Dec 22, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Digiever DS-2105 Pro added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-52163 Digiever DS-2105 Pro Missing Authorization

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Digiever DS-2105 Pro Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-65856 Xiongmaitech Xm530v200 X6-weq 8m Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Xiongmaitech Xm530v200 X6-weq 8m Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-68615 net-snmp is a SNMP application library, tools and daemon.

  • CVSS 9.8

New critical Debian Linux Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-53960 CVSS 9.3

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows...

CVE-2023-53963 CVSS 9.3

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute...

CVE-2023-53966 CVSS 9.3

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows thro...

CVE-2023-53967 CVSS 9.3

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password wi...

CVE-2023-53968 CVSS 9.3

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls b...

CVE-2023-53969 CVSS 9.3

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls b...

CVE-2023-53972 CVSS 9.3

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipu...

CVE-2023-53975 CVSS 9.3

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through...

CVE-2025-65856 CVSS 9.8

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthe...

CVE-2025-68615 CVSS 9.8

net-snmp is a SNMP application library, tools and daemon.

View critical disclosures

cvelogic Threat Intelligence