CVE-2025-10035 | GoAnywhere

Forta has released a security update to address a critical vulnerability in the GoAnywhere Admin Console. CVE-2025-10035 – Deserialisation of Untrusted Data vulnerability – CVSSv3: 10.0

CVE-2025-20333 | Cisco

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

CVE-2025-61882 | Oracle

Oracle just issued a Security Alert for CVE-2025-61882, a remote code execution vulnerability (CVSS 9.8 – Critical) affecting Oracle E-Business Suite versions 12.2.3 through 12.2.14. Published October 4, 2025, it allows unauthenticated attackers to execute code remotely over HTTP without user interaction. In plain terms: if your EBS environment is reachable on the network, and especially if it’s internet facing, it’s at risk for full compromise. Oracle has released indicators of compromise (IOCs).

CVE-2025-61884 | Oracle

The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14. “Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator,” according to a description of the flaw in the NIST’s National Vulnerability Database (NVD). “Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data.” In a standalone alert, Oracle said the flaw is remotely exploitable without requiring any authentication, making it crucial that users apply the update as soon as possible. The company, however, makes no mention of it being exploited in the wild.

CVE-2025-24990 | Microsoft Agere Modem Driver 

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

CVE-2025-49844 | Redis

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution,” according to a GitHub advisory for the issue. “The problem exists in all versions of Redis with Lua scripting.”

CVE-2025-10725 | RedHat OpenShift AI 

The vulnerability, tracked as CVE-2025-10725, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been classified by Red Hat as “Important” and not “Critical” in severity owing to the need for a remote attacker to be authenticated in order to compromise the environment. “A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator,” Red Hat said in an advisory earlier this week.

CVE-2025-5947 | WordPress Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme.

CVE-2025-59230 | Microsoft Windows Remote Access Connection Manager 

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2023-40151 | Red Lion Sixnet

Two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system. “The vulnerabilities affect Red Lion SixTRAK and VersaTRAK RTUs, and allow an unauthenticated attacker to execute commands with root privileges.

CVE-2025-10585 | Chrome

The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be weaponized by bad actors to trigger unexpected software behavior, resulting in the execution of arbitrary code and program crashes. Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025. As is typically the case, the company did not share any additional specifics about how the vulnerability is being abused in real-world attacks, by whom, or the scale of such efforts. This is done to prevent other threat actors from exploiting the issue before users can apply a fix.

CVE-2025-27915 | Zimbra

Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files, resulting in arbitrary code execution. “When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag,” according to a description of the flaw in the NIST National Vulnerability Database (NVD).

CVE-2025-47827 | IGEL OS

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

CVE-2016-7836 | SKYSEA

SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

CVE-2025-26399 | SolarWinds 

The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects SolarWinds Web Help Desk 12.8.7 and all previous versions. “SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.

CVE-2025-20362 | Cisco

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

CVE-2025-6264 | Velociraptor 

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client’s configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the “Investigator” role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the “Investigator’ role).

CVE-2025-48983 | Veeam

Veeam has released a security bulletin to address three vulnerabilities in Backup & Replication and Veeam Agent for Microsoft Windows. CVE-2025-48983 – Authenticated Remote Code Execution vulnerability in Veeam Backup & Replication – CVSSv3: 9.9 CVE-2025-48984 – Authenticated Remote Code Execution vulnerability in Veeam Backup & Replication – CVSSv3: 9.9 CVE-2025-48982 – Local Privilege Escalation vulnerability in Veeam Agent for Microsoft Windows – CVSSv3: 7.3