May 5, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Langflow added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-3248 Langflow Missing Authentication

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2025-1909 Buddyboss Platform Auth Bypass

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Buddyboss Platform Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-44071 Seacms RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Seacms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-1909 CVSS 9.8

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01.

CVE-2025-4318 CVSS 9.5

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation.

CVE-2025-44071 CVSS 9.8

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php.

CVE-2025-44072 CVSS 9.8

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

CVE-2025-44074 CVSS 9.8

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

CVE-2025-45607 CVSS 9.8

An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.

CVE-2025-45611 CVSS 9.8

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET req...

CVE-2025-45612 CVSS 9.8

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

CVE-2025-45615 CVSS 9.8

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted re...

CVE-2025-45616 CVSS 9.8

Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.

View critical disclosures

cvelogic Threat Intelligence