Aug 20, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write

  • CVSS 10

New critical Apple IOS, IPadOS, And MacOS Memory Corruption (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-8611 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability.

  • CVSS 9.8
  • Remote code execution exposure

New critical Aomeitech Cyber Backup RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-24285 Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a C...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-57154 CVSS 9.8

Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/au...

CVE-2024-57155 CVSS 9.8

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token.

CVE-2025-24285 CVSS 9.8

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor wi...

CVE-2025-27214 CVSS 9.8

A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physica...

CVE-2025-27217 CVSS 9.1

A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outsid...

CVE-2025-43300 CVSS 10

Apple iOS, iPadOS, and macOS Out-of-Bounds Write

CVE-2025-55746 CVSS 9.3

Directus is a real-time API and App dashboard for managing SQL database content.

CVE-2025-8611 CVSS 9.8

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability.

CVE-2025-9287 CVSS 9.1

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

CVE-2025-9288 CVSS 9.1

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

View critical disclosures

cvelogic Threat Intelligence