Security authorities have issued an urgent alert regarding vulnerabilities found in widely used software, adding them to a critical list of flaws known to be actively exploited by attackers. The CISA (Cybersecurity and Infrastructure Security Agency) has updated its Known Exploited Vulnerabilities (KEV) catalog, highlighting immediate threats posed by security issues in RoundCube webmail and the Erlang/OTP platform.
The specific RoundCube vulnerability added to the catalog, potentially a critical Remote Code Execution (RCE) flaw, allows attackers to potentially compromise vulnerable webmail servers by sending specially crafted emails. This poses a significant risk to organizations and individuals relying on RoundCube for communication.
Furthermore, a key vulnerability identified in Erlang/OTP, a programming language and platform used in numerous applications including databases, messaging systems, and web servers, has also been confirmed as being under active exploitation. Given Erlang’s foundational role in various technologies, this flaw presents a broad potential attack surface.
The inclusion of these issues in the KEV catalog serves as a critical warning. It means these are not merely theoretical vulnerabilities but are actively being leveraged by malicious actors in real-world attacks. Organizations using RoundCube or applications built on Erlang/OTP must consider these flaws an immediate and severe risk.
Prompt patching and the application of recommended mitigation measures are essential and urgent actions to take. Failure to address these vulnerabilities leaves systems exposed to potential compromise, data breaches, and service disruptions. Security teams should consult official advisories and update to the latest secure versions of the affected software without delay to protect against these active threats.
Source: https://securityaffairs.com/178843/hacking/u-s-cisa-adds-roundcube-erlang-erlang-flaws-known-exploited-vulnerabilities-catalog.html
