Oct 6, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Microsoft Windows: 4 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2010-3765 Mozilla Multiple Products Remote Code Execution

Actively exploited (CISA KEV)
Listed on CISA KEV
Remote code execution exposure

Mozilla Multiple Products RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-10363 Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on...

CVSS 10
Remote code execution exposure

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-60957 Endruntechnologies Sonoma D12 Firmware DoS

CVSS 9.9

New critical Endruntechnologies Sonoma D12 Firmware DoS (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-61882 KEV

Oracle E-Business Suite Unspecified

CVE-2021-43226 KEV

Microsoft Windows Privilege Escalation

CVE-2021-22555 KEV

Linux Kernel Heap Out-of-Bounds Write

CVE-2013-3918 KEV

Microsoft Windows Out-of-Bounds Write

CVE-2011-3402 KEV

Microsoft Windows Remote Code Execution

CVE-2010-3962 KEV

Microsoft Internet Explorer Uninitialized Memory Corruption

CVE-2010-3765 KEV

Mozilla Multiple Products Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-10363 CVSS 10

Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.Thi...

CVE-2025-36356 CVSS 9.3

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a lo...

CVE-2025-57247 CVSS 9.1

The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains inco...

CVE-2025-57515 CVSS 9.8

A SQL injection vulnerability has been identified in Uniclare Student Portal v2.

CVE-2025-60957 CVSS 9.9

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attacker...

CVE-2025-60964 CVSS 9.1

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attacker...

CVE-2025-60965 CVSS 9.1

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attacker...

CVE-2025-61774 CVSS 9.3

PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit (VTK).

CVE-2025-61777 CVSS 9.4

Flag Forge is a Capture The Flag (CTF) platform.

CVE-2025-61778 CVSS 9.3

Akka.NET is a .NET port of the Akka project from the Scala / Java community.

View critical disclosures

cvelogic Threat Intelligence