Oct 15, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Adobe Experience Manager (AEM) Forms added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-54253 Adobe Experience Manager Forms Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Adobe Experience Manager (AEM) Forms RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-11832 Azure-access Blu-ic2 Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-10041 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to mi...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-10041 CVSS 9.8

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr...

CVE-2025-10294 CVSS 9.8

The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4.

CVE-2025-11832 CVSS 10

Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 al...

CVE-2025-56749 CVSS 9.4

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing.

CVE-2025-62410 CVSS 9.4

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript...

CVE-2025-9967 CVSS 9.8

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and...

View critical disclosures

cvelogic Threat Intelligence