This week’s report seems at 12 IT and 6 ICS vulnerabilities at excessive danger of exploitation, affecting each shopper and enterprise environments.
Cyble Vulnerability Intelligence researchers tracked 591 vulnerabilities in the final week, and greater than 30 have already got a publicly obtainable Proof-of-Idea (PoC), considerably growing the chance of real-world assaults on these vulnerabilities.
A complete of 69 vulnerabilities had been rated as important beneath the CVSS v3.1 scoring system, whereas 26 acquired a important severity score based mostly on the newer CVSS v4.0 scoring system.
Right here are among the extra important IT and ICS vulnerabilities flagged by Cyble in latest reviews to purchasers.
The Week’s Prime IT Vulnerabilities
CVE-2025-60854 is a important command injection vulnerability discovered within the D-Hyperlink R15 (AX1500) router firmware 1.20.01 and beneath. The flaw has a severity rating of 9.8 and requires no authentication or person interplay to use, making it extremely harmful for affected programs.
CISA added 5 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog within the final week:
CVE-2025-55182 is a important pre-authentication distant code execution (RCE) vulnerability in React Server Parts variations 19.0.0, 19.1.0, 19.1.1, and 19.2.0, together with the next packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability has been reportedly focused by China-linked risk teams.
CVE-2021-26829 is a cross-site scripting (XSS) vulnerability affecting OpenPLC ScadaBR that was focused in latest assaults by the pro-Russian hacktivist group TwoNet on a honeypot simulating a water remedy facility, the place the risk actors used default credentials for preliminary entry, exploited the flaw to deface the HMI login web page, and disabled logs and alarms in a little greater than a day.
5 days after including CVE-2021-26829 to the KEV catalog, CISA added CVE-2021-26828, a high-severity Unrestricted Add of File with Harmful Kind vulnerability affecting OpenPLC ScadaBR via 0.9.1 on Linux and thru 1.12.4 on Home windows. The flaw might enable distant authenticated customers to add and execute arbitrary JSP information through view_edit.shtm.
CISA additionally added two Android vulnerabilities to the KEV catalog, each high-severity Android framework vulnerabilities. CVE-2025-48572 is a Privilege Escalation vulnerability, whereas CVE-2025-48633 is an Data Disclosure vulnerability. Neither vulnerability has been added to the Nationwide Vulnerability Database (NVD) but.
Notable vulnerabilities mentioned in open-source communities included:
CVE-2025-13223, a kind confusion vulnerability in Google Chrome‘s V8 JavaScript and WebAssembly engine, permitting distant attackers to use heap corruption through a crafted HTML web page, probably resulting in arbitrary code execution.
CVE-2025-11001, a listing traversal distant code execution vulnerability in 7-Zip, stemming from improper dealing with of symbolic hyperlinks in ZIP information, probably permitting attackers to flee extraction directories and execute arbitrary code within the context of a service account upon person interplay with crafted archives.
CVE-2025-58034, an OS command injection vulnerability in Fortinet FortiWeb net utility firewalls.
CVE-2025-41115, a important privilege escalation and person impersonation vulnerability in Grafana Enterprise’s SCIM provisioning function, which might enable attackers to create accounts impersonating privileged customers, modify dashboards, entry databases, alter alerts, and pivot to related programs.
CVE-2025-59366, a important authentication bypass vulnerability in ASUS AiCloud routers, probably permitting unauthorized execution of particular router capabilities through path traversal and OS command injection.
Vulnerabilities Underneath Dialogue on the Darkish Net
Cyble darkish net researchers noticed a number of risk actors (TA) on darkish net and cybercrime boards discussing numerous exploits and weaponizing a number of vulnerabilities, together with:
CVE-2025-60709: A Home windows Frequent Log File System (CLFS) Driver elevation of privilege vulnerability that might enable a certified attacker to raise privileges domestically via an out-of-bounds learn flaw. The particular flaw exists throughout the clfs.sys driver and outcomes from improper validation of user-supplied information, which may result in a learn previous the top of an allotted reminiscence area.
Native attackers can disclose delicate info on affected Microsoft Home windows installations and probably exploit this vulnerability along side different vulnerabilities to execute arbitrary code within the context of the kernel, leading to privilege escalation.
CVE-2025-5931: A high-severity privilege escalation vulnerability within the Dokan Professional WordPress plugin, which stems from improper person id validation in the course of the employees password reset process, permitting attackers with vendor-level entry to escalate their privileges to employees member degree after which change arbitrary person passwords, together with these of directors, probably resulting in a full account takeover.
CVE-2025-64446: A important unauthenticated path traversal vulnerability in Fortinet FortiWeb WAF that might enable full administrative compromise of affected home equipment through crafted HTTP(S) requests. The flaw is a relative path traversal (typically referred to as “path confusion”) subject within the FortiWeb GUI / administration API that might let an attacker attain an inner CGI handler and execute privileged operations with out legitimate credentials. In apply, this turns into an authentication bypass that permits distant admin‑degree management and, successfully, distant code execution on the WAF.
ICS Vulnerabilities
Along with the OpenPLC ScadaBR vulnerabilities famous by CISA, Cyble risk intelligence researchers flagged 4 further industrial management system (ICS) vulnerabilities in latest reviews to purchasers.
CVE-2024-3871 is a important Stack-Primarily based Buffer Overflow vulnerability affecting Emerson Appleton UPSMON-PRO, variations 2.6 and prior. Profitable exploitation of the vulnerability might enable distant attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO.
CVE-2025-13483 is a Lacking Authentication for Essential Operate vulnerability affecting SiRcom SMART Alert (SiSA), model 3.0.48. Profitable exploitation of the vulnerability might allow an attacker to remotely activate or manipulate emergency sirens.
CVE-2025-13658 is a Command Injection vulnerability affecting Longwatch variations 6.309 to six.334. Profitable exploitation might enable an unauthenticated attacker to achieve distant code execution with elevated privileges.
CVE-2025-13510 is a Lacking Authentication for Essential Operate vulnerability affecting Iskra iHUB and iHUB Lite, all variations. Profitable exploitation might enable a distant attacker to reconfigure gadgets, replace firmware, and manipulate related programs with none credentials.
Conclusion
The large vary of important and exploited vulnerabilities on this week’s report highlights the breadth of threats confronted by safety groups, who should reply with fast, well-targeted actions to efficiently defend IT and demanding infrastructure. A risk-based vulnerability administration program needs to be on the coronary heart of these defensive efforts.
Different cybersecurity finest practices that may assist guard in opposition to a variety of threats embody segmentation of important property; eradicating or defending web-facing property; Zero-Belief entry rules; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; community, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Cyble’s complete assault floor administration options might help by scanning community and cloud property for exposures and prioritizing fixes, along with monitoring for leaked credentials and different early warning indicators of main cyberattacks.
