Apr 24, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-31324 SAP NetWeaver Unrestricted File Upload

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical SAP NetWeaver privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-46264 Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting po...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2025-26382 Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overfl...

  • CVSS 9.3

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-26382 CVSS 9.3

Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue

CVE-2025-43858 CVSS 9.2

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp.

CVE-2025-46264 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting powerpress allows Upload a Web Shell to a...

CVE-2025-46271 CVSS 9.3

UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.

CVE-2025-46272 CVSS 9.3

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS co...

CVE-2025-46273 CVSS 9.3

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS ma...

CVE-2025-46274 CVSS 9.3

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the manag...

CVE-2025-46275 CVSS 9.3

WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing...

View critical disclosures

cvelogic Threat Intelligence