Aug 13, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • N-able N-Central: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-8875 N-able N-Central Insecure Deserialization

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

N-able N-Central Deserialization is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2011-10018 myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2011-10019 Spreecommerce Spree

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2011-10016 CVSS 9.3

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive.

CVE-2011-10017 CVSS 10

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts.

CVE-2011-10018 CVSS 10

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code.

CVE-2011-10019 CVSS 10

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality.

CVE-2012-10054 CVSS 9.3

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, wh...

CVE-2012-10055 CVSS 9.3

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command.

CVE-2012-10058 CVSS 10

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP req...

CVE-2012-10059 CVSS 9.4

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup fe...

CVE-2012-10060 CVSS 9.3

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service.

CVE-2025-34154 CVSS 9.2

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface.

View critical disclosures

cvelogic Threat Intelligence