CVE-2023-25717

CVE-2023-25717 is a software vulnerability, specifically a flaw in the design or implementation of the Ruckus AP remote code execution. In April 2023, FortiGuard Labs observed a unique botnet leveraging this vulnerability, utilizing the SOCKS protocol for distribution. This incident represents a significant cybersecurity concern as it allows malicious actors to exploit the vulnerability to gain unauthorized access and control over affected systems. The impact of CVE-2023-25717 was severe enough that the Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog in May 2023. The inclusion in the KEV catalog indicates that the vulnerability has been actively exploited in the wild and poses a significant risk to unpatched systems. CISA's acknowledgment underscores the need for immediate attention and remediation from organizations using the vulnerable software. Alongside CVE-2023-25717, CISA added six other vulnerabilities to its KEV catalog. These include a Red Hat Polkit privilege escalation (CVE-2021-3560), two Linux kernel privilege escalations (CVE-2014-0196 and CVE-2010-3904), a Jenkins UI information disclosure (CVE-2015-5317), an Apache Tomcat remote code execution (CVE-2016-8735), and an Oracle Java SE and JRockit issue (CVE-2016-3427). The addition of these vulnerabilities to the catalog highlights the ongoing need for organizations to remain vigilant and proactive in their cybersecurity efforts.