May 2, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Commvault Command Center added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-34028 Commvault Command Center Path Traversal

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Commvault Command Center RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-2605 Honeywell Mb-secure Firmware Command Injection

  • CVSS 9.9

New critical Honeywell Mb-secure Firmware Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-2812 Mydata Ticket Sales Automation SQL Injection

  • CVSS 9.8

New critical Mydata Ticket Sales Automation SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Yiiframework Yii Improper Protection of Alternate Path

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-2421 CVSS 9.8

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.

CVE-2025-2605 CVSS 9.9

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Pr...

CVE-2025-2812 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Aut...

CVE-2025-3709 CVSS 9.8

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this...

CVE-2025-3918 CVSS 9.8

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() fu...

CVE-2025-3927 CVSS 9.8

Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP addr...

CVE-2025-44868 CVSS 9.8

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingI...

CVE-2025-44872 CVSS 9.8

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName p...

CVE-2025-44877 CVSS 9.8

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname para...

CVE-2025-45800 CVSS 9.8

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_module...

View critical disclosures

cvelogic Threat Intelligence