Sep 15, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-31255 An authorization issue was addressed with improved state management.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Apple Ipados privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-52053 Totolink X6000r Firmware Command Injection

  • CVSS 9.8

New critical Totolink X6000r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-57118 Phpgurukul Online Library Management System privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Phpgurukul Online Library Management System privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-31255 CVSS 9.8

An authorization issue was addressed with improved state management.

CVE-2025-43342 CVSS 9.8

A correctness issue was addressed with improved checks.

CVE-2025-43343 CVSS 9.8

The issue was addressed with improved memory handling.

CVE-2025-43347 CVSS 9.8

This issue was addressed by removing the vulnerable code.

CVE-2025-43359 CVSS 9.8

A logic issue was addressed with improved state management.

CVE-2025-43362 CVSS 9.8

The issue was addressed with improved checks.

CVE-2025-46408 CVSS 9.8

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHt...

CVE-2025-52053 CVSS 9.8

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_na...

CVE-2025-57118 CVSS 9.8

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

CVE-2025-57174 CVSS 9.8

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other pre...

View critical disclosures

cvelogic Threat Intelligence