Executive Summary:
A high-severity vulnerability has been identified in the JSON::SIMD component used across multiple products from the vendor "before". This flaw allows an unauthenticated remote attacker to cause a denial of service by sending a specially crafted JSON payload, potentially leading to application crashes and significant service downtime. Organizations are urged to apply the provided security updates immediately to mitigate this risk.

Vulnerability Details

CVE-ID: CVE-2025-40930

Affected Software: before Multiple Products

Affected Versions: All versions of the JSON::SIMD library before version 1.

Vulnerability: The vulnerability exists in the parsing logic of the JSON::SIMD library. An unauthenticated attacker can send a specially crafted JSON document to an application or service utilizing the vulnerable library. This malicious input is processed in a way that leads to uncontrolled resource consumption, such as excessive memory allocation or a high-CPU infinite loop, causing the application to become unresponsive or terminate, resulting in a denial-of-service condition.

Business Impact

This vulnerability is rated as high severity with a CVSS score of 7.5. Successful exploitation could lead to significant business disruption by making critical applications and APIs unavailable to customers, partners, and internal users. The potential consequences include direct financial loss from downtime, violation of Service Level Agreements (SLAs), reputational damage, and the diversion of engineering resources to incident response and recovery efforts. Any service that ingests JSON data from untrusted sources is at direct risk.

Remediation Plan

Immediate Action: The primary remediation is to upgrade the affected component. System administrators should apply the vendor-supplied security updates to upgrade the JSON::SIMD library to version 1 or later immediately. After patching, it is crucial to monitor affected applications for any signs of exploitation attempts and review access logs for anomalous JSON payloads targeting the service.

Proactive Monitoring: Security teams should monitor for indicators of compromise, including sudden and sustained spikes in CPU or memory usage on servers processing JSON data. Ingress network traffic and application logs should be inspected for unusually large, complex, or malformed JSON requests that could be attempts to trigger this vulnerability. Configure alerts for application crashes or restarts on critical systems.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. Deploy a Web Application Firewall (WAF) with rules to inspect and block malformed or excessively large JSON payloads. Implement strict input validation and size-limiting on all endpoints that accept JSON data before it is passed to the vulnerable parsing library.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of September 8, 2025, there are no known public proof-of-concept exploits for this vulnerability, and it is not known to be actively exploited in the wild. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

Analyst Recommendation

Given the high severity (CVSS 7.5) and low complexity required for an attacker to cause a denial of service, organizations are strongly advised to treat this vulnerability with high priority. Although there is no current evidence of active exploitation, the nature of this flaw makes it a prime target for threat actors seeking to cause disruption. We recommend that the vendor's patches be applied immediately, prioritizing internet-facing systems and critical backend services that process JSON data from external sources.

Executive Summary:
A high-severity vulnerability has been identified in the JSON::XS component used across multiple products from the vendor "before". This flaw allows a remote attacker to send specially crafted data that can cause the affected application to become unresponsive, leading to a denial-of-service condition. Organizations are urged to apply security updates immediately to prevent potential service disruptions and protect against exploitation.

Vulnerability Details

CVE-ID: CVE-2025-40928

Affected Software: before Multiple Products (utilizing the JSON::XS component)

Affected Versions: All versions of JSON::XS prior to 4.0

Vulnerability: The vulnerability exists in the way the JSON::XS library parses JSON objects. An unauthenticated, remote attacker can craft a JSON payload containing a large number of keys that result in hash collisions. When the vulnerable library attempts to parse this malicious payload, its performance degrades significantly, causing excessive CPU consumption and leading to an algorithmic complexity attack that results in a complete denial-of-service (DoS) for the affected application or service.

Business Impact

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw can lead to significant business disruption by making critical applications and services unavailable to users, partners, and customers. The potential consequences include financial losses due to downtime, damage to brand reputation, and failure to meet Service Level Agreements (SLAs). Any internet-facing system that accepts and processes JSON input using the vulnerable library is at a high and direct risk of attack.

Remediation Plan

Immediate Action: Upgrade the affected JSON::XS component to version 4.0 or later by applying the security updates provided by the vendor. After patching, it is critical to monitor application performance and review access logs for any signs of failed or successful exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Security and operations teams should monitor for indicators of compromise, including sudden and sustained spikes in CPU utilization on application servers, alerts from Application Performance Monitoring (APM) tools indicating abnormally slow transaction times, and unusually large or complex JSON payloads in web server access logs (e.g., in HTTP POST requests).

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with rules to inspect and block malformed or excessively complex JSON payloads.
• Enforce strict size limits on incoming JSON request bodies at the web server or load balancer level.
• Implement rate-limiting on API endpoints that consume JSON to slow down potential brute-force or DoS attempts.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of September 8, 2025, there are no known public proof-of-concept exploits or active attacks leveraging this vulnerability. However, denial-of-service vulnerabilities in common libraries are attractive targets for threat actors. It is highly likely that exploits will be developed by reverse-engineering the vendor's patch.

Analyst Recommendation

Given the high severity (CVSS 7.5) and the potential for significant operational disruption, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. All systems utilizing the affected component, especially public-facing applications, should be updated on an expedited basis. While this vulnerability is not currently listed on the CISA KEV list, its potential impact warrants immediate attention. If patching is delayed, the compensating controls listed above should be implemented as an urgent temporary measure.

Executive Summary:
A critical remote code execution vulnerability, rated 9.8 out of 10, has been identified in multiple Siemens SIMATIC CP industrial communication processors. An unauthenticated remote attacker could exploit this flaw to gain complete control of affected devices, potentially leading to the disruption of critical industrial processes, operational downtime, and a loss of system integrity. Immediate patching is required to mitigate the significant risk to operational technology (OT) environments.

Vulnerability Details

CVE-ID: CVE-2025-40771

Affected Software: Siemens SIMATIC CP Multiple Products

Affected Versions:

• SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): All versions < V2.4.24
• SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0): All versions < V2.4.24
• SIMATIC CP 1543SP-1 (6G...): See vendor advisory for a complete list of affected products and versions.

Vulnerability:
The vulnerability is a pre-authentication remote code execution (RCE) flaw within the device's network communication service. A remote attacker with network access to the device can send a specially crafted packet to a listening port. This packet can trigger a buffer overflow condition, allowing the attacker to overwrite memory and execute arbitrary code on the device with the highest system privileges, without requiring any prior authentication or user interaction.

Business Impact

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation could grant an attacker complete control over the SIMATIC communication processors, which are essential for connecting industrial controllers (PLCs) to the network. The potential consequences include manipulation of industrial control processes, denial of service leading to operational shutdown, theft of sensitive operational data, and potential physical damage to machinery or safety risks to personnel. The impact on business operations could be severe, resulting in significant financial losses from production downtime and remediation costs.

Remediation Plan

Immediate Action:
Update all affected Siemens SIMATIC CP devices to firmware version 2.4.24 or a later version as specified by the vendor. After patching, monitor for any signs of post-compromise activity and review access logs for any unauthorized connection attempts that may have occurred prior to the update.

Proactive Monitoring:
Implement enhanced network monitoring for traffic directed at the affected SIMATIC CP devices. Specifically, monitor for unusual or malformed packets on the ports used for device management and PROFINET communication. System administrators should establish a baseline of normal device behavior and alert on any deviations, such as unexpected reboots, configuration changes, or anomalous traffic patterns.

Compensating Controls:
If immediate patching is not possible due to operational constraints, implement the following compensating controls:

• Ensure the affected devices are not exposed to the internet and are located within a properly segmented OT network zone.
• Use a firewall to restrict network access to the devices, allowing connections only from trusted management stations and authorized industrial equipment.
• Deploy an Intrusion Detection/Prevention System (IDS/IPS) with rules capable of detecting and blocking traffic patterns associated with exploiting this type of vulnerability.

Exploitation Status

Public Exploit Available: false

Analyst Notes:
As of the publication date, Oct 14, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity and the high value of industrial control systems as targets, it is highly probable that threat actors will rapidly develop and deploy exploits.

Analyst Recommendation

This vulnerability must be treated as a critical priority. The CVSS score of 9.8 indicates a high likelihood of successful exploitation with a severe impact on operational integrity and safety. We strongly recommend that organizations identify all affected assets and apply the vendor-supplied firmware updates immediately. While this CVE is not currently on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion and a target for sophisticated threat actors. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to reduce the attack surface.

Executive Summary:
A critical vulnerability has been identified in TeleControl Server Basic, a software platform used for monitoring and control in industrial environments. This flaw, rated with a CVSS score of 9.8, could allow a remote, unauthenticated attacker to disclose sensitive information, potentially leading to a full system compromise. Successful exploitation poses a severe risk to operational technology (OT) environments, potentially causing service disruption, data theft, and loss of control over critical processes.

Vulnerability Details

CVE-ID: CVE-2025-40765

Affected Software: TeleControl Server Basic

Affected Versions: V3.1 (All versions >= V3.1.2.2 and < V3.1.2.3)

Vulnerability: The affected versions of TeleControl Server Basic contain a critical information disclosure vulnerability. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted request to the server. While described as an information disclosure, the severity score of 9.8 suggests the leaked information is highly sensitive, such as hardcoded administrative credentials, private keys, or session tokens, which would grant the attacker administrative-level access to the server, effectively leading to a complete system compromise.

Business Impact

The exploitation of this vulnerability would have a critical business impact. With a CVSS score of 9.8, this flaw represents a worst-case scenario for an internet-exposed industrial control system component. A successful attack could lead to unauthorized access and control over monitored assets, theft of sensitive operational data, and disruption of essential services. For organizations relying on this software, this translates to significant risks including production downtime, physical safety hazards, regulatory fines, and severe reputational damage.

Remediation Plan

Immediate Action: Immediately update all instances of TeleControl Server Basic to version V3.1.2.3 or a later, patched version as recommended by the vendor. After applying the update, it is crucial to monitor for any signs of post-patch exploitation attempts and thoroughly review system and access logs for any anomalous activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring on network traffic to and from the TeleControl Server. Specifically, monitor for unusual outbound connections, large data transfers, or access attempts from untrusted IP addresses. Review application logs for error messages, repeated failed login attempts, or successful access events occurring outside of normal business hours.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Restrict network access to the TeleControl Server to only trusted IP addresses and authorized networks using firewalls.
• Place the affected server in a segmented network zone, isolated from the corporate IT network.
• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rules designed to detect and block exploit attempts against this vulnerability.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Oct 14, 2025, there are no known public proof-of-concept exploits, and this vulnerability is not reported to be actively exploited in the wild. However, the high CVSS score and the public disclosure of the vulnerability details mean that threat actors are likely to develop exploits in the near future. The discrepancy between the "information disclosure" classification and the 9.8 CVSS score strongly indicates that the disclosed information allows for a full system takeover.

Analyst Recommendation

Given the critical severity (CVSS 9.8) of this vulnerability, we strongly recommend that organizations treat this as an emergency and apply the vendor-supplied patch to all affected systems immediately. Although this CVE is not currently listed on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion and an attractive target for attackers. If patching is delayed for any reason, the compensating controls listed above must be implemented without delay to reduce the attack surface and mitigate risk.

Executive Summary:
A critical vulnerability has been identified in the SIMATIC RTLS Locating Manager, which could allow an authenticated attacker to compromise the system. The flaw stems from improper input validation within a backup script, potentially leading to remote code execution. Successful exploitation could result in a complete loss of control over the locating system, disrupting industrial operations and posing a significant security risk.

Vulnerability Details

CVE-ID: CVE-2025-40746

Affected Software: A vulnerability has been identified in SIMATIC RTLS Locating Manager Multiple Products

Affected Versions: All versions < V3.2

Vulnerability: The vulnerability exists because the backup script in the SIMATIC RTLS Locating Manager does not properly sanitize or validate user-supplied input. An authenticated remote attacker can craft malicious input containing arbitrary commands. When the backup process is initiated, these commands are executed on the underlying server with the privileges of the Locating Manager service, leading to remote code execution.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.1, reflecting the high potential for significant business disruption. Successful exploitation could allow an attacker to take complete control of the SIMATIC RTLS Locating Manager. This could lead to the manipulation or theft of real-time location data, disruption of critical industrial processes that rely on this data, and potential operational downtime. For an organization, this translates to risks of production loss, safety incidents in the operational environment, and a potential pivot point for attackers to move deeper into the industrial control network.

Remediation Plan

Immediate Action: Update all instances of SIMATIC RTLS Locating Manager to version 3.2 or a later version to patch the vulnerability. Following the update, it is crucial to monitor for any signs of post-exploitation activity and to review system and access logs for any unauthorized access or anomalous behavior preceding the patch.

Proactive Monitoring: Implement enhanced logging and monitoring focused on the affected systems. Specifically, look for unusual command-line arguments or file paths in logs related to the backup script's execution. Monitor for unexpected network connections originating from the Locating Manager server and alert on any modifications to critical system files or the creation of unauthorized user accounts.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Restrict network access to the management interface of the SIMATIC RTLS Locating Manager to a limited set of trusted administrative workstations.
• Apply stricter access control policies, ensuring that only highly trusted users have the permissions required to initiate the backup function.
• Deploy an Intrusion Detection/Prevention System (IDS/IPS) with rules to detect and block command injection attempts against the application.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of the published date of Aug 12, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in Industrial Control Systems (ICS) like Siemens SIMATIC products are highly attractive to sophisticated threat actors. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

Analyst Recommendation

Given the critical CVSS score of 9.1 and the potential for severe operational impact within an industrial environment, this vulnerability presents a significant risk. We strongly recommend that the organization prioritize the immediate patching of all affected SIMATIC RTLS Locating Manager instances to version 3.2 or newer. If patching must be delayed, the compensating controls listed above should be implemented without delay to reduce the attack surface and mitigate the immediate risk of exploitation.

Executive Summary:
A critical SQL injection vulnerability, identified as CVE-2025-40692, has been discovered in the Online Fire Reporting System by PHPGurukul. This flaw allows an unauthenticated attacker to gain complete control over the application's database, enabling them to steal, modify, or delete sensitive fire incident data. Due to the high severity (CVSS 9.8) and potential for full system compromise, immediate remediation is strongly advised.

Vulnerability Details

CVE-ID: CVE-2025-40692

Affected Software: Online Fire Reporting System by PHPGurukul

Affected Versions: Version 1.2 is explicitly mentioned; other versions may also be affected. See vendor advisory for specific affected versions.

Vulnerability: The vulnerability is a classic SQL injection that exists in the requestid parameter of an application endpoint. An attacker can inject malicious SQL commands into this parameter when making a request to the server. Because the application fails to properly sanitize this user-supplied input, the malicious commands are executed directly by the backend database, allowing the attacker to bypass authentication and perform arbitrary database operations, including reading, creating, updating, and deleting any data in the database.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a devastating impact on the organization. An attacker could exfiltrate sensitive information contained within the fire reporting system, such as personal details, incident locations, and response team information. Furthermore, the ability to modify or delete records compromises data integrity, which could disrupt emergency response operations, invalidate historical data for analysis, and lead to significant legal and reputational damage.

Remediation Plan

Immediate Action: The primary remediation is to apply the security patches provided by the vendor immediately. Upgrade the Online Fire Reporting System to the latest secure version to eliminate the vulnerability. After patching, review system and database access logs for any signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring of web server and application logs. Specifically, look for suspicious requests to the vulnerable endpoint containing SQL keywords (e.g., UNION, SELECT, --, OR 1=1) within the requestid parameter. Monitor for unusual database activity, such as unexpected queries from the web application's user account or large, anomalous data transfers.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attacks. Additionally, ensure the database user account leveraged by the application operates under the principle of least privilege, restricting its permissions to only what is absolutely necessary for application function, thereby limiting the potential damage of a successful exploit.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of the publication date, Sep 11, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, SQL injection vulnerabilities are trivial to exploit once discovered, and it is likely that threat actors will develop exploits for this flaw.

Analyst Recommendation

Given the critical CVSS score of 9.8 and the ease of exploitation, this vulnerability poses a significant and immediate risk to the organization. We strongly recommend that the remediation plan be executed as a top priority. Although there is no current evidence of active exploitation, the high severity makes this an attractive target for attackers. Organizations must patch all affected systems without delay to prevent potential data breaches and operational disruption.

Executive Summary:
A critical SQL Injection vulnerability, identified as CVE-2025-40691, exists in the PHPGurukul Online Fire Reporting System. This flaw allows an unauthenticated attacker to execute arbitrary commands on the application's database, potentially leading to a complete compromise of all stored data, including theft, modification, and deletion. Due to its ease of exploitation and severe impact, this vulnerability poses a significant and immediate risk to the confidentiality, integrity, and availability of the system.

Vulnerability Details

CVE-ID: CVE-2025-40691

Affected Software: PHPGurukul Online Fire Reporting System

Affected Versions: Version 1.2. See vendor advisory for other potentially affected versions.

Vulnerability: The application is vulnerable to SQL Injection due to improper sanitization of user-supplied input in the 'todate' parameter. An unauthenticated remote attacker can send a specially crafted HTTP request to the '/ofrs/...' endpoint, embedding malicious SQL queries within this parameter. The backend database executes these injected queries, allowing the attacker to bypass security controls and perform arbitrary database operations, such as reading sensitive data, modifying or deleting records, and potentially escalating privileges or achieving remote code execution depending on the database configuration.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a catastrophic data breach, compromising sensitive information related to fire incidents, locations, and personnel. An attacker could exfiltrate all data, manipulate official records to disrupt operations, or delete the entire database, rendering the system inoperable. The business risks include severe reputational damage, loss of public trust, potential regulatory fines for data exposure, and significant costs associated with incident response and system recovery.

Remediation Plan

Immediate Action: Immediately update all instances of the PHPGurukul Online Fire Reporting System to the latest version provided by the vendor to patch this vulnerability. Following the update, conduct a thorough review of access and database logs for any signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring of web application and database server logs. Specifically, look for suspicious requests to the vulnerable endpoint that contain SQL keywords (e.g., UNION, SELECT, --, ' OR '1'='1') within the 'todate' parameter. Configure alerts for a high volume of database errors or unusual query patterns, which could indicate exploitation attempts.

Compensating Controls: If patching cannot be performed immediately, deploy a Web Application Firewall (WAF) and configure it with strict rules to detect and block SQL injection attack patterns. Additionally, enforce the principle of least privilege by ensuring the application's database user has the minimum permissions necessary for its operation, which can limit the impact of a successful exploit.

Exploitation Status

Public Exploit Available: Not known to be publicly available at the time of this report.

Analyst Notes: As of September 11, 2025, there are no confirmed public reports of this vulnerability being actively exploited. However, SQL injection vulnerabilities are trivial to exploit once discovered, and proof-of-concept code is likely to be developed and shared quickly by security researchers and threat actors. Organizations should assume the risk of exploitation is high and imminent.

Analyst Recommendation

This vulnerability presents a critical and urgent threat to the organization. Given the CVSS score of 9.8 and the potential for complete database compromise by an unauthenticated attacker, immediate remediation is mandatory. All system owners must prioritize the identification and patching of all affected systems without delay. Although not currently on the CISA KEV list, the severity warrants treating this as an actively exploited threat and adhering to an emergency patching timeline.

Executive Summary:
A critical SQL Injection vulnerability, identified as CVE-2025-40690, has been discovered in the Online Fire Reporting System by PHPGurukul. This flaw allows an unauthenticated attacker to gain complete control over the application's database, enabling them to steal, modify, or delete sensitive fire reporting data. Due to its critical severity and potential for full data compromise, immediate remediation is strongly advised.

Vulnerability Details

CVE-ID: CVE-2025-40690

Affected Software: Online Fire Reporting System by PHPGurukul

Affected Versions: Version 1.2 is confirmed to be vulnerable. See vendor advisory for a complete list of affected versions.

Vulnerability: The application is vulnerable to SQL Injection due to improper sanitization of user-supplied input in the teamid parameter. An attacker can send a specially crafted request to the /ofrs/ad... endpoint, injecting malicious SQL queries into the parameter. Successful exploitation allows the attacker to execute arbitrary commands on the backend database, bypassing authentication and authorization controls to perform actions such as reading sensitive information, modifying data, deleting records, or potentially escalating privileges to take control of the underlying server.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk of exploitation with severe consequences. A successful attack could lead to a complete compromise of the fire reporting system's database. The potential business impact includes a major data breach of sensitive incident reports, personal information, and responder details; manipulation or deletion of critical records, undermining data integrity and operational trust; and significant reputational damage. The loss of data integrity could have severe real-world consequences for emergency response and reporting.

Remediation Plan

Immediate Action: Immediately apply the vendor-supplied patch to update the Online Fire Reporting System to the latest secure version. Before deploying to production, test the update in a staging environment to ensure it does not disrupt critical operations.

Proactive Monitoring: System administrators should actively monitor web server and database logs for any signs of exploitation. Look for suspicious requests to the vulnerable endpoint containing SQL syntax (e.g., UNION, SELECT, ' OR '1'='1') within the teamid parameter. Monitor for unusual database queries, unexpected data changes, or connections from unknown IP addresses.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attacks. Enforce parameterized queries or stringent input validation at the application layer as an interim measure. Restrict access to the affected endpoint to trusted IP addresses only.

Exploitation Status

Public Exploit Available: true

Analyst Notes: As of Sep 11, 2025, this vulnerability is publicly disclosed. Given the simplicity of exploiting common SQL injection flaws, threat actors are likely to develop and utilize exploits rapidly. Although the vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical severity makes it a prime target for opportunistic and targeted attacks. Organizations should assume active exploitation is imminent.

Analyst Recommendation

Due to the critical 9.8 CVSS score and the high probability of exploitation, we strongly recommend that organizations using the affected software prioritize the immediate application of the vendor's patch. The risk of a complete database compromise presents an unacceptable threat to data confidentiality, integrity, and availability. If patching cannot be performed immediately, compensating controls such as a WAF must be implemented as a matter of urgency to mitigate the risk.