Vulnerabilities from Microsoft, Adobe and Fortinet are amongst these getting consideration throughout a report week for brand spanking new flaws.
Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities within the final week, a vital improve over even final week’s very excessive quantity of recent vulnerabilities. The rise indicators a heightened danger panorama and increasing assault floor within the present risk surroundings.
Over 300 of the disclosed vulnerabilities have already got a publicly accessible Proof-of-Idea (PoC), considerably growing the probability of real-world assaults.
A complete of 219 vulnerabilities had been rated as vital underneath the CVSS v3.1 scoring system, whereas 47 obtained a vital severity score primarily based on the newer CVSS v4.0 scoring system.
Even after factoring out a excessive variety of Linux kernel and Adobe vulnerabilities (chart under), new vulnerabilities reported within the final week had been nonetheless very excessive.
What follows are a few of the IT and ICS vulnerabilities flagged by Cyble risk intelligence researchers in current experiences to purchasers spanning December 9-16.
The Week’s Prime IT Vulnerabilities
CVE-2025-59385 is a high-severity authentication bypass vulnerability affecting a number of variations of QNAP working methods, together with QTS and QuTS hero. Mounted variations embody QTS 5.2.7.3297 construct 20251024 and later, QuTS hero h5.2.7.3297 construct 20251024 and later, and QuTS hero h5.3.1.3292 construct 20251024 and later.
CVE-2025-66430 is a vital vulnerability in Plesk 18.0, particularly affecting the Password-Protected Directories function. It stems from improper entry management, doubtlessly permitting attackers to bypass safety mechanisms and escalate privileges to root-level entry on affected Plesk for Linux servers.
CVE-2025-64537 is a vital DOM-based Cross-Website Scripting (XSS) vulnerability affecting Adobe Expertise Supervisor. The vulnerability may enable attackers to inject malicious scripts into net pages, that are then executed within the context of a sufferer’s browser, doubtlessly resulting in session hijacking, knowledge theft, or additional exploitation.
CVE-2025-43529 is a vital use-after-free vulnerability in Apple’s WebKit browser engine, which is utilized in Safari and different Apple purposes. The flaw may enable attackers to execute arbitrary code on affected gadgets by tricking customers into processing maliciously crafted net content material, doubtlessly resulting in full machine compromise. CISA has added the vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog.
CVE-2025-59718 is a vital authentication bypass vulnerability affecting a number of variations of Fortinet merchandise, together with FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. The flaw may enable unauthenticated attackers to bypass FortiCloud Single Signal-On (SSO) login authentication by sending a specifically crafted SAML message. The vulnerability has been added to CISA’s KEV catalog.
Notable vulnerabilities mentioned in open-source communities included CVE-2025-55182, a vital unauthenticated distant code execution (RCE) vulnerability affecting React Server Parts; CVE-2025-14174, a vital reminiscence corruption vulnerability affecting Apple’s WebKit browser engine; and CVE-2025-62221, a high-severity use-after-free elevation of privilege vulnerability within the Home windows Cloud Information Mini Filter Driver.
Vulnerabilities Mentioned on the Darkish Net
Cyble Analysis and Intelligence Labs (CRIL) researchers additionally noticed a number of risk actors discussing weaponizing vulnerabilities on darkish net boards. Among the many vulnerabilities underneath dialogue had been:
CVE-2025-55315, a vital severity vulnerability categorised as HTTP request/response smuggling because of inconsistent interpretation of HTTP requests in ASP.NET Core, notably within the Kestrel server part. The flaw arises from how chunk extensions in Switch-Encoding: chunked requests with invalid line endings are dealt with in another way by ASP.NET Core in comparison with upstream proxies, enabling attackers to smuggle malicious requests. A certified attacker can exploit this vulnerability over a community to bypass safety controls, resulting in impacts resembling privilege escalation, SSRF, CSRF bypass, session hijacking, or code execution, relying on the applying logic.
CVE-2025-59287 is a critical-severity distant code execution (RCE) vulnerability stemming from improper deserialization of untrusted knowledge in Microsoft Home windows Server Replace Companies (WSUS). The core flaw happens within the ClientWebService part, the place a specifically crafted SOAP request to endpoints like SyncUpdates triggers decryption and unsafe deserialization of an AuthorizationCookie object utilizing .NET’s BinaryFormatter, permitting arbitrary code execution with SYSTEM privileges. Unauthenticated distant attackers can exploit this over WSUS ports (e.g., 8530/8531) to deploy webshells or obtain persistence, with real-world exploitation already noticed.
CVE-2025-59719, a vital severity vulnerability because of improper cryptographic signature verification, allowing authentication bypass in Fortinet FortiWeb by FortiCloud SSO. Attackers can submit crafted SAML response messages to evade login checks with out correct authentication. This unauthenticated flaw has a excessive influence and has been actively exploited post-disclosure.
ICS Vulnerabilities
Cyble additionally flagged two industrial management system (ICS) vulnerabilities as meriting high-priority consideration by safety groups. They embody:
CVE-2024-3596: a number of variations of Hitachi Power AFS, AFR, and AFF Collection merchandise are affected by a RADIUS Protocol vulnerability, Improper Enforcement of Message Integrity Throughout Transmission in a Communication Channel. Profitable exploitation of the vulnerability may compromise the integrity of the product knowledge and disrupt its availability.
CVE-2025-13970: OpenPLC_V3 variations prior to drag request #310 are susceptible to this Cross-Website Request Forgery (CSRF) flaw. Profitable exploitation of the vulnerability may outcome within the alteration of PLC settings or the add of malicious packages.
Conclusion
The report variety of new vulnerabilities noticed by Cyble within the final week underscores the want for safety groups to reply with fast, well-targeted actions to patch essentially the most vital vulnerabilities and efficiently defend IT and demanding infrastructure. A risk-based vulnerability administration program ought to be on the coronary heart of these defensive efforts.
Different cybersecurity greatest practices that may assist guard towards a variety of threats embody segmentation of vital belongings; eradicating or defending web-facing belongings; Zero-Belief entry ideas; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; community, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Cyble’s complete assault floor administration options may also help by scanning community and cloud belongings for exposures and prioritizing fixes, along with monitoring for leaked credentials and different early warning indicators of main cyberattacks.
