Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 17, 2025
Dec 17, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
SonicWall SMA1000 Appliance added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-20393
Cisco Multiple Products Improper Input Validation
Actively exploited (CISA KEV)
Listed on CISA KEV
Network edge / SD-WAN deployments affected
Cisco Multiple Products privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-68110
ChurchCRM is an open-source church management system.
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2025-68112
ChurchCRM is an open-source church management system.
New critical Churchcrm SQL Injection (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
SonicWall SMA1000 Missing Authorization
Cisco Multiple Products Improper Input Validation
ASUS Live Update Embedded Malicious Code
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass as...
TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attacker...
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts throu...
ChurchCRM is an open-source church management system.
ChurchCRM is an open-source church management system.
ChurchCRM is an open-source church management system.
ChurchCRM is an open-source church management system.
ChurchCRM is an open-source church management system.
ChurchCRM is an open-source church management system.
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where au...
View critical disclosures
cvelogic
Threat Intelligence