Weekend Review

July 21-25, 2025 | Weekly Security Analysis

Executive Summary

This week delivered 54 critical vulnerabilities with a notable surge from 3 on Monday to 14 by Wednesday-Thursday. The threat landscape intensified with consistently high CISA KEV activity (7-10 daily) and a concerning WordPress ONLYOFFICE plugin takeover vulnerability affecting thousands of sites.

54 Total Critical CVEs
261 Total High CVEs
47 CISA KEV
10.8 Daily Average

Key Vulnerabilities This Week

WordPress ONLYOFFICE Plugin Critical Takeover

CVE-2025-6380 (CVSS 9.8) enables complete site takeover via unauthenticated privilege escalation in ONLYOFFICE Docs plugin versions 1.1.0-2.2.0. Missing authorization in oo.callback REST endpoint affects thousands of WordPress sites.

Complete WordPress site compromise without authentication

Samsung MagicINFO Server Mass Vulnerability Disclosure

Massive disclosure of Samsung MagicINFO 9 Server vulnerabilities including unrestricted file uploads, path traversal, hard-coded credentials, and code injection flaws. All versions < 21.1080.0 affected.

Complete enterprise display system compromise across Samsung infrastructure

Multiple Perfect 10.0 CVSS Score Vulnerabilities

Four perfect CVSS 10.0 vulnerabilities emerged this week including Bitnami Helm charts secret exposure, unrestricted file uploads, and SQL injection in enterprise systems.

Maximum severity system compromise across multiple vendor platforms

Vulnerability Types Breakdown

Privilege Escalation
18 ↑ increasing
Unrestricted File Upload
15 ↑ increasing
Memory Safety
12 → stable
SQL Injection
10 ↑ increasing
Path Traversal
9 ↑ increasing

Key Security Trends

WordPress Ecosystem Under Sustained Attack

ONLYOFFICE plugin takeover vulnerability (CVE-2025-6380) represents the most severe WordPress threat this week, enabling complete site compromise. Multiple additional WordPress plugin vulnerabilities indicate systematic targeting.

Recommendation: Immediately audit all WordPress ONLYOFFICE plugin installations and implement comprehensive plugin security policies

Enterprise Display Infrastructure Exposed

Samsung MagicINFO 9 Server mass vulnerability disclosure reveals widespread enterprise display system security issues. File upload, authentication bypass, and code injection flaws affect corporate digital signage infrastructure.

Recommendation: Audit all Samsung MagicINFO deployments and upgrade to version 21.1080.0 immediately

Browser Security Escalation

Significant Mozilla Firefox, Chrome, and Thunderbird vulnerabilities indicate coordinated browser security research. Memory safety bugs and GPU validation issues require immediate attention.

Recommendation: Deploy browser security updates immediately across all enterprise endpoints

⚠️ Federal Compliance Alert

Four critical KEV vulnerabilities expire Sunday July 27. Emergency weekend patching required for federal compliance. Week featured consistently high KEV activity with 47 total federal deadline vulnerabilities.

CVE-2024-21898 - Fortinet FortiOS
1 day remaining
CVE-2024-23113 - Fortinet FortiOS
1 day remaining
CVE-2024-47575 - FortiManager
1 day remaining
CVE-2024-55591 - FortiManager
1 day remaining

🚨 Critical Sunday KEV Deadline Preparation

  • Immediately audit and update all WordPress ONLYOFFICE plugin installations (versions 1.1.0-2.2.0)
  • Verify Samsung MagicINFO Server versions and upgrade to 21.1080.0 if affected
  • Deploy Mozilla Firefox, Chrome, and Thunderbird security updates across all endpoints
  • Activate emergency change management for 4 KEV vulnerabilities expiring Sunday
  • Review all perfect 10.0 CVSS vulnerabilities for active exploitation indicators