Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Archived Security Brief
Monday's security landscape shows lower disclosure activity following the weekend, with no newly disclosed critical CVEs (CVSS 9.0+) and 15 high-priority vulnerabilities identified. The week begins with three D-Link router command injection vulnerabilities (CVE-2025-13189, CVE-2025-13190, CVE-2025-13191) allowing unauthenticated remote code execution, each rated CVSS 8.8. Patch availability remains at 0% for new disclosures, requiring organizations to implement compensating controls while awaiting vendor updates. Eleven actively exploited CISA KEV vulnerabilities continue to require priority remediation, with two Dassault Systèmes DELMIA Apriso vulnerabilities reaching their remediation timeline. The decrease in critical CVEs represents a 100% reduction from Sunday's four disclosures, while high-priority issues dropped 42% from 26 to 15 vulnerabilities.
Critical CVEs: Zero new critical vulnerabilities disclosed, down 100% from yesterday's 4
High-priority vulnerabilities: 15 issues requiring attention, down 42% from yesterday's 26
Patch availability: 0% of new vulnerabilities have vendor patches currently available
D-Link routers: Three unauthenticated remote code execution vulnerabilities (CVSS 8.8) in DIR-816L firmware
Week start: Lower vulnerability disclosure activity following weekend period
Immediate action: Immediate action: Apply vendor patches for three D-Link DIR-816L router vulnerabilities (CVE-2025-13189, CVE-2025-13190, CVE-2025-13191) allowing unauthenticated remote code execution. Restrict administrative interface access to trusted networks and implement firewall rules blocking external management port access for unpatched devices. Priority patching recommended for 11 actively exploited CISA KEV vulnerabilities, particularly two Dassault Systèmes DELMIA Apriso vulnerabilities (CVE-2025-6204, CVE-2025-6205) approaching remediation timelines. Organizations should monitor for WordPress plugin vulnerabilities (CVE-2025-12482) and legacy system disclosures while awaiting patch releases.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2025-6204
9.5
Dassault SystèmesDELMIA Apriso
⏰ Federal Deadline:November 17, 2025(1 days remaining)
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-6205
9.5📝
Dassault SystèmesDELMIA Apriso
⏰ Federal Deadline:November 17, 2025(1 days remaining)
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-41244
9.5📝
BroadcomVMware Aria Operations and VMware Tools
⏰ Federal Deadline:November 19, 2025(3 days remaining)
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-24893
9.5
XWikiPlatform
⏰ Federal Deadline:November 19, 2025(3 days remaining)
XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-64446
9.5
FortinetFortiWeb
⏰ Federal Deadline:November 20, 2025(4 days remaining)
Fortinet FortiWeb Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-48703
9.5📝
CWPControl Web Panel
⏰ Federal Deadline:November 24, 2025(8 days remaining)
CWP Control Web Panel OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-11371
9.5
GladinetCentreStack and Triofox
⏰ Federal Deadline:November 24, 2025(8 days remaining)
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-21042
9.5
SamsungMobile Devices
⏰ Federal Deadline:November 30, 2025(14 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-12480
9.5📝
GladinetTriofox
⏰ Federal Deadline:December 2, 2025(16 days remaining)
Gladinet Triofox Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-62215
9.5
MicrosoftWindows
⏰ Federal Deadline:December 2, 2025(16 days remaining)
Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-9242
9.5
WatchGuardFirebox
⏰ Federal Deadline:December 2, 2025(16 days remaining)
WatchGuard Firebox Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2025-12482
7.5📝
WordPressMultiple Products
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-13247
7.3📝
ManagementMultiple Products
A security flaw has been discovered in PHPGurukul Tourism Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13189
8.8📝
D-LinkMultiple Products
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13190
8.8📝
D-LinkMultiple Products
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13191
8.8📝
D-LinkMultiple Products
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13201
7.3📝
OrderingMultiple Products
A vulnerability was identified in code-projects Simple Cafe Ordering System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13203
7.3📝
OrderingMultiple Products
A weakness has been identified in code-projects Simple Cafe Ordering System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13233
7.3📝
ManagementMultiple Products
A vulnerability has been found in itsourcecode Inventory Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13235
7.3📝
ManagementMultiple Products
A vulnerability was determined in itsourcecode Inventory Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13237
7.3📝
ManagementMultiple Products
A security flaw has been discovered in itsourcecode Inventory Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13240
7.3📝
InformationMultiple Products
A vulnerability was detected in code-projects Student Information System 2
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13241
7.3📝
InformationMultiple Products
A flaw has been found in code-projects Student Information System 2
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13242
7.3📝
InformationMultiple Products
A vulnerability has been found in code-projects Student Information System 2
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13248
7.3📝
ManagementMultiple Products
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13252
7.3📝
wasMultiple Products
A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a