Hardware makers MediaTek, HPE and Dell on Monday released advisories to inform customers about potentially serious vulnerabilities found and patched in their products.
Taiwanese semiconductor company MediaTek announced patches for a dozen vulnerabilities, including a critical-severity flaw in the modem component of tens of chipsets that could lead to remote code execution (RCE).
Tracked as CVE-2024-20154, the issue is described as an out-of-bounds write that could be exploited when a device is connected to a rogue base station controlled by the attacker, without user interaction.
MediaTek’s advisory also details seven high-severity bugs that could lead to local escalation of privilege, or RCE if the attacker is adjacent to the vulnerable device.
Dell announced patches for a high-severity defect in its Update Package (DUP) Framework, tracked as CVE-2025-22395 and described as a local escalation of privilege issue that could enable the execution of arbitrary scripts, leading to denial-of-service (DoS) conditions. DUP framework version 22.01.02 resolves the vulnerability.
Additionally, the tech company released fixes for multiple products affected by CVE-2024-52316, an Apache Tomcat vulnerability disclosed in November 2024, which could lead to authentication bypass.
HPE announced patches for multiple flaws in third-party components used in its SAN switches running Brocade Fabric OS (FOS), including high- and medium-severity issues that could lead to escalation of privilege, remote command execution, authentication bypass, DoS, and arbitrary file creation or deletion.
The company’s advisory mentions ten security defects: two publicly disclosed in 2022, four disclosed in 2023, and four identified in 2024. All bugs were fixed in versions 9.2.2, 9.2.1a1, and 9.2.0c of the FOS firmware for HPE B-Series products.
Although none of the vendors makes any mention of any of these vulnerabilities being exploited in attacks, users are advised to apply these patches as soon as possible.
Related: ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others
Related: Chrome 131 Update Patches High-Severity Memory Safety Bugs
Related: Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks
Related: 2FA Bypass Vulnerability Patched in cPanel & WebHost Manager
