Jun 15, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Microsoft Windows: public exploit or PoC linked (privilege escalation)
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2024-28000
Litespeedtech Litespeed Cache privilege escalation
- Public exploit or PoC available
- Exploit activity linked
- Shared hosting environments affected
Shared-hosting stack with public exploit linkage — one PoC often maps to many tenants on the same provider footprint.
Active exploit activity
CVE-2024-4577
PHP-CGI OS Command Injection
- Public exploit or PoC available
- Exploit activity linked
PHP Group PHP Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2025-33073
Microsoft Windows SMB Client Improper Access Control
- Public exploit or PoC available
- Exploit activity linked
- Potential privilege escalation to admin/root
Microsoft Windows privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Microsoft Windows SMB Client Improper Access Control
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page desc...
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigati...
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as belo...
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache...
PHP-CGI OS Command Injection
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
cvelogic
Threat Intelligence