Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 15, 2025
Sep 15, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2025-31255
An authorization issue was addressed with improved state management.
CVSS 9.8
Potential privilege escalation to admin/root
New critical Apple Ipados privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-52053
Totolink X6000r Firmware Command Injection
New critical Totolink X6000r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-57118
Phpgurukul Online Library Management System privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Phpgurukul Online Library Management System privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An authorization issue was addressed with improved state management.
A correctness issue was addressed with improved checks.
The issue was addressed with improved memory handling.
This issue was addressed by removing the vulnerable code.
A logic issue was addressed with improved state management.
The issue was addressed with improved checks.
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHt...
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_na...
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other pre...
View critical disclosures
cvelogic
Threat Intelligence