May 25, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Microsoft Win32k: public exploit or PoC linked (Privilege Escalation)
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2023-29336
Microsoft Win32K Privilege Escalation
- Public exploit or PoC available
- Exploit activity linked
- Potential privilege escalation to admin/root
Microsoft Win32k Privilege Escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2022-2070
Grandstream Gds3710 Firmware
- Public exploit or PoC available
- Exploit activity linked
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
CVE-2025-2146
Canon I-sensys Lbp233dw Firmware Buffer Overflow
New critical Canon I-sensys Lbp233dw Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device co...
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects.
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Ad...
Microsoft Win32K Privilege Escalation
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an a...
View critical disclosures
cvelogic
Threat Intelligence