CVE Brief - August 26, 2025

Tuesday, August 26, 2025 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Tuesday's threat landscape demands immediate compliance review as D-Link KEV deadlines expired yesterday, placing federal agencies out of compliance. Today brings 28 critical vulnerabilities including sparkshop remote code execution and multiple Biosig Project buffer overflows affecting medical data processing. With 11 active KEV entries and new Citrix Session Recording vulnerabilities added, organizations face mounting pressure with only 45% patch availability.

⚠️ EXPIRED: D-Link DCS-2530L, DCS-2670L, DNR-322L federal deadlines - immediate action required
11 CISA KEV vulnerabilities with 3 deadlines already passed
Sparkshop v1.1.7 critical RCE via insecure permissions in Common.php
Multiple Biosig Project heap buffer overflows in medical file parsing
New Citrix Session Recording KEVs added with September 14 deadline
Apache Cassandra privilege escalation affecting distributed databases

Immediate action: URGENT: D-Link devices must be immediately isolated or replaced - federal deadline expired. Apply Citrix Session Recording patches before September 14 deadline. Update sparkshop installations immediately.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2020-25078

9.5

D-Link DCS-2530L and DCS-2670L Devices August 4, 2025

⏰ Federal Deadline: August 25, 2025 (1 days remaining)

D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2020-25079

9.5

D-Link DCS-2530L and DCS-2670L Devices August 4, 2025

⏰ Federal Deadline: August 25, 2025 (1 days remaining)

D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2022-40799

9.5

D-Link DNR-322L August 4, 2025

⏰ Federal Deadline: August 25, 2025 (1 days remaining)

D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-8088

9.5

RARLAB WinRAR August 11, 2025

⏰ Federal Deadline: September 1, 2025 (8 days remaining)

RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2007-0671

9.5

Microsoft Office August 11, 2025

⏰ Federal Deadline: September 1, 2025 (8 days remaining)

Microsoft Office Excel Remote Code Execution Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2013-3893

9.5

Microsoft Internet Explorer August 11, 2025

⏰ Federal Deadline: September 1, 2025 (8 days remaining)

Microsoft Internet Explorer Resource Management Errors Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-54948

9.5 📝

Trend Micro Apex One August 17, 2025

⏰ Federal Deadline: September 7, 2025 (14 days remaining)

Trend Micro Apex One OS Command Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-43300

9.5 📝

Apple iOS, iPadOS, and macOS August 20, 2025

⏰ Federal Deadline: September 10, 2025 (17 days remaining)

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-48384

9.5

Git Git August 24, 2025

⏰ Federal Deadline: September 14, 2025 (21 days remaining)

Git Link Following Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2024-8068

9.5

Citrix Session Recording August 24, 2025

⏰ Federal Deadline: September 14, 2025 (21 days remaining)

Citrix Session Recording Improper Privilege Management Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2024-8069

9.5

Citrix Session Recording August 24, 2025

⏰ Federal Deadline: September 14, 2025 (21 days remaining)

Citrix Session Recording Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

Critical Vulnerabilities

CVE-2025-50722

9.8 📝

Insecure Permissions vulnerability in sparkshop Multiple Products Aug 25, 2025

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

CVSS Base 9.8

→

CRS Select profile

CVE-2025-48005

9.8 📝

A Multiple Products Aug 25, 2025

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to ...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53511

9.8 📝

A Multiple Products Aug 25, 2025

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitr...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53557

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53853

9.8 📝

A Multiple Products Aug 25, 2025

A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file ...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54462

9.8 📝

A Multiple Products Aug 25, 2025

A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitra...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54480

9.8 📝

A Multiple Products Aug 25, 2025

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54481

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54482

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54483

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54484

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54485

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54486

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54487

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54488

9.8 📝

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54489

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54490

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54491

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54492

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54493

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54494

9.8

A Multiple Products Aug 25, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-29515

9.8

Incorrect access control in the Multiple Products Aug 25, 2025

Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, incl...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-52581

9.8

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig Multiple Products Aug 25, 2025

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code ex...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53518

9.8

An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig Multiple Products Aug 25, 2025

An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code ex...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-45968

9.8

An issue in System PDV Multiple Products Aug 25, 2025

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability,...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53120

9.4

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the Multiple Products Aug 25, 2025

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote ...

CVSS Base 9.4

→

CRS Select profile

CVE-2025-53118

9.8

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup Multiple Products Aug 25, 2025

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session t...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-29514

9.8

Incorrect access control in the Multiple Products Aug 25, 2025

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

CVSS Base 9.8

→

CRS Select profile

High Priority Updates

CVE-2025-46411

8.1 📝

Project Multiple Products August 25, 2025

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3

CVSS Base 8.1

→

CRS Select profile

CVE-2025-5302

8.6 📝

denial Multiple Products August 25, 2025

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0

CVSS Base 8.6

→

CRS Select profile

CVE-2025-56216

8.5 📝

Management Multiple Products August 25, 2025

phpgurukul Hospital Management System 4

CVSS Base 8.5

→

CRS Select profile

CVE-2025-52461

8.2 📝

Project Multiple Products August 25, 2025

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3

CVSS Base 8.2

→

CRS Select profile

CVE-2025-26467

8.8 📝

Apache Privilege Multiple Products August 25, 2025

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra

CVSS Base 8.8

→

CRS Select profile

CVE-2025-6737

7.2 📝

Vendor Multiple Products August 25, 2025

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants

CVSS Base 7.2

→

CRS Select profile

CVE-2025-9392

8.8 📝

Linksys Multiple Products August 25, 2025

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-9393

8.8 📝

Linksys Multiple Products August 25, 2025

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-32468

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-35984

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-46407

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-50129

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-52456

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-52930

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-53085

8.8 📝

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-53510

8.8

memory Multiple Products August 25, 2025

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-55409

8.8

FoxCMS Multiple Products August 25, 2025

FoxCMS 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-57760

8.8

Langflow Multiple Products August 25, 2025

Langflow is a tool for building and deploying AI-powered agents and workflows

CVSS Base 8.8

→

CRS Select profile

CVE-2025-43960

8.6

Adminer Multiple Products August 25, 2025

Adminer 4

CVSS Base 8.6

→

CRS Select profile

CVE-2025-36174

8 📝

IBM Multiple Products August 25, 2025

IBM Integrated Analytics System 1

CVSS Base 8

→

CRS Select profile

CVE-2025-9380

7.8 📝

CCTV Multiple Products August 25, 2025

A vulnerability was identified in FNKvision Y215 CCTV Camera 10

CVSS Base 7.8

→

CRS Select profile

CVE-2023-47799

7.5

Mahara Multiple Products August 25, 2025

Mahara before 22

CVSS Base 7.5

→

CRS Select profile

CVE-2025-53119

7.5

the Multiple Products August 25, 2025

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server

CVSS Base 7.5

→

CRS Select profile

CVE-2025-6188

7.5

source Multiple Products August 25, 2025

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS

CVSS Base 7.5

→

CRS Select profile

CVE-2025-9418

7.3

Management Multiple Products August 25, 2025

A security vulnerability has been detected in itsourcecode Apartment Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9419

7.3

Management Multiple Products August 25, 2025

A vulnerability was detected in itsourcecode Apartment Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9420

7.3

Management Multiple Products August 25, 2025

A flaw has been found in itsourcecode Apartment Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9421

7.3

Management Multiple Products August 25, 2025

A vulnerability has been found in itsourcecode Apartment Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9423

7.3

Billing Multiple Products August 25, 2025

A vulnerability was determined in Campcodes Online Water Billing System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9425

7.3

Management Multiple Products August 25, 2025

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9426

7.3

Management Multiple Products August 25, 2025

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-9379

7.2 📝

was Multiple Products August 25, 2025

A vulnerability was determined in Belkin AX1800 1

CVSS Base 7.2

→

CRS Select profile

CVE-2025-29516

7.2

D-Link Multiple Products August 25, 2025

D-Link DSL-7740C with firmware DSL7740C

CVSS Base 7.2

→

CRS Select profile

CVE-2025-29523

7.2

D-Link Multiple Products August 25, 2025

D-Link DSL-7740C with firmware DSL7740C

CVSS Base 7.2

→

CRS Select profile

CVE-2025-51281

D-Link Multiple Products August 25, 2025

D-Link DI-8100 16

CVSS Base 7

→

CRS Select profile

Archived Security Snapshot

🎯 SSCV Profile

📊 Archived Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

🚨 Critical Vulnerabilities

⚠️ High Priority Updates

⭐ Starred CVEs

Archived Security Brief

CISA Known Exploited Vulnerabilities

Critical Vulnerabilities

High Priority Updates