News brief: Patch critical SAP, Samsung and chat app flaws now
Check out the latest security news from the Informa TechTarget team.
Patch management is one of the oldest and most well-known IT and security tasks, but it remains a bane of admins' existence. From buggy patches and time-consuming processes to fears of business downtime and increased complexity due to remote workers, patch management isn't the easiest task for IT and security professionals.
Yet it is a constant worry.
Fifty-four percent of Ponemon Institute's "2024 State of Cyber Risk in the Age of AI" respondents cited unpatched vulnerabilities as the top cyber-risk at their organization. And it's no surprise why -- as of the writing of this article, NIST's National Vulnerability Database has received an average of 136 new CVEs a day this year.
While not all vulnerabilities are critical, teams must be aware of them. Here are three that made the news this week.
SAP NetWeaver vulnerability under attack by APT and ransomware groups
A critical vulnerability, CVE-2025-31324, in SAP NetWeaver's Visual Composer development software is under attack by ransomware groups and Chinese advanced persistent threat actors. The flaw, which has a CVSS score of 9.8, enables unauthenticated remote code execution. Initially reported by cybersecurity company ReliaQuest on April 22, the vulnerability has attracted multiple threat actors. SAP released an emergency patch on April 24, but attackers continue to exploit it.
Samsung MagicINFO Server PoC under exploit
Threat actors are actively exploiting a critical vulnerability, CVE-2025-4632, in Samsung's digital signage management product. The MagicINFO Server 9 flaw, which received a CVSS score of 9.8, enables attackers to write arbitrary files with system authority. Bug disclosure group SSD Secure Disclosure reported the issue to Samsung on January 12 and published a proof of concept (PoC) on April 30. Security companies Arctic Wolf and Huntress observed exploitation attempts in early May, with some attacks linked to Mirai botnet activities. Samsung issued a hotfix on May 8, though researchers noted that the patch requires installation of a specific previous version first. The PoC bypasses versions patched against CVE-2024-7399, a restricted directory vulnerability disclosed and patched last year.
Chat app vulnerability exploited months after patch released
A Turkish cyberespionage group known as Sea Turtle has been exploiting a critical vulnerability in Output Messenger to spy on Kurdish military forces in Iraq since April 2024, Microsoft reported. The messaging app, marketed as a private, secure enterprise messaging service, was compromised using DNS hijacking or typosquatting to gain users' credentials. The attackers exploited a directory traversal vulnerability to plant backdoors that enabled them to intercept communications. Output Messenger's developer, Srimax, said it patched this issue on Dec. 25, but Microsoft reported that unpatched systems continue to be targeted.
Patch management resources
Learn more about enterprise patch management here:
- 10 enterprise patch management best practices
- Key software patch testing best practices
- How to conduct security patch validation and verification
- An 11-step patch management process to ensure success
- Creating a patch management policy: Step-by-step guide
- Automated patch management: 9 best practices for success
Editor's note: Our staff used AI tools to assist in the creation of this news brief.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.
