Sep 30, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-7063 Widzialni Pad Cms RCE

  • CVSS 10
  • Remote code execution exposure

New critical Widzialni Pad Cms RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-7065 Widzialni Pad Cms RCE

  • CVSS 10
  • Remote code execution exposure

New critical Widzialni Pad Cms RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-8120 Widzialni Pad Cms RCE

  • CVSS 10
  • Remote code execution exposure

New critical Widzialni Pad Cms RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-10659 CVSS 9.3

The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handl...

CVE-2025-10725 CVSS 9.9

A flaw was found in Red Hat Openshift AI Service.

CVE-2025-34217 CVSS 10

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic'...

CVE-2025-56513 CVSS 9.8

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks.

CVE-2025-7063 CVSS 10

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upl...

CVE-2025-7065 CVSS 10

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to up...

CVE-2025-7493 CVSS 9.1

A privilege escalation flaw from host to domain administrator was found in FreeIPA.

CVE-2025-8120 CVSS 10

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to up...

CVE-2025-8625 CVSS 9.8

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 t...

CVE-2025-9762 CVSS 9.8

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachment...

View critical disclosures

cvelogic Threat Intelligence