07/09/2025-07/16/2025 Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability, Critical mcp-remote Vulnerability, Patch for Critical SQL Injection Flaw And More.

1. Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google announced that its AI-assisted vulnerability detection system, Big Sleep, uncovered a critical flaw (CVE-2025-6965, CVSS 7.2) in the SQLite database before it could be exploited. The memory corruption bug, affecting versions prior to 3.50.2, could allow attackers to trigger an integer overflow via arbitrary SQL injection.Google described this latest discovery as the first known case where an AI directly prevented a real-world exploit.

To ensure AI agents like Big Sleep operate safely, Google published a white paper outlining a hybrid security model. It combines traditional, rule-based controls with dynamic AI reasoning to create “defense-in-depth” safeguards. These enforced boundaries aim to reduce risks such as prompt injection and unauthorized actions.

2. Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-6514 (CVSS 9.6), affects versions 0.0.5–0.1.15 of the mcp-remote project, allowing remote code execution (RCE) via untrusted MCP server connections. The flaw poses serious risks to LLM clients (e. g., Claude Desktop) by enabling OS command injection through malicious authorization_endpoint values during OAuth metadata discovery.

Attackers can exploit this either by hosting a malicious MCP server or via man-in-the-middle attacks over unsecured HTTP connections. On Windows systems, the issue stems from PowerShell’s subexpression evaluation, enabling arbitrary command execution—such as writing files or running system commands—without proper validation.

Remediation steps:

• Update to mcp-remote v0.1.16 immediately.
• Use HTTPS-only connections to trusted servers.
• Audit MCP configurations and remove any HTTP-based endpoints.
• Enforce strict trust policies for remote servers.

With LLM platforms increasingly integrating MCP, maintaining secure configurations and monitoring for similar threats is critical to preventing system compromise.

3. Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet has patched a critical vulnerability (CVE-2025-25257, CVSS 9.6) in FortiWeb that allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP/HTTPS requests. The flaw stems from improper input sanitization in the get_fabric_user_by_token function, part of the Fabric Connector component, and affects multiple API endpoints.

Exploiting this SQL injection can lead to remote code execution by using SQL’s SELECT ... INTO OUTFILE to write and execute malicious files on the system, which runs queries under the mysql user.

Impacted versions include:

• FortiWeb 7.6.0–7.6.3 (fix: update to 7.6.4+)
• 7.4.0–7.4.7 (update to 7.4.8+)
• 7.2.0–7.2.10 (update to 7.2.11+)
• 7.0.0–7.0.10 (update to 7.0.11+)

Fortinet recommends disabling the HTTP/HTTPS admin interface as a temporary workaround and urges users to apply patches immediately due to past exploitation of Fortinet vulnerabilities.

4. Hackers Are Exploiting Critical RCE Flaw In Wing FTP Server

Hackers began exploiting a critical RCE vulnerability (CVE-2025-47812) in Wing FTP Server just one day after technical details became public. The flaw combines a null byte and Lua code injection, allowing unauthenticated remote attackers to execute code as root/SYSTEM on affected systems (v7.4.3 and earlier).

The vulnerability stems from unsafe handling of null-terminated strings and poor input sanitization. By injecting a null byte in the username field, attackers can bypass authentication and inject Lua code into session files, leading to arbitrary code execution.

Security firm Huntress observed real-world attacks using this flaw to gain persistence, run recon commands, and attempt malware downloads via certutil. At least five IP addresses targeted a customer’s server, indicating mass scanning.
Three additional flaws (CVE-2025-27889, -47811, -47813) were also disclosed, exposing passwords and file paths.

Users must upgrade to version 7.4.4. If not possible, disable web portal access, restrict anonymous logins, and monitor the session directory for suspicious files.

5. CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CISA has added a critical vulnerability in Citrix NetScaler ADC and Gateway (CVE-2025-5777, CVSS 9.3) to its KEV catalog, confirming active exploitation in the wild. Dubbed Citrix Bleed 2, the flaw stems from insufficient input validation, allowing unauthenticated attackers to perform memory overreads and steal sensitive session data.

First reported in mid-June 2025, attackers have leveraged it to extract session tokens and access internal systems. Exploitation attempts have been traced to 10 IPs from multiple countries, with links to RansomHub ransomware.

Citrix released a patch (version 14.1-43.56+) on June 17. Admins are urged to update immediately and terminate all active sessions to prevent token reuse. Logs should be reviewed for suspicious authentication endpoint activity.

The flaw allows remote code execution and lateral movement in hybrid IT environments. CISA mandated federal agencies to patch within 24 hours. Another Citrix flaw (CVE-2025-6543) is also being exploited.