A critical vulnerability in file transfer protocols has been exploited, leading the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert. The flaw allows unauthorized access and potential data breaches, prompting organizations to update their systems and mitigate risks immediately.

CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.

A critical remote code execution vulnerability (CVE-2025-3248) in Langflow has been actively exploited, allowing attackers to gain full control of vulnerable servers via an unprotected API endpoint. Organizations are urged to upgrade to version 1.3.0 or later to mitigate risks, as CISA warns of the high likelihood of exploitation and the potential existence of over 500 exposed instances. Those unable to upgrade should restrict access to Langflow services immediately.

A critical vulnerability in the widely used Sudo program has been identified, allowing attackers to gain unauthorized root access on affected systems. The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to apply the necessary patches to mitigate potential exploitation of this flaw. Organizations are advised to prioritize updates to prevent security breaches.

CISA has issued a warning about a high-severity arbitrary code execution vulnerability in the Git version control system, tracked as CVE-2025-48384, which is being actively exploited by hackers. Federal agencies must apply patches by September 15th or take alternative security measures. Additionally, two Citrix Session Recording vulnerabilities have also been added to the Known Exploited Vulnerabilities catalog, with the same deadline for remediation.

A vulnerability has been identified in the End-of-Train and Head-of-Train remote linking protocol, affecting multiple devices from manufacturers like Wabtec and Siemens. The weakness allows potential exploitation through weak authentication, posing risks to transportation systems. CISA recommends mitigations and encourages users to contact device manufacturers for further guidance.