Mar 27, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium Mojo added to CISA KEV — confirmed in-the-wild exploitation.
  • X2engine X2crm: public exploit or PoC linked (XSS)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-2783 Google Chromium Mojo Sandbox Escape

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Active exploit activity

CVE-2024-48120 X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module.

  • Public exploit or PoC available
  • Exploit activity linked

X2engine X2crm XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-30364 WeGIA is a Web manager for charitable institutions.

  • CVSS 10

New critical Wegia SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2024-46528 Exploit

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4...

CVE-2024-48120 Exploit

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module.

CVE-2024-44871 Exploit

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-25686 CVSS 9.8

semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

CVE-2025-26873 CVSS 9

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.

CVE-2025-26898 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This i...

CVE-2025-26909 CVSS 9.6

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide...

CVE-2025-28138 CVSS 9.8

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg fu...

CVE-2025-29306 CVSS 9.8

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

CVE-2025-30361 CVSS 9.3

WeGIA is a Web manager for charitable institutions.

CVE-2025-30364 CVSS 10

WeGIA is a Web manager for charitable institutions.

CVE-2025-30365 CVSS 9.4

WeGIA is a Web manager for charitable institutions.

CVE-2025-30367 CVSS 10

WeGIA is a Web manager for charitable institutions.

View critical disclosures

cvelogic Threat Intelligence