May 25, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Win32k: public exploit or PoC linked (Privilege Escalation)

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-29336 Microsoft Win32K Privilege Escalation

  • Public exploit or PoC available
  • Exploit activity linked
  • Potential privilege escalation to admin/root

Microsoft Win32k Privilege Escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-2070 Grandstream Gds3710 Firmware

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2025-2146 Canon I-sensys Lbp233dw Firmware Buffer Overflow

  • CVSS 9.8

New critical Canon I-sensys Lbp233dw Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-13946 Exploit

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device co...

CVE-2025-46822 Exploit

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects.

CVE-2025-2594 Exploit

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Ad...

CVE-2022-2070 Exploit

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-2146 CVSS 9.8

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an a...

View critical disclosures

cvelogic Threat Intelligence