CVE Brief Security Intelligence

Monday's vulnerability landscape demonstrates continued low critical disclosure activity with 0 new critical vulnerabilities for the third consecutive day, while high-priority CVEs declined 9.5% from 21 to 19. Nine actively exploited CISA KEV vulnerabilities remain unchanged from yesterday, with three urgent federal deadlines approaching on November 24-25 requiring immediate Monday remediation. The disclosure environment features a significant cluster of eight D-Link router command injection vulnerabilities (CVE-2025-13547 through 13553, all CVSS 8.8) affecting DIR-822K, DWR-M920, and DIR-852 models. Patch availability declined to 0% from yesterday's 22%, requiring compensating controls for the full set of newly disclosed vulnerabilities as organizations return from weekend operations.

• Critical CVE count remained at 0 for third consecutive day, maintaining minimal maximum severity disclosure activity since Saturday
• High-priority vulnerabilities decreased 9.5% from 21 to 19 CVEs, indicating moderated Monday vendor publishing activity
• Eight D-Link router command injection vulnerabilities (CVSS 8.8) create concentrated remediation requirement for DIR-822K, DWR-M920, and DIR-852 models
• Nine actively exploited CISA KEV vulnerabilities unchanged from Sunday, with three urgent federal deadlines (November 24-25) requiring immediate Monday action
• Patch availability declined to 0% from yesterday's 22%, requiring compensating controls across all 19 newly disclosed high-priority vulnerabilities
• Two AMD StoreMI privilege escalation vulnerabilities (CVE-2024-21922 and CVE-2024-21923, CVSS 7.3) enable local attackers to gain system-level access through DLL hijacking and incorrect permissions

Immediate action: MONDAY PRIORITY: Security teams must immediately address the three CISA KEV vulnerabilities with federal deadlines on November 24-25: CVE-2025-58034 (Fortinet FortiWeb OS command injection), CVE-2025-48703 (CWP Control Web Panel command injection), and CVE-2025-11371 (Gladinet CentreStack/Triofox file access). The cluster of eight D-Link router command injection vulnerabilities (CVE-2025-13547 through 13553) requires urgent assessment of DIR-822K, DWR-M920, and DIR-852 deployments, with immediate application of vendor patches where available and restriction of remote management interfaces where patching is delayed. With 0% patch availability across newly disclosed vulnerabilities, organizations must deploy compensating controls including Web Application Firewalls for the two WordPress IDOR vulnerabilities (CVE-2025-13384 and CVE-2025-13526), restrict administrative access for the Campcodes management system SQL injection flaws (CVE-2025-13554 through 13557), and implement application whitelisting to mitigate the two AMD StoreMI privilege escalation vulnerabilities (CVE-2024-21922 and CVE-2024-21923). Organizations should prioritize the D-Link router cluster remediation given the eight related vulnerabilities enabling unauthenticated remote code execution on network perimeter devices, while continuing systematic addressing of the remaining six actively exploited KEV vulnerabilities with extended federal deadlines through December 11.