September 2025 has been a powerful reminder that today’s greatest cyber risks often come from the software we rely on most. In just a few short weeks, organizations faced a wave of critical zero-day vulnerabilities across remote access gateways, communication apps, password managers, and even everyday utilities. These weren’t hypothetical risks – they were live, actively exploited threats.
For business, legal, and IT leaders, the takeaway is clear: the attack surface is broader, more unpredictable, and more business-critical than ever. But it’s also a call to action. With the right expertise, visibility, and response, organizations can turn this shifting threat landscape into an opportunity to build lasting resilience.
Attackers go where the opportunity is greatest: software that sits at the heart of enterprise operations. September’s zero-days proved that point all too well. Here are a few of the latest vulnerabilities as well as some of Avalon’s strategic solutions.
Citrix NetScaler, long trusted for secure remote access, became ground zero for exploitation. CVE-2025-7775 allowed unauthenticated remote code execution, giving attackers a direct route inside enterprise networks. From there, they could pivot laterally, bypass controls, and access sensitive data. For compliance and legal teams, this isn’t just a technical issue. A breach here triggers notification requirements, regulatory exposure, and real financial liability.
Risk: This vulnerability allows unauthenticated remote code execution on a trusted remote access gateway, enabling attackers to gain a privileged foothold on network perimeter devices without any credentials.
Impact: Attackers can move laterally through the network, bypass internal security controls, and access sensitive data, leading to data breaches that trigger notification requirements under regulations like GDPR and CCPA, expose intellectual property, and result in significant legal and financial liability.
Mitigation: Prioritize patching with live threat intelligence, automate deployment of critical patches to perimeter devices, and establish 24/7 incident response processes; redesign access strategies, validate vendor trust through deepened due diligence, review contracts for strong security clauses, and architect systems with network segmentation to limit blast radius assuming vendor failure.
Executives and sales teams often use WhatsApp for convenience, even when it’s outside official IT oversight. CVE-2025-55177 exploited this shadow IT, enabling spyware deployment through a malicious video file. The fallout? Espionage, data leakage, and direct executive targeting.
Risk: This flaw in iOS and macOS versions enables device compromise through a specially crafted malicious video file, exploiting shadow IT usage in business communications to deploy spyware.
Impact: Potential for corporate espionage by monitoring sensitive conversations and negotiations, data leakage of confidential documents and internal communications, and targeted attacks on executives for credential theft or blackmail, undermining overall organizational security.
Mitigation: Enforce clear acceptable use policies and robust Mobile Device Management (MDM) solutions to control unofficial apps; provide secure, sanctioned alternatives for communication; automate patching where possible, maintain full asset visibility, and conduct user training combined with executive protection to close gaps between policy and real-world use.
Sometimes the simplest tools carry the biggest risks. CVE-2025-8088 in WinRAR made it possible to execute malicious code just by opening a booby-trapped archive file – an attack vector tailor-made for phishing.
Risk: A path traversal vulnerability that leads to remote code execution when opening a booby-trapped archive file, making it an ideal vector for phishing attacks on commonly installed but often overlooked utilities.
Impact: Malware execution on corporate endpoints, allowing attackers to embed threats in benign-looking files attached to emails, resulting in persistent unmanaged risk from legacy software, potential data exfiltration, and widespread compromise without comprehensive inventory or patching.
Mitigation: Implement continuous asset inventory to track all software on endpoints and servers, automate patching for overlooked applications, and enforce application control with allow-lists or block-lists to prevent execution of unauthorized or outdated tools; shine a light on "forgotten" apps through phishing-resistant controls and diligent patch management.
Perhaps most unsettling was the authentication bypass vulnerability discovered in Passwordstate, a trusted enterprise password manager. A compromise here doesn’t just expose data, it hands adversaries the keys to the kingdom.
Risk: A high-severity authentication bypass vulnerability in this enterprise password manager, allowing attackers to access credential vaults without valid credentials and compromising the bedrock of secure access control.
Impact: Hands adversaries the "keys to the kingdom," enabling access to databases, cloud consoles, network devices, and critical applications, leading to catastrophic supply chain failures, data breaches, and complete undermining of access control principles with severe business continuity disruptions.
Mitigation: Build layered defenses around sensitive systems, including network segmentation and identity controls to contain failures; deepen vendor due diligence beyond questionnaires, ensure contracts include breach notification timelines and liabilities, and architect environments assuming any security tool could fail; prioritize threat intelligence-driven patching and maintain comprehensive asset visibility.
September’s lessons aren’t just warnings; they’re guideposts for building stronger, more resilient organizations. With Avalon at your side, you can turn these insights into action:
September wasn’t an exception; it was a preview of the new normal. Attackers will continue targeting the tools we trust most. But with a proactive, zero-trust mindset, organizations can transform these challenges into a foundation for resilience.
At Avalon, we know that security isn’t just an IT function – it’s a business imperative. Our cyber experts partner with you to strengthen defenses, sharpen response strategies, and build the confidence to operate securely in any environment. The threats are evolving. But with Avalon on your side, so is your resilience. For assistance, contact our team today.