Dec 2, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Android Framework: 2 CVEs added to CISA KEV today.
  • Phpipam: public exploit or PoC linked (cross-site scripting)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-48572 Android Framework Privilege Escalation

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Android Framework Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2022-0088 Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.

  • Public exploit or PoC available
  • Exploit activity linked

Yourls CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-58386 Terminalfour privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Terminalfour privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2024-41358 Exploit

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.

CVE-2024-41357 Exploit

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.

CVE-2023-33362 Exploit

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

CVE-2023-1211 Exploit

SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.

CVE-2022-3766 Exploit

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE-2022-0088 Exploit

Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-13510 CVSS 9.3

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unaut...

CVE-2025-13542 CVSS 9.8

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4.

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in u...

CVE-2025-58386 CVSS 9.8

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authoriza...

CVE-2025-60736 CVSS 9.8

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

CVE-2025-60854 CVSS 9.8

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below.

CVE-2025-65358 CVSS 9.8

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointme...

CVE-2025-65656 CVSS 9.8

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

CVE-2025-65896 CVSS 9.8

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.

View critical disclosures

cvelogic Threat Intelligence