Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Monday's security landscape reveals a dramatic post-weekend lull with only 2 critical vulnerabilities (CVSS 9.0+), representing an 86% decrease from the historical average. The newly disclosed CVE-2025-11948 (Document Management System arbitrary file upload) and CVE-2025-61932 (Lanscope Endpoint Manager RCE) both scored CVSS 9.8 and allow unauthenticated remote code execution, presenting immediate threats to enterprise infrastructure. Despite the reduced volume, organizations face 20 actively exploited CISA KEV vulnerabilities with 5 urgent federal deadlines expiring October 22 (3 days), including critical flaws in GNU Bash, Jenkins, Juniper ScreenOS, Samsung Mobile, and Smartbedded Meteobridge. Patch availability improved to 100% for today's critical vulnerabilities, though the federal compliance window for KEV remediation is rapidly closing heading into the midweek deadline.
Critical CVEs: 2 vulnerabilities representing 86% decrease vs historical average
High Priority CVEs: 4 vulnerabilities with patch guidance available
CISA KEV Crisis: 20 actively exploited vulnerabilities with 5 urgent October 22 deadlines (3 days remaining)
Document Management System: CVE-2025-11948 (CVSS 9.8) allows arbitrary file upload and web shell execution
Patch Availability: 100% of critical CVEs have vendor patches available - immediate deployment recommended
Immediate action: Immediate action: Deploy emergency patches for CVE-2025-11948 (Document Management System) and CVE-2025-61932 (Lanscope Endpoint Manager) to prevent unauthenticated remote code execution. Prioritize CISA KEV remediation with 5 vulnerabilities reaching federal deadline October 22 (GNU Bash CVE-2014-6278, Jenkins CVE-2017-1000353, Juniper ScreenOS CVE-2015-7755, Samsung Mobile CVE-2025-21043, Smartbedded Meteobridge CVE-2025-4008). Organizations have 3 days to achieve KEV compliance before federal deadline expires.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(3 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(3 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(3 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(3 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(3 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(7 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(7 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(7 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(8 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(10 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(15 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(15 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(15 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6264
9.5
Rapid7Velociraptor
â° Federal Deadline:November 3, 2025(15 days remaining)
Rapid7 Velociraptor Incorrect Default Permissions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(15 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(16 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-11948
9.8đ
Document Management System developed by Excellent Infotek has an Arbitrary File UploadMultiple Products
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabl...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-61932
9.8đ
Lanscope Endpoint ManagerMultiple Products
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending sp...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-62577
8.8đ
ETERNUSMultiple Products
ETERNUS SF provided by Fsas Technologies Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11942
7.3đ
foundMultiple Products
A flaw has been found in 70mai X200 up to 20251010
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11943
7.3đ
foundMultiple Products
A vulnerability has been found in 70mai X200 up to 20251010
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11940
7đ
securityMultiple Products
A security vulnerability has been detected in LibreWolf up to 143