Mar 11, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 6 CVEs added to CISA KEV today.
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Microsoft Windows Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical AMI MegaRAC SPx Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write

  • CVSS 10

New critical Apple Multiple Products Out-of-Bounds Write (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows Fast FAT File System Driver Integer Overflow

Microsoft Windows NTFS Heap-Based Buffer Overflow

Microsoft Windows Management Console (MMC) Improper Neutralization

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-54085 CVSS 10

AMI MegaRAC SPx Authentication Bypass by Spoofing

CVE-2024-56336 CVSS 9.5

A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the...

CVE-2025-1661 CVSS 9.8

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to...

CVE-2025-24201 CVSS 10

Apple Multiple Products WebKit Out-of-Bounds Write

CVE-2025-26701 CVSS 10

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova.

CVE-2025-27493 CVSS 9.3

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions...

CVE-2025-27494 CVSS 9.4

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions...

CVE-2025-28915 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to...

View critical disclosures

cvelogic Threat Intelligence