox, FortiExtender, FortiAuthenticator, FortiVoice, FortiSOAR, FortiPAM, FortiSRA, FortiSASE, FortiSwitchManager, and FortiPortal. Critical vulnerabilities include remote code execution, privilege escalation, and SQL injection.Finally, Spanish National Police arrests a 19-year-old individual in Igualada for theft and sale of 64 million personal data records from nine companies. Exfiltrated data includes DNI numbers, addresses, phone numbers, emails, and IBAN codes. The suspect used six online accounts and five pseudonyms to sell databases on underground forums. Authorities seized electronic equipment and froze a crypto wallet.We don't think, we patch!Sources:The Register: https://www.theregister.com/2025/12/10/microsoft_wont_fix_net_rce/CERT-FR: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1088/CERT-FR: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1084/The Record: https://therecord.media/spain-arrests-teen-suspect-data-theft-and-saleYour feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com 

NOW PLAYING

RadioCSIRT – Your Cybersecurity News for Wednesday, December 10th, 2025 (Ep.46)

0:00 8:33

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 8 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on December 10, 2025.

What is this episode about?

Welcome to your daily cybersecurity podcast.Microsoft refuses to fix a critical RCE vulnerability in the .NET framework affecting the SoapHttpClientProtocol class. Revealed at Black Hat Europe by researcher Piotr Bazydło from WatchTowr, the flaw...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!