VERY IMPORTANT

In August 2025, eighteen high-impact vulnerabilities were identified for prioritized remediation, down from 22 in July. The month saw a focus on Citrix and D-Link flaws, with active exploitation of Citrix NetScaler products and D-Link routers. OS Command Injection was the most common weakness. One vulnerability was linked to a malware campaign by the Russia-linked group RomCom. Six vulnerabilities allowed remote code execution, affecting WinRAR, Citrix, FreePBX, and Microsoft products. Notable exploits included a critical Citrix NetScaler flaw (CVE-2025-7775) and a WinRAR vulnerability (CVE-2025-8088) used by RomCom to deliver malware. Other significant vulnerabilities affected N-able N-central, Cisco Secure FMC, and Fortinet FortiSIEM.