Key Findings:
Top Reported Known Exploitable Issues:
CVE-2025-13223 | Google Chrome
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. Google has not shared any details on who is behind the attacks, who may have been targeted, or the scale of such efforts. However, the tech giant acknowledged that an “exploit for CVE-2025-13223 exists in the wild.”
CVE-2025-64446 | Fortiweb
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-59287 | Microsoft WSUS RCE Vulnerability
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is a Microsoft product that enables IT administrators to manage and deliver Windows updates to computers within their network. Tracked as CVE-2025-59287 and patched during this month’s Patch Tuesday, this remote code execution (RCE) security flaw affects only Windows servers with the WSUS Server Role enabled, a feature that isn’t enabled by default.
CVE-2025-20337 | Cisco
CVE-2025-20337 (CVSS score: 10.0) – An unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow a remote attacker to execute arbitrary code on the underlying operating system as root. (Fixed by Cisco in July 2025)
CVE-2025-9242 | WatchGuard Firebox
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available.
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals.
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4.
CVE-2025-11371 | Gladinet
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
