Aug 12, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Internet Explorer: 2 CVEs added to CISA KEV today.
  • Archive Zip Antivirus Engine — exploitation likelihood rose sharply (EPSS 14% → 40% · rising (+26%)).
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2007-0671 Microsoft Office Excel Remote Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Microsoft Office RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Emerging exploitation risk

CVE-2004-0934 Archive Zip Antivirus Engine

  • Exploitation likelihood sharply increased
  • EPSS 14% → 40% · rising (+26%)

Archive Zip Antivirus Engine: EPSS 14% → 40% · rising (+26%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2025-55169 Wegia Path Traversal

  • CVSS 10

New critical Wegia Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2013-3893 KEV

Microsoft Internet Explorer Resource Management Errors

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2004-0934 EPSS 14% → 40% · rising (+26%) CVSS 7.5

Archive Zip Antivirus Engine

CVE-2020-26566 EPSS 1.7% → 12% · rising (+10%) CVSS 7.5

Motion Project Motion DoS

See EPSS increases

New critical disclosures

CVE-2025-24325 CVSS 9.3

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authen...

CVE-2025-25256 CVSS 9.8

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIE...

CVE-2025-49457 CVSS 9.6

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via net...

CVE-2025-50165 CVSS 9.8

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVE-2025-50171 CVSS 9.1

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-53766 CVSS 9.8

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

CVE-2025-55010 CVSS 9.1

Kanboard is project management software that focuses on the Kanban methodology.

CVE-2025-55167 CVSS 9.4

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

CVE-2025-55168 CVSS 9.4

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

CVE-2025-55169 CVSS 10

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

View critical disclosures

cvelogic Threat Intelligence