Apr 4, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Ivanti Connect Secure, Policy Secure, And ZTA Gateways added to CISA KEV — confirmed in-the-wild exploitation.
Microchip Timeprovider 4100 Firmware: public exploit or PoC linked (XSS)
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-22457 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow

Actively exploited (CISA KEV)
Listed on CISA KEV
Remote code execution exposure

Ivanti Connect Secure, Policy Secure, And ZTA Gateways RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-43687 Microchip Timeprovider 4100 Firmware XSS

Public exploit or PoC available
Exploit activity linked

Microchip Timeprovider 4100 Firmware XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-27520 Bentoml RCE

CVSS 9.8
Remote code execution exposure

New critical Bentoml RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-22457 KEV

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow

View KEV additions

Exploit & PoC activity

CVE-2024-42640 Exploit

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php.

CVE-2024-43687 Exploit

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100...

CVE-2024-9054 Exploit

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unaut...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-11235 CVSS 9.2

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can le...

CVE-2024-13645 CVSS 9.8

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module p...

CVE-2024-51800 CVSS 9.8

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2...

CVE-2025-2244 CVSS 9.5

New critical Bitdefender Gravityzone exposure disclosed.

CVE-2025-27520 CVSS 9.8

BentoML is a Python library for building online serving systems optimized for AI apps and model inference.

CVE-2025-2798 CVSS 9.8

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21.

CVE-2025-28146 CVSS 9.8

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_ur...

CVE-2025-31403 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Noti...

CVE-2025-31480 CVSS 9.1

aiven-extras is a PostgreSQL extension.

CVE-2025-32118 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance...

View critical disclosures

cvelogic Threat Intelligence