Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Friday's disclosure activity includes 6 critical vulnerabilities (CVSS 9.8) affecting WordPress plugins and 25 high-priority CVEs. Six actively exploited CISA KEV vulnerabilities require continued remediation across Samsung Mobile, Gladinet Triofox, Microsoft Windows, WatchGuard Firebox, Google Chromium, and Oracle Fusion Middleware systems. Fifteen CVEs have been enhanced with Gemini AI analysis, providing detailed technical context for affected organizations.
Six critical CVEs disclosed (CVSS 9.8), primarily affecting WordPress themes and plugins with privilege escalation vulnerabilities
Twenty-five high-priority vulnerabilities (CVSS 7.0-8.9) spanning enterprise infrastructure and web applications
Six CISA KEV vulnerabilities unchanged from previous day, requiring federal compliance remediation
Fifteen CVEs enhanced with Gemini AI analyst comments (6 critical + 9 high-priority), indicated by analysis badge
Immediate action: Security teams should assess organizational exposure to the 6 critical vulnerabilities disclosed today, particularly those running affected WordPress themes and plugins. Priority should be given to CVEs with Gemini AI analysis (indicated by analysis badge) which provide detailed technical context and remediation guidance. Organizations should address the 6 CISA KEV vulnerabilities to meet federal compliance requirements. For systems lacking vendor patches, consider implementing compensating controls such as network segmentation, Web Application Firewall rules, enhanced logging, and access restrictions. Detailed analyst comments are available for 15 CVEs to support remediation planning.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-21042
9.5
SamsungMobile Devices
β° Federal Deadline:November 30, 2025(3 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-12480
9.5π
GladinetTriofox
β° Federal Deadline:December 2, 2025(5 days remaining)
Gladinet Triofox Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-62215
9.5
MicrosoftWindows
β° Federal Deadline:December 2, 2025(5 days remaining)
Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-9242
9.5
WatchGuardFirebox
β° Federal Deadline:December 2, 2025(5 days remaining)
WatchGuard Firebox Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-13223
9.5π
GoogleChromium V8
β° Federal Deadline:December 9, 2025(12 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-61757
9.5π
OracleFusion Middleware
β° Federal Deadline:December 11, 2025(14 days remaining)
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-13675
9.8π
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions upMultiple Products
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-13540
9.8π
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions upMultiple Products
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-13538
9.8π
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions upMultiple Products
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if the FindAll Membership plugin is also activated, because user registration is in that plugin.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-13539
9.8π
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions upMultiple Products
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_membership_check_facebook_user' and the 'findall_membership_check_google_user' functions. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12421
9.9π
Mattermost versionsMultiple Products
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
CVSS Base9.9
β
CRSSelect profile
CVE-2025-12419
9.9π
Mattermost versionsMultiple Products
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
CVSS Base9.9
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-7820
7.5π
WordPressMultiple Products
The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13680
8.8π
WordPressMultiple Products
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13692
7.2π
WordPressMultiple Products
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2
CVSS Base7.2
β
CRSSelect profile
CVE-2025-13536
8.8π
WordPressMultiple Products
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12061
8.6π
WordPressMultiple Products
The TAX SERVICE Electronic HDM WordPress plugin before 1
CVSS Base8.6
β
CRSSelect profile
CVE-2025-66314
7.5π
ZTE ElasticNet UMEMultiple Products
Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13084
7.6π
usersMultiple Products
The users endpoint in the groov View API returns a list of all users and
associated metadata including their API keys
CVSS Base7.6
β
CRSSelect profile
CVE-2025-64129
7.6π
ZenitelMultiple Products
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write
vulnerability, which could allow a remote attacker to crash the device
CVSS Base7.6
β
CRSSelect profile
CVE-2025-13601
7.7π
AMultiple Products
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function
CVSS Base7.7
β
CRSSelect profile
CVE-2025-66359
8.5π
LogpointMultiple Products
An issue was discovered in Logpoint before 7
CVSS Base8.5
β
CRSSelect profile
CVE-2025-64983
8π
priorMultiple Products
Smart Video Doorbell firmware versions prior to 2
CVSS Base8
β
CRSSelect profile
CVE-2025-9557
7.6π
UnknownMultiple Products
βAn out-of-bound write can lead to an arbitrary code execution
CVSS Base7.6
β
CRSSelect profile
CVE-2025-9558
7.6π
There is aMultiple Products
There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv
CVSS Base7.6
β
CRSSelect profile
CVE-2025-66020
7.5π
ValibotMultiple Products
Valibot helps validate data using a schema
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12571
7.5π
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64330
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64331
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64332
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64333
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64334
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64335
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-64344
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12758
7.5
validatorMultiple Products
Versions of the package validator before 13
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13735
7.4
UnknownMultiple Products
Out-of-bounds Read vulnerability in ASR1903γASR3901 in ASR Lapwing_Linux on Linux (nr_fw modules)
CVSS Base7.4
β
CRSSelect profile
CVE-2025-59890
7.3
ImproperMultiple Products
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access toΒ execute unauthorized code or commands