Overview
- Google confirmed an exploit in the wild for CVE-2025-14174, an ANGLE out-of-bounds flaw affecting Chrome on macOS prior to version 143.0.7499.110, and released fixes.
- CVE-2018-4063 in Sierra Wireless AirLink ES450 enables authenticated unrestricted file uploads via upload.cgi that can overwrite executables and execute as root through ACEManager.
- Cisco Talos reported the Sierra Wireless weakness in December 2018 and publicly disclosed it in April 2019, and the affected ES450 firmware is a legacy, end-of-support product.
- Forescout’s recent honeypot analysis found industrial routers heavily targeted in OT environments and documented a 2024 Chaya_005 campaign that weaponized CVE-2018-4063 with limited subsequent activity.
- CISA’s KEV listing imposes mandatory remediation for FCEB agencies and advises upgrading to supported releases or decommissioning unsupported Sierra Wireless devices.