SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch...

FreePBX Exploit Attempts (CVE-2025-57819)
A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems.
https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350
Disrupting Threats Targeting Microsoft Teams
Microsoft published a blog post outlining how to better secure Teams.
https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/
Kibana XSS Patch CVE-2025-25009
Elastic patched a stored XSS vulnerability in Kibana
https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449
QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729,
The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution
https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt