Jul 10, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Citrix NetScaler ADC And Gateway added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Citrix NetScaler ADC And Gateway Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character

  • CVSS 10
  • Remote code execution exposure

New critical Wing FTP Server RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2025-2523 The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the...

  • CVSS 9.4
  • Remote code execution exposure

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-5777 KEV

Citrix NetScaler ADC and Gateway Out-of-Bounds Read

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-23048 CVSS 9.1

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible us...

CVE-2025-2523 CVSS 9.4

The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA).

CVE-2025-34095 CVSS 9.3

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by...

CVE-2025-34096 CVSS 9.3

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2.

CVE-2025-34099 CVSS 9.3

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer...

CVE-2025-34100 CVSS 9.3

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use...

CVE-2025-34101 CVSS 9.3

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/actio...

CVE-2025-34102 CVSS 9.3

A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL inj...

CVE-2025-47812 CVSS 10

Wing FTP Server Improper Neutralization of Null Byte or NUL Character

CVE-2025-53371 CVSS 9.1

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel.

View critical disclosures

cvelogic Threat Intelligence