Home
» Risk & Exploitation
» Daily threat intelligence
» Nov 12, 2025
Nov 12, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Microsoft Windows added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-62215
Microsoft Windows Race Condition
Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root
Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-11367
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
CVSS 10
Remote code execution exposure
New critical N-able N-central RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVSS 9.8
Authentication bypass — unauthenticated access risk
New critical Wellsky Harmony Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Race Condition
Gladinet Triofox Improper Access Control
WatchGuard Firebox Out-of-Bounds Write
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as...
N-central < 2025.4 is vulnerable to authentication bypass via path traversal
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability.
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint.
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized...
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the enc...
New critical Fiberhome Hg6145f1 Firmware exposure disclosed.
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin cre...
View critical disclosures
cvelogic
Threat Intelligence