New vulnerabilities have grown at twice their long-term fee in current weeks, growing stress on safety groups to patch shortly.
Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the final week, the third straight week that new vulnerabilities have been rising at twice their long-term fee.
Over 282 of the disclosed vulnerabilities have already got a publicly accessible Proof-of-Idea (PoC), considerably growing the probability of real-world assaults on these vulnerabilities.
A complete of 207 vulnerabilities have been rated as essential below the CVSS v3.1 scoring system, whereas 51 obtained a essential severity score primarily based on the newer CVSS v4.0 scoring system.
Listed here are a few of the high IT and ICS vulnerabilities flagged by Cyble menace intelligence researchers in current stories to purchasers.
The Week’s High IT Vulnerabilities
CVE-2025-66516 is a most severity XML Exterior Entity (XXE) injection vulnerability in Apache Tika’s core, PDF and parsers modules. Attackers may embed malicious XFA information in PDFs to set off XXE, doubtlessly permitting for the disclosure of delicate information, SSRF, or DoS with out authentication.
CVE-2025-15047 is a essential stack-based buffer overflow vulnerability in Tenda WH450 router firmware model V1.0.0.18. Attackers may doubtlessly provoke it remotely over the community with low complexity, and a public exploit exists, growing the danger of widespread abuse.
Among the many vulnerabilities added to CISA’s Identified Exploited Vulnerabilities (KEV) catalog have been:
- CVE-2025-14733, an out-of-bounds write vulnerability in WatchGuard Fireware OS that may allow distant unauthenticated attackers to execute arbitrary code.
- CVE-2025-40602, an area privilege escalation vulnerability attributable to inadequate authorization within the Equipment Administration Console (AMC) of SonicWall SMA 1000 home equipment.
- CVE-2025-20393, a essential distant code execution (RCE) vulnerability in Cisco AsyncOS Software program affecting Cisco Safe Electronic mail Gateway and Cisco Safe Electronic mail and Net Supervisor home equipment. The flaw has reportedly been actively exploited since late November by a China-linked APT group, which has deployed backdoors similar to AquaShell, tunneling instruments, and log cleaners to attain persistence and distant entry.
- CVE-2025-14847, a high-severity MongoDB vulnerability that’s been dubbed “MongoBleed” and reported to be below lively exploitation. The Improper Dealing with of Size Parameter Inconsistency vulnerability may doubtlessly enable uninitialized heap reminiscence to be learn by an unauthenticated shopper, doubtlessly exposing knowledge, credentials and session tokens.
Vulnerabilities Beneath Dialogue on the Darkish Net
Cyble darkish internet researchers noticed various menace actors sharing exploits and discussing weaponizing vulnerabilities on underground and cybercrime boards. Among the many vulnerabilities below dialogue have been:
CVE-2025-56157, a essential default credentials vulnerability affecting Dify variations via 1.5.1, the place PostgreSQL credentials are saved in plaintext throughout the docker-compose.yaml file. Attackers who entry deployment information or supply code repositories may extract these default credentials, doubtlessly gaining unauthorized entry to databases. Profitable exploitation may allow distant code execution, privilege escalation, and full knowledge compromise.
CVE-2025-37164, a essential code injection vulnerability in HPE OneView. The unauthenticated distant code execution flaw impacts HPE OneView variations 10.20 and prior attributable to improper management of code technology. The vulnerability exists within the /relaxation/id-pools/executeCommand REST API endpoint, which is accessible with out authentication, doubtlessly permitting distant attackers to execute arbitrary code and achieve centralized management over the enterprise infrastructure.
CVE-2025-14558, a essential severity distant code execution vulnerability in FreeBSD’s rtsol(8) and rtsold(8) packages that is nonetheless awaiting NVD and CVE publication. The flaw happens as a result of these packages fail to validate area search listing choices in IPv6 router commercial messages, doubtlessly permitting shell instructions to be executed attributable to improper enter validation in resolvconf(8). Attackers on the identical community phase may doubtlessly exploit this vulnerability for distant code execution; nevertheless, the assault doesn’t cross community boundaries, as router commercial messages will not be routable.
CVE-2025-38352, a high-severity race situation vulnerability within the Linux kernel. This Time-of-Verify Time-of-Use (TOCTOU) race situation within the posix-cpu-timers subsystem may enable native attackers to escalate privileges. The flaw happens when concurrent timer deletion and process reaping operations create a race situation that fails to detect timer firing states.
ICS Vulnerabilities
Cyble menace researchers additionally flagged two industrial management system (ICS) vulnerabilities as meriting high-priority consideration by safety groups. They embrace:
CVE-2025-30023, a essential Deserialization of Untrusted Knowledge vulnerability in Axis Communications Digicam Station Professional, Digicam Station, and System Supervisor. Profitable exploitation may enable an attacker to execute arbitrary code, conduct a man-in-the-middle-style assault, or bypass authentication.
Schneider Electrical EcoStruxure Foxboro DCS Advisor is affected by CVE-2025-59827, a Deserialization of Untrusted Knowledge vulnerability in Microsoft Home windows Server Replace Service (WSUS). Profitable exploitation may enable for distant code execution, doubtlessly leading to unauthorized events buying system-level privileges.
Conclusion
The persistently excessive variety of new vulnerabilities noticed in current weeks is a worrisome new development as we head into 2026. Greater than ever, safety groups should reply with fast, well-targeted actions to patch probably the most essential vulnerabilities and efficiently defend IT and demanding infrastructure. A risk-based vulnerability administration program must be on the coronary heart of these defensive efforts.
Different cybersecurity finest practices that may assist guard in opposition to a variety of threats embrace segmentation of essential belongings; eradicating or defending web-facing belongings; Zero-Belief entry ideas; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; community, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Cyble’s complete assault floor administration options may help by scanning community and cloud belongings for exposures and prioritizing fixes, along with monitoring for leaked credentials and different early warning indicators of main cyberattacks.
