Jun 23, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-34035 Engeniustech Epg5000 Firmware Command Injection

  • CVSS 10

New critical Engeniustech Epg5000 Firmware Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-34036 Tvt Td-2004ts-cl-c Firmware Command Injection

  • CVSS 10

New critical Tvt Td-2004ts-cl-c Firmware Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-34037 Linksys E1000 Command Injection

  • CVSS 10

New critical Linksys E1000 Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-34034 CVSS 9.3

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems.

CVE-2025-34035 CVSS 10

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.

CVE-2025-34036 CVSS 10

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web...

CVE-2025-34037 CVSS 10

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi end...

CVE-2025-34039 CVSS 10

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet...

CVE-2025-34040 CVSS 10

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface.

CVE-2025-34041 CVSS 10

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform...

CVE-2025-48469 CVSS 9.6

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, pot...

CVE-2025-6559 CVSS 9.3

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inje...

CVE-2025-6560 CVSS 9.3

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote atta...

View critical disclosures

cvelogic Threat Intelligence