Oct 28, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Dassault Systèmes DELMIA Apriso: 2 CVEs added to CISA KEV today.
  • Oracle Sun Products Suite — exploitation likelihood rose sharply (EPSS 31% → 68% · rising (+37%)).
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Dassault Systèmes DELMIA Apriso privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Emerging exploitation risk

CVE-2011-1511 Oracle Sun Products Suite

  • Exploitation likelihood sharply increased
  • EPSS 31% → 68% · rising (+37%)

Oracle Sun Products Suite: EPSS 31% → 68% · rising (+37%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2025-12423 Azure-access Blu-ic2 Firmware DoS

  • CVSS 10

New critical Azure-access Blu-ic2 Firmware DoS (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-6204 KEV

Dassault Systèmes DELMIA Apriso Code Injection

CVE-2025-6205 KEV

Dassault Systèmes DELMIA Apriso Missing Authorization

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2011-1511 EPSS 31% → 68% · rising (+37%) CVSS 6.4

Oracle Sun Products Suite

See EPSS increases

New critical disclosures

CVE-2025-12422 CVSS 10

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: throu...

CVE-2025-12423 CVSS 10

Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVE-2025-12424 CVSS 10

Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVE-2025-12425 CVSS 10

Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVE-2025-36386 CVSS 9.8

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanis...

CVE-2025-60355 CVSS 9.8

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

CVE-2025-61128 CVSS 9.1

Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models a...

CVE-2025-61235 CVSS 9.1

An issue was discovered in Dataphone A920 v2025.07.161103.

CVE-2025-62368 CVSS 9

Taiga is an open source project management platform.

CVE-2025-64095 CVSS 10

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.

View critical disclosures

cvelogic Threat Intelligence