Sep 4, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Android Runtime added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-48543 Android Runtime Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Android Runtime Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Microsoft Azure Networking privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-55241 Azure Entra ID Elevation of Privilege Vulnerability

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Microsoft Entra Id privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Sitecore Multiple Products Deserialization of Untrusted Data

Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-36897 CVSS 9.8

In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check.

CVE-2025-36904 CVSS 9.8

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

CVE-2025-54914 CVSS 10

Azure Networking Elevation of Privilege Vulnerability

CVE-2025-55190 CVSS 9.9

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

CVE-2025-55241 CVSS 10

Azure Entra ID Elevation of Privilege Vulnerability

Azure Bot Service Elevation of Privilege Vulnerability

CVE-2025-58357 CVSS 9.6

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client.

CVE-2025-58361 CVSS 9.3

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications.

CVE-2025-7385 CVSS 9.3

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be ex...

CVE-2025-8311 CVSS 9.4

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint.

View critical disclosures

cvelogic Threat Intelligence