Cyber Threat Digest – 2025-09-15

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
• CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
• CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
• CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-10400 — A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such mani… MEDIUM 5.3 — Details
• CVE-2025-10401 — A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument tar… MEDIUM 5.3 — Details
• CVE-2025-10402 — A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the … MEDIUM 6.9 — Details
• CVE-2025-6051 — A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `E… MEDIUM 5.3 — Details
• CVE-2025-10403 — A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the arg… MEDIUM 6.9 — Details
• CVE-2025-10404 — A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argumen… MEDIUM 6.9 — Details

---

📰 Security News

Top headlines from trusted sources.

• Microsoft fixes Windows 11 audio issues confirmed in December
  — Mon, 15 Sep 2025 13:48:05 GMT
• Microsoft says Windows September updates break SMBv1 shares
  — Mon, 15 Sep 2025 12:48:23 GMT
• FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data
  — Sun, 14 Sep 2025 21:56:40 GMT
• New VoidProxy phishing service targets Microsoft 365, Google accounts
  — Sun, 14 Sep 2025 14:23:32 GMT
• Microsoft reminds of Windows 10 support ending in 30 days
  — Sat, 13 Sep 2025 16:20:40 GMT
• 'WhiteCobra' floods VSCode market with crypto-stealing extensions
  — Sat, 13 Sep 2025 14:00:00 GMT