Critical Vulnerabilities and Security Updates Discussed in SANS Internet Storm Center Podcast

In the June 4, 2025 edition of the SANS Internet Storm Center's Stormcast podcast, Johannes Ullrich discusses several critical vulnerabilities and their implications for cybersecurity. One of the main topics covered is the recent vulnerability in the vBulletin forum software, initially explained by Egidio Romano. This vulnerability is particularly interesting as it highlights two crucial aspects of vulnerability management and mitigation. vBulletin, a popular forum software written in PHP, implemented an API that exposes certain classes. With the update to PHP version 8.1, the way methods of these classes are accessible changed. This led to the exposure of methods that were previously protected or private, making certain parts of the code vulnerable to external calls. This change, although documented in the PHP manual, was not clearly communicated in the PHP 8.1 update notes, which may have escaped the attention of vBulletin administrators. Another crucial point is how vBulletin handled the communication of its patch. Although a fix was published about a year ago, it lacked details on the exact nature of the vulnerability, which may have deterred some administrators from applying it immediately. This situation highlights the dilemma between quickly updating software to benefit from the latest features and the necessary caution to avoid introducing new vulnerabilities. Johannes Ullrich also mentions that malicious actors are actively exploiting this vulnerability, using several IP addresses to scan for vulnerable systems. Although the exact intentions of these attackers are not yet clear, it is crucial for vBulletin administrators to update their systems to protect themselves. In addition to vBulletin, other important security updates are discussed. Google released an update for Chrome that fixes three vulnerabilities, including a read and write out-of-bounds in V8 that is already being exploited. Google mitigated this vulnerability with a configuration change, highlighting the importance of keeping browsers up to date. The Roundcube webmail system also released an update to fix a deserialization vulnerability, exploitable by authenticated users. Given that many users in an organization may be connected to a Roundcube instance, this vulnerability poses a significant risk. Finally, HP released patches for its StoreOnce software, fixing vulnerabilities discovered during the Pwn2Own contest. These vulnerabilities include authentication bypasses and remote code executions, underscoring the importance of quickly patching these critical systems. In conclusion, this edition of the Stormcast highlights the importance of vigilance and proactive update management to maintain the security of computer systems. Administrators must not only apply patches quickly but also understand the details of vulnerabilities to take appropriate measures.