Dec 23, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2025-14931
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Exec...
- CVSS 10
- Remote code execution exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2025-66209
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
New critical Coollabs Coolify Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-68667
Conduit is a chat server powered by Matrix.
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability.
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases.
LangChain is a framework for building agents and LLM-powered applications.
Conduit is a chat server powered by Matrix.
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client.
View critical disclosures
cvelogic
Threat Intelligence