Jul 17, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-25257 Fortinet FortiWeb SQL Injection

  • CVSS 9.8

New critical Fortinet FortiWeb SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-52046 Totolink A3300r Firmware Command Injection

  • CVSS 9.8

New critical Totolink A3300r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-50240 nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds paramet...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-23266 CVSS 9

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker cou...

CVE-2025-50240 CVSS 9.8

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.

CVE-2025-52046 CVSS 9.8

Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and...

CVE-2025-53867 CVSS 9.8

Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.

CVE-2025-53964 CVSS 9.6

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary...

CVE-2025-54060 CVSS 9.4

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

CVE-2025-54061 CVSS 9.4

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

CVE-2025-54062 CVSS 9.4

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

View critical disclosures

cvelogic Threat Intelligence