Key Findings:
Top Reported Known Exploitable Issues:
CVE-2025-9491 | Microsoft Windows LNK
Microsoft has silently “mitigated” a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files. Threat actors distribute these files in ZIP or other archives because email platforms commonly block .lnk attachments due to their risky nature.
CVE-2025-55182 & CVE-2025-67779 | React
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the React Team said in an alert issued today. “Even if your app does not implement any React Server Function endpoints, it may still be vulnerable if your app supports React Server Components.” The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages – react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
CVE-2025-14174 | Chrome
Google has released security updates for Chrome to address a high severity vulnerability tracked as CVE-2025-14174. The updates also address two medium severity vulnerabilities in Google Chrome CVE-2025-14174 – Out of bounds memory access – CVSSv3 score: 8.8 CVE-2025-14372 – Use-after-free in Password Manager – CVSSv3 score: 6.1 CVE-2025-14373 – Inappropriate implementation in Toolbar – CVSSv3 score: 4.3 Google is aware that an exploit for CVE-2025-14174 exists in the wild.
CVE-2025-6218 | WinRAR file archiver
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation to succeed, it requires a prospective target to visit a malicious page or open a malicious file. “RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user,” CISA said in an alert.
CVE-2025-11001 | 7-ZIP
The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. “The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories.
CVE-2025-62221 | Windows Cloud Files Mini Filter
The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions. “File system filter drivers, aka minifilters, attach to the system software stack, and intercept requests targeted at a file system, and extend or replace the functionality provided by the original target.
CVE-2025-61757 | Oracle Fusion
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager.
CVE-2025-58034 | FortiWeb
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. “An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands”
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
