Cross-site Scripting (XSS) vulnerability (CVE-2025-4379) has been found in Studio Fabryka DobryCMS software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-3893 to CVE-2025-3895) found in MegaBIP software.

TCC Bypass vulnerability (CVE-2025-4280) has been found in MacOS version of Poedit software.

CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Proget software.

Missing Authorization vulnerability (CVE-2025-4430) has been found in EZD RP software.

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-3758 and CVE-2025-3759) found in Netis Systems WF2220 software.

CERT Polska has received a report about 4 vulnerabilities (from CVE-2025-1980 to CVE-2025-1983) found in Symfonia Ready_ software.

CERT Polska has received a report about 11 vulnerabilities found in Internet Starter module of SoftCOM iKSORIS software.

Another year of CERT Polska’s activities is behind us. An absolutely record-breaking year, if we take into account practically all the statistics cited in our previous reports. Behind these numbers is the daily work of experts who care for the safety of Poles online every day. This year’s report is about this work, the key challenges we face and the threats we analyse.

The problem of scammers exploiting social media platforms continues to persist. Meta has yet to fulfill all the recommendations made last year by experts from the CERT Polska team at NASK, which were intended to enhance the safety of Polish social media users.