Dec 5, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Meta React Server Components added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-55182 Meta React Server Components Remote Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Meta React Server Components RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-66570 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Yhirose Cpp-httplib privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-34256 Advantech Wise-deviceon Server

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Meta React Server Components Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-36877 CVSS 9.3

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execu...

CVE-2025-12374 CVSS 9.8

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress...

CVE-2025-13313 CVSS 9.8

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6.

CVE-2025-34256 CVSS 10

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability.

CVE-2025-64054 CVSS 9.6

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or pote...

CVE-2025-66570 CVSS 10

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.

View critical disclosures

cvelogic Threat Intelligence