Aug 26, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Citrix NetScaler added to CISA KEV — confirmed in-the-wild exploitation.
51mis Lingdang Crm: public exploit or PoC linked (SQL Injection)
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-7775 Citrix NetScaler Memory Overflow

Actively exploited (CISA KEV)
CVSS 9.2
Listed on CISA KEV
Remote code execution exposure

Citrix NetScaler RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass

Public exploit or PoC available
Exploit activity linked
Authentication bypass — unauthenticated access risk

Ivanti Endpoint Manager Mobile (EPMM) Auth Bypass now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-0074 Google Android RCE

CVSS 9.8
Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-7775 KEV CVSS 9.2

Citrix NetScaler Memory Overflow

View KEV additions

Exploit & PoC activity

CVE-2025-9140 Exploit

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7.

CVE-2025-7441 Exploit

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42.

CVE-2025-6082 Exploit

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.

CVE-2025-4427 Exploit

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass

CVE-2025-26263 Exploit

GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosur...

CVE-2025-26264 Exploit

GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Not...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-39335 CVSS 9.1

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institutio...

CVE-2025-0074 CVSS 9.8

In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free.

CVE-2025-0075 CVSS 9.8

In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free.

CVE-2025-22403 CVSS 9.8

In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free.

CVE-2025-22408 CVSS 9.8

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free.

CVE-2025-35115 CVSS 9.2

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection.

CVE-2025-52353 CVSS 9.8

An arbitrary code execution vulnerability in Badaso CMS 2.9.11.

CVE-2025-55443 CVSS 9.1

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are...

CVE-2025-55526 CVSS 9.1

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py

View critical disclosures

cvelogic Threat Intelligence