Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Yesterday's disclosures included 2 critical-severity vulnerabilities, down 50% from the prior day's 4 critical issues. High-priority CVEs dropped 43% to 13 entries, while actively exploited vulnerabilities held steady at 11 KEV entries affecting products from D-Link, Microsoft, Apple, Google, and ASUS. Notable critical vulnerabilities include CVE-2025-54322 (CVSS 10.0) affecting Xspeeder SXZOS and CVE-2025-66203 (CVSS 9.9) in StreamVault video download integration. Current patch availability stands at 0%, indicating organizations should prioritize compensating controls until vendor updates become available.
Critical CVEs down 50% from prior day (2 vs 4)
High-priority CVEs decreased 43% (13 vs 23)
11 actively exploited vulnerabilities affecting D-Link routers, Microsoft Windows, Apple products, Google Chromium, and WinRAR
0% patch availability for disclosed vulnerabilities
Network infrastructure and consumer software heavily represented including ASUS Live Update and Gladinet CentreStack
Immediate action: Organizations using D-Link routers, Microsoft Windows, Apple products, Google Chromium, WinRAR, or Gladinet CentreStack should review exposure to actively exploited vulnerabilities. With no patches currently available, implement network segmentation and monitoring controls for affected systems.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2022-37055
9.5
D-LinkRouters
β° Federal Deadline:December 28, 2025(1 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-66644
9.5
Array Networks ArrayOS AG
β° Federal Deadline:December 28, 2025(1 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-6218
9.5
RARLABWinRAR
β° Federal Deadline:December 29, 2025(2 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-62221
9.5π
MicrosoftWindows
β° Federal Deadline:December 29, 2025(2 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-58360
9.5
OSGeoGeoServer
β° Federal Deadline:December 31, 2025(4 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
β° Federal Deadline:January 1, 2026(5 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-14174
9.5π
GoogleChromium
β° Federal Deadline:January 1, 2026(5 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
β° Federal Deadline:January 4, 2026(8 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-43529
9.5π
AppleMultiple Products
β° Federal Deadline:January 4, 2026(8 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-59374
9.5
ASUSLive Update
β° Federal Deadline:January 6, 2026(10 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2023-52163
9.5
DigieverDS-2105 Pro
β° Federal Deadline:January 11, 2026(15 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-66203
9.9π
StreamVault is a video download integrationMultiple Products
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without sufficient validation. These arguments are stored globally and subsequently used in YtDlpUtil.java when constructing the command line to execute yt-dlp. This issue has been patched in version 251126.
CVSS Base9.9
β
CRSSelect profile
CVE-2025-54322
10π
Xspeeder SXZOS throughMultiple Products
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
CVSS Base10
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-57403
7.5π
ColaMultiple Products
Cola Dnslog v1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66738
8.8π
issueMultiple Products
An issue in Yealink T21P_E2 Phone 52
CVSS Base8.8
β
CRSSelect profile
CVE-2025-67729
8.8π
LMDeployMultiple Products
LMDeploy is a toolkit for compressing, deploying, and serving LLMs
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12771
7.8π
IBMMultiple Products
IBM Concert 1
CVSS Base7.8
β
CRSSelect profile
CVE-2025-64645
7.7π
IBMMultiple Products
IBM Concert 1
CVSS Base7.7
β
CRSSelect profile
CVE-2025-25341
7.5π
theMultiple Products
A vulnerability exists in the libxmljs 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-67014
7.5π
GmbHMultiple Products
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H
CVSS Base7.5
β
CRSSelect profile
CVE-2025-67015
7.5π
IncorrectMultiple Products
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2
CVSS Base7.5
β
CRSSelect profile
CVE-2025-59946
7.5π
NanoMQMultiple Products
NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform
CVSS Base7.5
β
CRSSelect profile
CVE-2025-61914
7.3π
UnknownMultiple Products
n8n is an open source workflow automation platform
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15109
7.3π
flawMultiple Products
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15127
7.3π
securityMultiple Products
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0
CVSS Base7.3
β
CRSSelect profile
CVE-2025-68697
7.1π
UnknownMultiple Products
n8n is an open source workflow automation platform