Jul 2, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
  • Wing FTP Server: public exploit or PoC linked (RCE)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-6554 Google Chromium V8 Type Confusion

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Active exploit activity

CVE-2024-39930 Gogs RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Gogs RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-34070 Gfi Kerio Control privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Gfi Kerio Control privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2025-47812 Exploit

Wing FTP Server Improper Neutralization of Null Byte or NUL Character

CVE-2025-47166 Exploit

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2024-39930 Exploit

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-20309 CVSS 10

New critical Cisco Unified Communications Manager exposure disclosed.

CVE-2025-34067 CVSS 10

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management...

CVE-2025-34069 CVSS 9.5

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access cont...

CVE-2025-34070 CVSS 10

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to pe...

CVE-2025-34071 CVSS 9.4

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitr...

CVE-2025-34072 CVSS 9.3

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling.

CVE-2025-34073 CVSS 10

An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54.

CVE-2025-34074 CVSS 9.4

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled t...

CVE-2025-45813 CVSS 9.8

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.

CVE-2025-45814 CVSS 9.8

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows at...

View critical disclosures

cvelogic Threat Intelligence