Nov 18, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Fortinet FortiWeb added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-58034 Fortinet FortiWeb OS Command Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Fortinet FortiWeb Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-63216 Itel Idgateway Firmware Auth Bypass

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical Itel Idgateway Firmware Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-63217 Itel Id Mux Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Itel Id Mux Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-13051 CVSS 9.3

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL...

CVE-2025-54321 CVSS 9.8

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulner...

CVE-2025-63216 CVSS 10

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices.

CVE-2025-63217 CVSS 9.8

The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices.

CVE-2025-63225 CVSS 9.8

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on c...

CVE-2025-63228 CVSS 9.8

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in th...

CVE-2025-63694 CVSS 9.8

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.

CVE-2025-63695 CVSS 9.8

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.

CVE-2025-63994 CVSS 9.8

An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbi...

CVE-2025-65015 CVSS 9.2

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.

View critical disclosures

cvelogic Threat Intelligence