Feb 11, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-40890 Zyxel DSL CPE OS Command Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Zyxel DSL CPE Devices Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-22467 Ivanti Connect Secure RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Ivanti Connect Secure RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-3180 Wpgateway Privilege Escalation

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Wpgateway Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-3180 CVSS 9.8

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5.

CVE-2024-10644 CVSS 9.1

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenti...

CVE-2024-47908 CVSS 9.1

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privil...

CVE-2025-1044 CVSS 9.8

Logsign Unified SecOps Platform Authentication Bypass Vulnerability.

CVE-2025-1126 CVSS 9.3

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

CVE-2025-22467 CVSS 9.9

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote c...

CVE-2025-24434 CVSS 9.1

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vuln...

CVE-2025-24973 CVSS 9.3

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey.

CVE-2025-25530 CVSS 9.8

Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to sa...

View critical disclosures

cvelogic Threat Intelligence