May 26, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-35003 Apache Nuttx RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Apache Nuttx RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-23394 A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11.

  • CVSS 9.3

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-23394 CVSS 9.8

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue...

CVE-2025-35003 CVSS 9.8

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered i...

CVE-2025-40664 CVSS 9.3

Missing authentication vulnerability in TCMAN GIM v11.

CVE-2025-40671 CVSS 9.3

SQL injection vulnerability in AES Multimedia's Gestnet v1.07.

View critical disclosures

cvelogic Threat Intelligence