Nov 12, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-62215 Microsoft Windows Race Condition

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-11367 The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

  • CVSS 10
  • Remote code execution exposure

New critical N-able N-central RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-56385 Wellsky Harmony Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Wellsky Harmony Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-4464 CVSS 9.3

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as...

CVE-2025-11366 CVSS 9.4

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

CVE-2025-11367 CVSS 10

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

CVE-2025-46608 CVSS 9.1

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability.

CVE-2025-56385 CVSS 9.8

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint.

CVE-2025-59367 CVSS 9.3

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized...

CVE-2025-63289 CVSS 9.1

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the enc...

CVE-2025-63353 CVSS 9.8

New critical Fiberhome Hg6145f1 Firmware exposure disclosed.

CVE-2025-64280 CVSS 9.8

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.

CVE-2025-64281 CVSS 9.8

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin cre...

View critical disclosures

cvelogic Threat Intelligence