What is your risk of CVE-2025-0108 authentication bypass vulnerability in PAN-OS software management web interface? Here is what vFeed sees. CVSS4 8.8, Low attack complexity, EPSS 99.8% percentile

vFeed Newsletter July 2025. We present interesting vulnerability trends during the month, critical vulnerabilities to pay attention to, and exploitable vulnerabilities to remediate. Read the full newsletter here: #cybersecurity #vulnerability.

See Rapid7 print hacks. See Rapid7 Brother vulnerabilities.

See advisory for more info:

CVE-2024-51977. Multiple Brother devices authentication bypass via default administrator password generation. Unauthenticated that can access HTTP/HTTPS/IPP leak sensitive info, including device model, firmware, IP address, and serial. Patch them ASAP.

vFeed Newsletter June 2025. We present critical vulnerability and exploitability trends during in this month. Read the full newsletter here: #cybersecurity #vulnerability.

Did you know recent Envoy vulnerabilities reveal serious risks: command injection via admin (CVE-2025-24030, EPSS 39.6%), log poison (CVE-2025-25294, EPSS 32.1%), bypass 2FA (CVE-2025-30236, EPSS 24.5%). Patch them now — EPSS scores show real-world exploit potential. #envoyproxy.

CVE-2025-26613, EPSS 50.5%, WeGIA REC gerenciar_backup.php endpoint, CVSS4 10, complexity low.

Of the CVSS4 scores recorded, vFeed found about 71 critical CVEs in 2025, of which 20 had a CVSS4 10 base score. Of those 71, we have 21 (~30%) are PHP, of which 13 (~62%) are SQL Injection attacks, and ~20% of which have an exploit percentile > 50%. See the power of vFeed intel?

vFeed Integrates Next-Generation CVSS 4.0 Risk Scoring. Exciting news for threat intelligence users! vFeed is thrilled to announce the integration of CVSS version 4.0 (CVSS4) risk scoring metrics into our threat intel feed. For more details, see.

CVE-2025-24201.Apple iOS < 17.2.Zero-day in Apple WebKit iOS, Safari. Maliciously crafted web content may be able to break out of Web Content sandbox. Fixed in iOS 18.3.2, iPadOS 18.3.2, Sequoia 15.3.2, Safari 18.3.1 .CVSS3 8.8, Impact 5.9, EPSS 30.24%.

CVE-2025-24983.Microsoft Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally, Affected Windows 10/2000/2008/2012.CVSS3 7.0, Impact 5.9, Local, EPSS 34.56%.

CVE-2024-12799.Insufficiently Protected Credentials in OpenText Identity Manager (IDM) allows Privilege Abuse via crafted payloads. Windows/Linux 64-bit, 4.8.0.0 to 4.8.7.0102, 4.9.0.0.CVSS4 10.0, High CIA Impact, Fully automatable, High exploitability.

CVE-2025-0912.Donations Widget plugin for WordPress vulnerable to PHP Object Injection, allowing unauthenticated attackers to inject a PHP object, could allows attackers RCE, versions <= 3.19.4.CVSS3 9.8, Impact 5.9, EPSS 43.11%.

CVE-2025-22867.On Darwin, building a Go module with CGO can trigger arbitrary code execution when using Apple version of ld, due to usage of special values in a cgo LDFLAGS . Affected go1.24rc2.Base 7.5, Impact 3.6, Explot 3.9, EPSS % 0.18.

WordPress plugin critical CVEs with high EPSS percentile of 42% in March. SetSail (CVE-2025-1564).Alloggio (CVE-2025-1638).Academist (CVE-2025-1671). Could lead to unauthorized access, privilege escalation, or data exposure #vulnerability #wordpress.

vFeed Newsletter February 2025. We analyze vulnerability trends, feature monthly Curiosity questionnaire, EPSS Tracker, K8s vulnerabilities, MITRE CALDERA, AI impact on cyber, threat tools. Read the full newsletter here: #cybersecurity #vulnerability #ai.

CVE-2025-26465.OpenSSH VerifyHostKeyDNS option causes MiTM by malicious user impersonating. Occurs due to how error code mishandling in specific conditions when verifying host key.CVSS3 6.8, Impact 5.2, Network, CWE-390, EPSS percentile 0.11721.

CVE-2025-0108.Authn bypass in PAN-OS enables an unauthenticated attacker to use web interface to bypass the authentication. CVSS3 base 8.8, Impact 5.2, Network vector, CWE-306.

CVE-2025-24016.Wazuh OSS threat detection and prevention servers. Unsafe deserialization vulnerability allows for remote code execution, triggered with API access, versions 4.4.0 .CVSS3 base 9.9, Impact 6.0, Network vector, CWE-502.