Nov 21, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Oracle Fusion Middleware added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • Arcserve Udp — exploitation likelihood rose sharply (EPSS 0.4% → 15% · rising (+15%)).
  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-41998 Arcserve Udp

  • Exploitation likelihood sharply increased
  • CVSS 9.8
  • EPSS 0.4% → 15% · rising (+15%)

Arcserve Udp: EPSS 0.4% → 15% · rising (+15%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2025-41115 Grafana

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Oracle Fusion Middleware Missing Authentication for Critical Function

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2023-41998 EPSS 0.4% → 15% · rising (+15%) CVSS 9.8

Arcserve Udp

See EPSS increases

New critical disclosures

CVE-2025-11127 CVSS 9.8

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identi...

CVE-2025-11456 CVSS 9.8

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...

CVE-2025-41115 CVSS 10

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in...

CVE-2025-64767 CVSS 9.1

hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API.

CVE-2025-65108 CVSS 10

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome.

View critical disclosures

cvelogic Threat Intelligence