May 6, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • FreeType added to CISA KEV — confirmed in-the-wild exploitation.
  • Frappe Erpnext: public exploit or PoC linked (Privilege Escalation)
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-27363 FreeType Out-of-Bounds Write

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

FreeType Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2025-28062 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3.

  • Public exploit or PoC available
  • Exploit activity linked
  • Potential privilege escalation to admin/root

Frappe Erpnext Privilege Escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-47419 Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Snif...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2025-28062 Exploit

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3.

CVE-2025-47226 Exploit

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-12225 CVSS 9.1

A vulnerability was found in Quarkus in the quarkus-security-webauthn module.

CVE-2025-0855 CVSS 9.8

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization o...

CVE-2025-25014 CVSS 9.1

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporti...

CVE-2025-3844 CVSS 9.8

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2.

CVE-2025-4041 CVSS 9.3

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the...

CVE-2025-44073 CVSS 9.8

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.

CVE-2025-44899 CVSS 9.8

There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ Wi...

CVE-2025-46572 CVSS 9.3

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol.

CVE-2025-47419 CVSS 10

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.

View critical disclosures

cvelogic Threat Intelligence