CVE Brief - October 30, 2025

Thursday, October 30, 2025 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Archived Security Brief

This curated brief highlights 7 critical vulnerabilities and 75 high-priority updates requiring immediate attention.

82 total vulnerabilities disclosed in last 24 hours

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2025-47827

9.5

IGEL IGEL OS October 13, 2025

⏰ Federal Deadline: November 3, 2025 (5 days remaining)

IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-24990

9.5 📝

Microsoft Windows October 13, 2025

⏰ Federal Deadline: November 3, 2025 (5 days remaining)

Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-59230

9.5 📝

Microsoft Windows October 13, 2025

⏰ Federal Deadline: November 3, 2025 (5 days remaining)

Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2016-7836

9.5

SKYSEA Client View October 13, 2025

⏰ Federal Deadline: November 3, 2025 (5 days remaining)

SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-54253

9.5 📝

Adobe Experience Manager (AEM) Forms October 14, 2025

⏰ Federal Deadline: November 4, 2025 (6 days remaining)

Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2022-48503

9.5

Apple Multiple Products October 19, 2025

⏰ Federal Deadline: November 9, 2025 (11 days remaining)

Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-2746

9.5

Kentico Xperience CMS October 19, 2025

⏰ Federal Deadline: November 9, 2025 (11 days remaining)

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-2747

9.5

Kentico Xperience CMS October 19, 2025

⏰ Federal Deadline: November 9, 2025 (11 days remaining)

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-33073

9.5

Microsoft Windows October 19, 2025

⏰ Federal Deadline: November 9, 2025 (11 days remaining)

Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-61884

9.5 📝

Oracle E-Business Suite October 19, 2025

⏰ Federal Deadline: November 9, 2025 (11 days remaining)

Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-61932

9.5 📝

Motex LANSCOPE Endpoint Manager October 21, 2025

⏰ Federal Deadline: November 11, 2025 (13 days remaining)

Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-54236

9.5 📝

Adobe Commerce and Magento October 23, 2025

⏰ Federal Deadline: November 13, 2025 (15 days remaining)

Adobe Commerce and Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-59287

9.5 📝

Microsoft Windows October 23, 2025

⏰ Federal Deadline: November 13, 2025 (15 days remaining)

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-6204

9.5

Dassault Systèmes DELMIA Apriso October 27, 2025

⏰ Federal Deadline: November 17, 2025 (19 days remaining)

Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-6205

9.5 📝

Dassault Systèmes DELMIA Apriso October 27, 2025

⏰ Federal Deadline: November 17, 2025 (19 days remaining)

Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-41244

9.5 📝

Broadcom VMware Aria Operations and VMware Tools October 29, 2025

⏰ Federal Deadline: November 19, 2025 (21 days remaining)

Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-24893

9.5

XWiki Platform October 29, 2025

⏰ Federal Deadline: November 19, 2025 (21 days remaining)

XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

Critical Vulnerabilities

CVE-2025-4665

9.6 📝

WordPress plugin Contact Form Multiple Products Oct 29, 2025

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injectio...

CVSS Base 9.6

→

CRS Select profile

CVE-2025-63622

9.8 📝

A vulnerability was found in Multiple Products Oct 29, 2025

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category caus...

CVSS Base 9.8

→

CRS Select profile

CVE-2024-45162

9.8 📝

A Multiple Products Oct 29, 2025

A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.

CVSS Base 9.8

→

CRS Select profile

CVE-2025-11202

9.8 📝

Unknown Multiple Products Oct 29, 2025

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-m...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-54469

9.9 📝

A vulnerability was identified in Multiple Products Oct 30, 2025

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitisin...

CVSS Base 9.9

→

CRS Select profile

CVE-2025-43027

9.8 📝

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center Multiple Products Oct 30, 2025

CVSS Base 9.8

→

CRS Select profile

CVE-2025-62712

9.6 📝

JumpServer is an open source bastion host and an operation and maintenance security audit Multiple Products Oct 30, 2025

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user c...

CVSS Base 9.6

→

CRS Select profile

High Priority Updates

CVE-2025-64140

8.8 📝

Jenkins Multiple Products October 30, 2025

Jenkins Azure CLI Plugin 0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-64104

7.3 📝

LangGraph Multiple Products October 30, 2025

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite)

CVSS Base 7.3

→

CRS Select profile

CVE-2025-60075

7.1 📝

WordPress Multiple Products October 30, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS

CVSS Base 7.1

→

CRS Select profile

CVE-2025-64195

7.6 📝

ThimPress Eduma eduma Multiple Products October 30, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion

CVSS Base 7.6

→

CRS Select profile

CVE-2025-64216

7.5 📝

ThemeSphere SmartMag Multiple Products October 30, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion

CVSS Base 7.5

→

CRS Select profile

CVE-2025-64284

7.5 📝

Majestic Support Multiple Products October 30, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion

CVSS Base 7.5

→

CRS Select profile

CVE-2025-64096

8.8 📝

CryptoLib Multiple Products October 30, 2025

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station

CVSS Base 8.8

→

CRS Select profile

CVE-2025-62776

7.8 📝

installer Multiple Products October 30, 2025

The installer of WTW EAGLE (for Windows) 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61115

7.5 📝

ABC Multiple Products October 30, 2025

ABC Fine Wine & Spirits Android App version v

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61116

7.5 📝

App Multiple Products October 30, 2025

AdForest - Classified Android App version 4

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61117

7.5 📝

App Multiple Products October 30, 2025

Senza: Keto & Fasting Android App version 2

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61114

7.5 📝

Unknown Multiple Products October 30, 2025

2nd Line Android App version v1

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61119

7.5 📝

App Multiple Products October 30, 2025

Kanova Android App version 1

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61120

7.5 📝

Life Multiple Products October 30, 2025

AG Life Logger Android App version v1

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61121

7.5 📝

App Multiple Products October 30, 2025

Mobile Scanner Android App version 2

CVSS Base 7.5

→

CRS Select profile

CVE-2025-43939

7.8

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.8

→

CRS Select profile

CVE-2025-43940

7.8

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.8

→

CRS Select profile

CVE-2025-43942

7.8

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.8

→

CRS Select profile

CVE-2025-46422

7.8

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.8

→

CRS Select profile

CVE-2025-46423

7.8

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.8

→

CRS Select profile

CVE-2025-64131

7.5 📝

Jenkins Multiple Products October 30, 2025

Jenkins SAML Plugin 4

CVSS Base 7.5

→

CRS Select profile

CVE-2025-43941

7.2

Dell Multiple Products October 30, 2025

Dell Unity, version(s) 5

CVSS Base 7.2

→

CRS Select profile

CVE-2025-64134

7.1 📝

Jenkins Multiple Products October 30, 2025

Jenkins JDepend Plugin 1

CVSS Base 7.1

→

CRS Select profile

CVE-2025-11201

8.1 📝

Tracking Multiple Products October 30, 2025

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

CVSS Base 8.1

→

CRS Select profile

CVE-2025-10920

7.8 📝

GIMP Multiple Products October 30, 2025

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10921

7.8

GIMP Multiple Products October 30, 2025

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10922

7.8

GIMP Multiple Products October 30, 2025

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10923

7.8

GIMP Multiple Products October 30, 2025

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10924

7.8

GIMP Multiple Products October 30, 2025

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10925

7.8

GIMP Multiple Products October 30, 2025

GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10934

7.8

GIMP Multiple Products October 30, 2025

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11463

7.8

Unknown Multiple Products October 30, 2025

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11464

7.8

Unknown Multiple Products October 30, 2025

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11465

7.8

Unknown Multiple Products October 30, 2025

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-54546

7.5

affected Multiple Products October 30, 2025

On affected platforms, restricted users could use SSH port forwarding to access host-internal services

CVSS Base 7.5

→

CRS Select profile

CVE-2025-63422

7.5

Incorrect Multiple Products October 30, 2025

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K

CVSS Base 7.5

→

CRS Select profile

CVE-2025-63423

7.5

Each Multiple Products October 30, 2025

Each Italy Wireless Mini Router WIRELESS-N 300M v28K

CVSS Base 7.5

→

CRS Select profile

CVE-2025-11200

8.1

MLflow Multiple Products October 30, 2025

MLflow Weak Password Requirements Authentication Bypass Vulnerability

CVSS Base 8.1

→

CRS Select profile

CVE-2025-9869

7.8

Razer Multiple Products October 30, 2025

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-9870

7.8

Razer Multiple Products October 30, 2025

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-9871

7.8

Razer Multiple Products October 30, 2025

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-12466

7.5

Drupal Multiple Products October 30, 2025

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61498

7.5

buffer Multiple Products October 30, 2025

A buffer overflow in the UPnP service of Tenda AC8 Hardware v03

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61429

8.8

Terminal Multiple Products October 30, 2025

An issue in NCR Atleos Terminal Manager (ConfigApp) v3

CVSS Base 8.8

→

CRS Select profile

CVE-2025-61196

8.8

issue Multiple Products October 30, 2025

An issue in BusinessNext CRMnext v

CVSS Base 8.8

→

CRS Select profile

CVE-2025-62726

8.8

Unknown Multiple Products October 30, 2025

n8n is an open source workflow automation platform

CVSS Base 8.8

→

CRS Select profile

CVE-2025-54470

8.6

This Multiple Products October 30, 2025

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled

CVSS Base 8.6

→

CRS Select profile

CVE-2025-3356

8.6

IBM Multiple Products October 30, 2025

IBM Tivoli Monitoring 6

CVSS Base 8.6

→

CRS Select profile

CVE-2025-11702

8.5

versions Multiple Products October 30, 2025

GitLab has remediated an issue in EE affecting all versions from 17

CVSS Base 8.5

→

CRS Select profile

CVE-2025-61161

8.4

Evope Collector DLL Multiple Products October 30, 2025

DLL hijacking vulnerability in Evope Collector 1

CVSS Base 8.4

→

CRS Select profile

CVE-2025-10932

8.2

Progress MOVEit Multiple Products October 30, 2025

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module)

CVSS Base 8.2

→

CRS Select profile

CVE-2025-60595

8.2

SPH Multiple Products October 30, 2025

SPH Engineering UgCS 5

CVSS Base 8.2

→

CRS Select profile

CVE-2025-63298

8.2

Management Multiple Products October 30, 2025

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1

CVSS Base 8.2

→

CRS Select profile

CVE-2025-64101

8.1

Zitadel Multiple Products October 30, 2025

Zitadel is open-source identity infrastructure software

CVSS Base 8.1

→

CRS Select profile

CVE-2025-64112

Statmatic Multiple Products October 30, 2025

Statmatic is a Laravel and Git powered content management system (CMS)

CVSS Base 8

→

CRS Select profile

CVE-2025-61156

7.8

Incorrect Multiple Products October 30, 2025

Incorrect access control in the kernel driver of ThreatFire System Monitor v4

CVSS Base 7.8

→

CRS Select profile

CVE-2025-57227

7.8

unquoted Multiple Products October 30, 2025

An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1

CVSS Base 7.8

→

CRS Select profile

CVE-2025-54545

7.8

affected Multiple Products October 30, 2025

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges

CVSS Base 7.8

→

CRS Select profile

CVE-2025-56558

7.5

issue Multiple Products October 30, 2025

An issue discovered in Dyson App v6

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61234

7.5

Incorrect Multiple Products October 30, 2025

Incorrect access control on Dataphone A920 v2025

CVSS Base 7.5

→

CRS Select profile

CVE-2025-11232

7.5

trigger Multiple Products October 30, 2025

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9

CVSS Base 7.5

→

CRS Select profile

CVE-2025-54459

7.5

Hospital Multiple Products October 30, 2025

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP

CVSS Base 7.5

→

CRS Select profile

CVE-2025-58188

7.5

Validating Multiple Products October 30, 2025

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61725

7.5

ParseAddress Multiple Products October 30, 2025

The ParseAddress function constructeds domain-literal address components through repeated string concatenation

CVSS Base 7.5

→

CRS Select profile

CVE-2025-12082

7.5

Drupal Multiple Products October 30, 2025

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing

CVSS Base 7.5

→

CRS Select profile

CVE-2025-9954

7.5

Drupal Multiple Products October 30, 2025

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61113

7.5

TalkTalk Multiple Products October 30, 2025

TalkTalk 3

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61118

7.5

App Multiple Products October 30, 2025

mCarFix Motorists App version 2

CVSS Base 7.5

→

CRS Select profile

CVE-2025-3355

7.5

IBM Multiple Products October 30, 2025

IBM Tivoli Monitoring 6

CVSS Base 7.5

→

CRS Select profile

CVE-2025-61141

7.5

Unknown Multiple Products October 30, 2025

sqls-server/sqls 0

CVSS Base 7.5

→

CRS Select profile

CVE-2025-62231

7.3

flaw Multiple Products October 30, 2025

A flaw was identified in the X

CVSS Base 7.3

→

CRS Select profile

CVE-2025-62229

7.3

flaw Multiple Products October 30, 2025

A flaw was found in the X

CVSS Base 7.3

→

CRS Select profile

CVE-2025-62230

7.3

flaw Multiple Products October 30, 2025

A flaw was discovered in the X

CVSS Base 7.3

→

CRS Select profile

CVE-2025-36137

7.2

IBM Multiple Products October 30, 2025

IBM Sterling Connect Direct for Unix 6

CVSS Base 7.2

→

CRS Select profile

CVE-2025-62795

7.1

JumpServer Multiple Products October 30, 2025

JumpServer is an open source bastion host and an operation and maintenance security audit system

CVSS Base 7.1

→

CRS Select profile

Archived Security Snapshot

🎯 SSCV Profile

📊 Archived Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

🚨 Critical Vulnerabilities

⚠️ High Priority Updates

⭐ Starred CVEs

Archived Security Brief

CISA Known Exploited Vulnerabilities

Critical Vulnerabilities

High Priority Updates