Top Reported Known Exploitable Issues:
Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:
CVE-2025-47981 | SPNEGO Extended Negotiation
Tracked as CVE-2025-47981, it carries a CVSS score of 9.8 out of 10.0. “Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network,” Microsoft said in an advisory. “An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.” An anonymous researcher and Yuki Chen have been credited with discovering and repairing the flaw. Microsoft noted that the issue only impacts Windows client machines running Windows 10, version 1607 and above due to the “Network security: Allow PKU2U authentication requests to this computer to use online identities” Group Policy Object (GPO) being enabled by default.
CVE-2025-49719 | Microsoft SQL
The vulnerability that’s listed as publicly known is an information disclosure flaw in Microsoft SQL Server (CVE-2025-49719, CVSS score: 7.5) that could permit an unauthorized attacker to leak uninitialized memory. “An attacker might well learn nothing of any value, but with luck, persistence, or some very crafty massaging of the exploit, the prize could be cryptographic key material or other crown jewels from the SQL Server.
CVE-2025-6514 | mcp-remote
The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. “The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users – a full system compromise.
CVE-2025-47812 | Wing FTP
Wing FTP released an update on 14 May 2025 to address a critical vulnerability in Wing FTP Server. Security researchers report CVE-2025-47812 is under active exploitation. CVE-2025-47812 – Wing FTP Server Remote Code Execution Vulnerability – CVSSv3 score: 10.0
CVE-2025-32463 | Sudo command-line utility for Linux
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below – CVE-2025-32462 (CVSS score: 2.8) – Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 (CVSS score: 9.3) – Sudo before 1.9.17p1 allows local users to obtain root access because “/etc/nsswitch.conf” from a user-controlled directory is used with the –chroot option Sudo is a command-line tool that allows low-privileged users to run commands as another user, such as the superuser. By executing instructions with sudo, the idea is to enforce the principle of least privilege, permitting users to carry out administrative actions without the need for elevated permissions.
CVE-2019-9621 | Zimbra
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
CVE-2019-5418 | Ruby On Rails
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system’s filesystem to be exposed.
CVE-2025-49735 | Windows KDC Proxy Service
What makes CVE-2025-49735 significant is the network exposure combined with no required privileges or user interaction. Despite its high attack complexity, the vulnerability opens the door to pre-auth remote compromise, particularly attractive to APTs and nation-state actors. “The attacker must win a race condition – a timing flaw where memory is freed and reallocated in a specific window – meaning reliability is low for now. Still, such issues can be weaponized with techniques like heap grooming, making eventual exploitation feasible.”
CVE-2014-3931 | Multi-Router Looking Glass
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
CVE-2016-10033 | PHP-Mailer
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” (backslash double quote) in a crafted Sender property.
CVE-2025-25257 | Fortinet
CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests,”
CVE-2025-6543 | Citrix
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The shortcoming impacts the below versions – NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46 NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19 NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life) NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP
CVE-2025-48927 | TeleMessage
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVE-2024-54085 | Redfish Authentication Bypass
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2025-20281 | Cisco
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is below – CVE-2025-20281 – An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root CVE-2025-20282 – An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root.
CVE-2025-6554 | Chrome
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page,” according to a description of the bug on the NIST’s National Vulnerability Database (NVD).
