Dec 11, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • OSGeo GeoServer added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-58360 OSGeo GeoServer Improper Restriction of XML External Entity Reference

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

OSGeo GeoServer XXE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-64721 Sandboxie-plus Sandboxie

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-36937 Google Android RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

OSGeo GeoServer Improper Restriction of XML External Entity Reference

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-58286 CVSS 9.3

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Execu...

CVE-2024-58290 CVSS 9.3

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate da...

CVE-2024-58298 CVSS 9.2

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to up...

CVE-2024-58301 CVSS 9.3

Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfilt...

CVE-2024-58307 CVSS 9.3

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers...

CVE-2024-58308 CVSS 9.3

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating...

CVE-2025-12963 CVSS 9.8

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege esca...

CVE-2025-14344 CVSS 9.8

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...

CVE-2025-36937 CVSS 9.8

In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check.

CVE-2025-64721 CVSS 9.9

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems.

View critical disclosures

cvelogic Threat Intelligence