CVE Brief - November 13, 2025

Thursday, November 13, 2025 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Thursday's security environment reveals a significant shift in threat patterns with 3 critical vulnerabilities (down 40% from Wednesday) and 100 high-priority issues (up 186% from yesterday's 35 disclosures), marking a dramatic mid-week surge in disclosure activity. The threat landscape is dominated by authentication bypass flaws in Dell Data Lakehouse (CVE-2025-46608, CVSS 9.1) and dual critical vulnerabilities in aEnrich a+HRD (CVE-2025-12870, CVE-2025-12871, both CVSS 9.8). With 12 actively exploited vulnerabilities and only 8% patch availability, organizations face heightened risk. Two urgent CISA KEV deadlines pass today (November 13) for Adobe Commerce and Microsoft Windows WSUS, both rated CVSS 9.5, while two additional Dassault DELMIA Apriso vulnerabilities approach deadlines on November 17.

Critical vulnerabilities: 3 CVSS 9.0+ issues (down 40% from Wednesday's 5)
High-priority surge: 100 CVEs disclosed (186% increase from yesterday's 35)
Active exploitation: 12 vulnerabilities in CISA KEV catalog (up 20% from 10)
URGENT DEADLINES TODAY: Adobe Commerce CVE-2025-54236 and Microsoft WSUS CVE-2025-59287 (both CVSS 9.5)
Patch availability: Only 8% of disclosed vulnerabilities have vendor patches
Authentication threats: Dual CVSS 9.8 bypasses in aEnrich a+HRD HR management platform
Enterprise impact: Dell Data Lakehouse privilege escalation (CVSS 9.1) threatens data integrity
Approaching deadlines: Dassault DELMIA Apriso CVE-2025-6204 and CVE-2025-6205 due November 17

Immediate action: IMMEDIATE ACTION REQUIRED: Patch Adobe Commerce and Microsoft WSUS systems before end of day to meet federal deadline. Organizations using Dell Data Lakehouse or aEnrich a+HRD must prioritize emergency patching for CVSS 9.0+ authentication bypass vulnerabilities.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2025-54236

9.5 📝

Adobe Commerce and Magento October 23, 2025

⏰ Federal Deadline: November 13, 2025 (1 days remaining)

Adobe Commerce and Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-59287

9.5 📝

Microsoft Windows October 23, 2025

⏰ Federal Deadline: November 13, 2025 (1 days remaining)

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-6204

9.5

Dassault Systèmes DELMIA Apriso October 27, 2025

⏰ Federal Deadline: November 17, 2025 (5 days remaining)

Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-6205

9.5 📝

Dassault Systèmes DELMIA Apriso October 27, 2025

⏰ Federal Deadline: November 17, 2025 (5 days remaining)

Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-41244

9.5 📝

Broadcom VMware Aria Operations and VMware Tools October 29, 2025

⏰ Federal Deadline: November 19, 2025 (7 days remaining)

Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-24893

9.5

XWiki Platform October 29, 2025

⏰ Federal Deadline: November 19, 2025 (7 days remaining)

XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-48703

9.5 📝

CWP Control Web Panel November 3, 2025

⏰ Federal Deadline: November 24, 2025 (12 days remaining)

CWP Control Web Panel OS Command Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-11371

9.5

Gladinet CentreStack and Triofox November 3, 2025

⏰ Federal Deadline: November 24, 2025 (12 days remaining)

Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-21042

9.5

Samsung Mobile Devices November 9, 2025

⏰ Federal Deadline: November 30, 2025 (18 days remaining)

Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-12480

9.5 📝

Gladinet Triofox November 11, 2025

⏰ Federal Deadline: December 2, 2025 (20 days remaining)

Gladinet Triofox Improper Access Control Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-62215

9.5

Microsoft Windows November 11, 2025

⏰ Federal Deadline: December 2, 2025 (20 days remaining)

Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-9242

9.5

WatchGuard Firebox November 11, 2025

⏰ Federal Deadline: December 2, 2025 (20 days remaining)

WatchGuard Firebox Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

Critical Vulnerabilities

CVE-2025-46608

9.1 📝

Dell Data Multiple Products Nov 12, 2025

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity.

CVSS Base 9.1

→

CRS Select profile

CVE-2025-12870

9.8 📝

The Multiple Products Nov 12, 2025

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

CVSS Base 9.8

→

CRS Select profile

CVE-2025-12871

9.8 📝

The Multiple Products Nov 12, 2025

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

CVSS Base 9.8

→

CRS Select profile

High Priority Updates

CVE-2025-12637

8.8 📝

WordPress Multiple Products November 12, 2025

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0

CVSS Base 8.8

→

CRS Select profile

CVE-2025-64403

8.1 📝

Apache Multiple Products November 12, 2025

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources"

CVSS Base 8.1

→

CRS Select profile

CVE-2025-60715

8 📝

Unknown Multiple Products November 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

CVSS Base 8

→

CRS Select profile

CVE-2025-62452

8 📝

Unknown Multiple Products November 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network

CVSS Base 8

→

CRS Select profile

CVE-2025-11521

8.1 📝

WordPress Multiple Products November 12, 2025

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0

CVSS Base 8.1

→

CRS Select profile

CVE-2025-11168

8.8 📝

WordPress Multiple Products November 12, 2025

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-62220

8.8 📝

Unknown Multiple Products November 12, 2025

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network

CVSS Base 8.8

→

CRS Select profile

CVE-2025-60703

7.8 📝

Untrusted Multiple Products November 12, 2025

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60713

7.8 📝

Untrusted Multiple Products November 12, 2025

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-10714

8.4 📝

Microsoft Multiple Products November 12, 2025

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system

CVSS Base 8.4

→

CRS Select profile

CVE-2025-62204

8 📝

Microsoft Multiple Products November 12, 2025

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

CVSS Base 8

→

CRS Select profile

CVE-2025-60714

7.8 📝

Unknown Multiple Products November 12, 2025

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62199

7.8 📝

Microsoft Multiple Products November 12, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62201

7.8 📝

Microsoft Multiple Products November 12, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62203

7.8 📝

Microsoft Multiple Products November 12, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62205

7.8

Microsoft Multiple Products November 12, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62216

7.8

Microsoft Multiple Products November 12, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-12846

8.8

WordPress Multiple Products November 12, 2025

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-13042

8.8

Google Multiple Products November 12, 2025

Inappropriate implementation in V8 in Google Chrome prior to 142

CVSS Base 8.8

→

CRS Select profile

CVE-2025-30255

8.2

Intel Multiple Products November 12, 2025

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23

CVSS Base 8.2

→

CRS Select profile

CVE-2025-35971

8.2

Intel Multiple Products November 12, 2025

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23

CVSS Base 8.2

→

CRS Select profile

CVE-2025-65001

8.2

Fujitsu Multiple Products November 12, 2025

Fujitsu fbiosdrv

CVSS Base 8.2

→

CRS Select profile

CVE-2025-13027

8.1

and Multiple Products November 12, 2025

Memory safety bugs present in Firefox 144 and Thunderbird 144

CVSS Base 8.1

→

CRS Select profile

CVE-2025-27713

7.8

Intel Multiple Products November 12, 2025

Out-of-bounds write for some Intel(R) QAT Windows software before version 2

CVSS Base 7.8

→

CRS Select profile

CVE-2025-59505

7.8

Double Multiple Products November 12, 2025

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-59511

7.8

External Multiple Products November 12, 2025

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-59514

7.8

Microsoft Multiple Products November 12, 2025

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60705

7.8

Windows Multiple Products November 12, 2025

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60709

7.8

Unknown Multiple Products November 12, 2025

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60710

7.8

Improper Multiple Products November 12, 2025

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60718

7.8

Untrusted Multiple Products November 12, 2025

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60720

7.8

Buffer Multiple Products November 12, 2025

Buffer over-read in Windows TDX

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60721

7.8

Privilege Multiple Products November 12, 2025

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-60727

7.8

Microsoft Multiple Products November 12, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61819

7.8

Desktop Multiple Products November 12, 2025

Photoshop Desktop versions 26

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61826

7.8

iPad Multiple Products November 12, 2025

Illustrator on iPad versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61827

7.8

iPad Multiple Products November 12, 2025

Illustrator on iPad versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61828

7.8

iPad Multiple Products November 12, 2025

Illustrator on iPad versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61829

7.8

iPad Multiple Products November 12, 2025

Illustrator on iPad versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61836

7.8

iPad Multiple Products November 12, 2025

Illustrator on iPad versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-62200

7.8

Microsoft Multiple Products November 12, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11451

7.5

WordPress Multiple Products November 12, 2025

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5

CVSS Base 7.5

→

CRS Select profile

CVE-2025-59088

8.6

have Multiple Products November 12, 2025

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name

CVSS Base 8.6

→

CRS Select profile

CVE-2025-46427

8.8

Dell Multiple Products November 12, 2025

Dell SmartFabric OS10 Software, versions prior to 10

CVSS Base 8.8

→

CRS Select profile

CVE-2025-46428

8.8

Dell Multiple Products November 12, 2025

Dell SmartFabric OS10 Software, versions prior to 10

CVSS Base 8.8

→

CRS Select profile

CVE-2025-59499

8.8

SQL Multiple Products November 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network

CVSS Base 8.8

→

CRS Select profile

CVE-2025-9408

8.1

System Multiple Products November 12, 2025

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes

CVSS Base 8.1

→

CRS Select profile

CVE-2025-60707

7.8

Use Multiple Products November 12, 2025

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-64293

7.6

Golemiq Multiple Products November 12, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection

CVSS Base 7.6

→

CRS Select profile

CVE-2025-9223

8.8

Applications Multiple Products November 12, 2025

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature

CVSS Base 8.8

→

CRS Select profile

CVE-2025-13014

8.8

Unknown Multiple Products November 12, 2025

Use-after-free in the Audio/Video component

CVSS Base 8.8

→

CRS Select profile

CVE-2025-13020

8.8

Unknown Multiple Products November 12, 2025

Use-after-free in the WebRTC: Audio/Video component

CVSS Base 8.8

→

CRS Select profile

CVE-2025-24299

8.8

Intel Multiple Products November 12, 2025

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-24838

8.8

Intel Multiple Products November 12, 2025

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-33000

8.8

Intel Multiple Products November 12, 2025

Improper input validation for some Intel QuickAssist Technology before version 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-33186

8.8

NVIDIA Multiple Products November 12, 2025

NVIDIA AIStore contains a vulnerability in AuthN

CVSS Base 8.8

→

CRS Select profile

CVE-2025-62222

8.8

Improper Multiple Products November 12, 2025

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network

CVSS Base 8.8

→

CRS Select profile

CVE-2024-32011

8.8

Spectrum Multiple Products November 12, 2025

A vulnerability has been identified in Spectrum Power 4 (All versions < V4

CVSS Base 8.8

→

CRS Select profile

CVE-2025-2843

8.8

flaw Multiple Products November 12, 2025

A flaw was found in the Observability Operator

CVSS Base 8.8

→

CRS Select profile

CVE-2025-62210

8.7

Improper Multiple Products November 12, 2025

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network

CVSS Base 8.7

→

CRS Select profile

CVE-2025-62211

8.7

Improper Multiple Products November 12, 2025

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network

CVSS Base 8.7

→

CRS Select profile

CVE-2025-64186

8.7

Evervault Multiple Products November 12, 2025

Evervault is a payment security solution

CVSS Base 8.7

→

CRS Select profile

CVE-2025-32091

8.2

Intel Multiple Products November 12, 2025

Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege

CVSS Base 8.2

→

CRS Select profile

CVE-2025-11959

8.1

Premierturk Multiple Products November 12, 2025

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc

CVSS Base 8.1

→

CRS Select profile

CVE-2025-13017

8.1

Unknown Multiple Products November 12, 2025

Same-origin policy bypass in the DOM: Notifications component

CVSS Base 8.1

→

CRS Select profile

CVE-2025-13018

8.1

Mitigation Multiple Products November 12, 2025

Mitigation bypass in the DOM: Security component

CVSS Base 8.1

→

CRS Select profile

CVE-2025-13019

8.1

Unknown Multiple Products November 12, 2025

Same-origin policy bypass in the DOM: Workers component

CVSS Base 8.1

→

CRS Select profile

CVE-2025-30398

8.1

Missing Multiple Products November 12, 2025

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network

CVSS Base 8.1

→

CRS Select profile

CVE-2025-30185

7.9

Intel Multiple Products November 12, 2025

Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege

CVSS Base 7.9

→

CRS Select profile

CVE-2025-20010

7.8

Intel Multiple Products November 12, 2025

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8

CVSS Base 7.8

→

CRS Select profile

CVE-2025-23357

7.8

NVIDIA Multiple Products November 12, 2025

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue

CVSS Base 7.8

→

CRS Select profile

CVE-2025-23361

7.8

NVIDIA Multiple Products November 12, 2025

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation

CVSS Base 7.8

→

CRS Select profile

CVE-2025-33178

7.8

NVIDIA Multiple Products November 12, 2025

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61814

7.8

Desktop Multiple Products November 12, 2025

InDesign Desktop versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61815

7.8

Desktop Multiple Products November 12, 2025

InDesign Desktop versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61816

7.8

InCopy Multiple Products November 12, 2025

InCopy versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61817

7.8

InCopy Multiple Products November 12, 2025

InCopy versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61818

7.8

InCopy Multiple Products November 12, 2025

InCopy versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61824

7.8

Desktop Multiple Products November 12, 2025

InDesign Desktop versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61832

7.8

Desktop Multiple Products November 12, 2025

InDesign Desktop versions 20

CVSS Base 7.8

→

CRS Select profile

CVE-2025-59512

7.8

Improper Multiple Products November 12, 2025

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61820

7.8

Illustrator Multiple Products November 12, 2025

Illustrator versions 28

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61831

7.8

Illustrator Multiple Products November 12, 2025

Illustrator versions 28

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61837

7.8

Plugins Multiple Products November 12, 2025

Format Plugins versions 1

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61838

7.8

Plugins Multiple Products November 12, 2025

Format Plugins versions 1

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61839

7.8

Plugins Multiple Products November 12, 2025

Format Plugins versions 1

CVSS Base 7.8

→

CRS Select profile

CVE-2024-32008

7.8

Spectrum Multiple Products November 12, 2025

A vulnerability has been identified in Spectrum Power 4 (All versions < V4

CVSS Base 7.8

→

CRS Select profile

CVE-2024-32009

7.8

Spectrum Multiple Products November 12, 2025

A vulnerability has been identified in Spectrum Power 4 (All versions < V4

CVSS Base 7.8

→

CRS Select profile

CVE-2024-32010

7.8

Spectrum Multiple Products November 12, 2025

A vulnerability has been identified in Spectrum Power 4 (All versions < V4

CVSS Base 7.8

→

CRS Select profile

CVE-2025-40763

7.8

Grid Multiple Products November 12, 2025

A vulnerability has been identified in Altair Grid Engine (All versions < V2026

CVSS Base 7.8

→

CRS Select profile

CVE-2025-40827

7.8

has Multiple Products November 12, 2025

A vulnerability has been identified in Siemens Software Center (All versions < V3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61833

7.8

Stager Multiple Products November 12, 2025

Substance3D - Stager versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61834

7.8

Stager Multiple Products November 12, 2025

Substance3D - Stager versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-61835

7.8

Stager Multiple Products November 12, 2025

Substance3D - Stager versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-64531

7.8

Stager Multiple Products November 12, 2025

Substance3D - Stager versions 3

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11795

7.8

through Multiple Products November 12, 2025

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2025-11797

7.8

through Multiple Products November 12, 2025

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability

CVSS Base 7.8

→

CRS Select profile

CVE-2024-57695

7.7

Security Multiple Products November 12, 2025

An issue in Agnitum Outpost Security Suite 7

CVSS Base 7.7

→

CRS Select profile

CVE-2025-40816

7.6

has Multiple Products November 12, 2025

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions)

CVSS Base 7.6

→

CRS Select profile

CVE-2025-42940

7.5

SAP Multiple Products November 12, 2025

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN

CVSS Base 7.5

→

CRS Select profile

Archived Security Snapshot

🎯 SSCV Profile

📊 Archived Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

🚨 Critical Vulnerabilities

⚠️ High Priority Updates

⭐ Starred CVEs

Archived Security Brief

CISA Known Exploited Vulnerabilities

Critical Vulnerabilities

High Priority Updates