Jun 9, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Erlang/OTP added to CISA KEV — confirmed in-the-wild exploitation.
  • Microsoft Windows 11 22h2: public exploit or PoC linked (privilege escalation)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-42009 RoundCube Webmail Cross-Site Scripting

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-0725 A vulnerability was found in ProSSHD 1.2 on Windows.

  • Public exploit or PoC available
  • Exploit activity linked

Prosshd DoS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-48123

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function

View KEV additions

Exploit & PoC activity

CVE-2025-24076 Exploit

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CVE-2024-55661 Exploit

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications.

CVE-2024-42049 Exploit

TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.

CVE-2024-0725 Exploit

A vulnerability was found in ProSSHD 1.2 on Windows.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-30184 CVSS 9.3

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

CVE-2025-30515 CVSS 9.3

CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.

CVE-2025-42989 CVSS 9.6

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVE-2025-48123 CVSS 10

Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce a...

CVE-2025-48129 CVSS 9.8

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light ex...

CVE-2025-48140 CVSS 9.9

Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injectio...

CVE-2025-48141 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency...

CVE-2025-48281 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Prod...

listmonk is a standalone, self-hosted, newsletter and mailing list manager.

CVE-2025-49652 CVSS 9.8

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access p...

View critical disclosures

cvelogic Threat Intelligence