Jun 2, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Craft CMS: 2 CVEs added to CISA KEV today.
- 6 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2021-32030
ASUS Routers Improper Authentication
- Actively exploited (CISA KEV)
- Listed on CISA KEV
- Authentication bypass — unauthenticated access risk
ASUS Routers Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-49113
RoundCube Webmail Deserialization of Untrusted Data
- CVSS 9.9
- Remote code execution exposure
New critical Roundcube Webmail RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
- CVSS 9.8
- Remote code execution exposure
New critical Llamaindex RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Craft CMS External Control of Assumed-Immutable Web Parameter
ConnectWise ScreenConnect Improper Authentication
ASUS RT-AX55 Routers OS Command Injection
ASUS Routers Improper Authentication
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19.
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400.
An authentication bypass vulnerability exists in HPE StoreOnce Software.
RoundCube Webmail Deserialization of Untrusted Data
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data
View critical disclosures
cvelogic
Threat Intelligence