Critical vulnerabilities, curated daily for security professionals
๐ฏ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
๐
Today's Security Brief
MONDAY ALERT: Federal KEV deadlines expire TODAY as weekend attacks surface 2 critical exploits. Organizations face immediate compliance deadline for SysAid, CrushFTP, and Chromium vulnerabilities while new authentication bypass flaws emerge in critical infrastructure.
FEDERAL DEADLINE TODAY: SysAid XML injection, CrushFTP alternate channel, and Chromium GPU flaws must be patched by EOD for compliance
Weekend Attacks: The Assemblyline service client RCE (CVSS 10.0) and OpenBao secrets management bypass (CVSS 9.1) discovered over weekend
Authentication Crisis: Multiple AuthKit library flaws enable session hijacking across React and Remix applications (CVSS 7.1)
Immediate action: IMMEDIATE MONDAY ACTIONS: 1) Emergency patch SysAid/CrushFTP/Chromium TODAY for federal compliance, 2) Deploy Assemblyline 4.6.1.dev138 to prevent CVSS 10.0 exploit, 3) Update all OpenBao instances to protect secrets infrastructure, 4) Audit AuthKit implementations across all web applications.
๐ก Tip: Swipe CVE cards left to โญ star, right to โ remove
Section Navigation
โ ๏ธ
CISA Known Exploited Vulnerabilities
โ ๏ธ CISA KEV
CVE-2025-2775
9.5
SysAidSysAid On-Prem
โฐ Federal Deadline:August 11, 2025
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2025-2776
9.5
SysAidSysAid On-Prem
โฐ Federal Deadline:August 11, 2025
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2025-6558
9.5๐
GoogleChromium
โฐ Federal Deadline:August 11, 2025
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2025-54309
9.5
CrushFTPCrushFTP
โฐ Federal Deadline:August 11, 2025
CrushFTP Unprotected Alternate Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEVURGENT
CVE-2023-2533
9.5
PaperCutNG/MF
โฐ Federal Deadline:August 17, 2025(6 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEVURGENT
CVE-2025-20337
9.5๐
CiscoIdentity Services Engine
โฐ Federal Deadline:August 17, 2025(6 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEVURGENT
CVE-2025-20281
9.5
CiscoIdentity Services Engine
โฐ Federal Deadline:August 17, 2025(6 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2020-25078
9.5
D-LinkDCS-2530L and DCS-2670L Devices
โฐ Federal Deadline:August 25, 2025(14 days remaining)
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2020-25079
9.5
D-LinkDCS-2530L and DCS-2670L Devices
โฐ Federal Deadline:August 25, 2025(14 days remaining)
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
โ ๏ธ CISA KEV
CVE-2022-40799
9.5
D-LinkDNR-322L
โฐ Federal Deadline:August 25, 2025(14 days remaining)
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
โ
CRSSelect profile
๐จ
Critical Vulnerabilities
CVE-2025-55013
10๐
The AssemblylineMultiple Products
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task...
CVSS Base10
โ
CRSSelect profile
CVE-2025-54997
9.1๐
OpenBao exists to provide a software solution toMultiple Products
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intention...
CVSS Base9.1
โ
CRSSelect profile
โ ๏ธ
High Priority Updates
CVE-2025-55008
7.1๐
ReactMultiple Products
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router
CVSS Base7.1
โ
CRSSelect profile
CVE-2025-8810
8.8๐
classifiedMultiple Products
A vulnerability classified as critical was found in Tenda AC20 16
CVSS Base8.8
โ
CRSSelect profile
CVE-2025-8816
8.8๐
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
โ
CRSSelect profile
CVE-2025-8817
8.8๐
LinksysMultiple Products
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
โ
CRSSelect profile
CVE-2025-8744
7.3๐
classifiedMultiple Products
A vulnerability classified as critical was found in CesiumLab Web up to 4
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8752
7.3๐
wasMultiple Products
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8773
7.3๐
AMultiple Products
A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform ็่็ๅฑ้ฉๅๅบ็ๆงๅนณๅฐ 1
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8798
7.3๐
wasMultiple Products
A vulnerability was found in oitcode samarium up to 0
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8809
7.3๐
MedicineMultiple Products
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8811
7.3๐
ArtMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-8815
7.3๐
wasMultiple Products
A vulnerability was found in ็ซๅฎi Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e
CVSS Base7.3
โ
CRSSelect profile
CVE-2025-54996
7.2๐
OpenBaoMultiple Products
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys
CVSS Base7.2
โ
CRSSelect profile
CVE-2025-55009
7.1๐
AuthKitMultiple Products
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix
CVSS Base7.1
โ
CRSSelect profile
CVE-2025-8757
7๐
wasMultiple Products
A vulnerability was found in TRENDnet TV-IP110WN 1
CVSS Base7
โ
CRSSelect profile
CVE-2025-8758
7๐
wasMultiple Products
A vulnerability was found in TRENDnet TEW-822DRE FW103B02