Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 2, 2025
Dec 2, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Android Framework: 2 CVEs added to CISA KEV today.
Phpipam: public exploit or PoC linked (cross-site scripting)
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-48572
Android Framework Privilege Escalation
Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root
Android Framework Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
CVE-2022-0088
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
Public exploit or PoC available
Exploit activity linked
Yourls CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2025-58386
Terminalfour privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Terminalfour privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Android Framework Privilege Escalation
Android Framework Information Disclosure
View KEV additions
Exploit & PoC activity
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unaut...
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4.
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in u...
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authoriza...
code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below.
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointme...
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
View critical disclosures
cvelogic
Threat Intelligence