Cyber Threat Digest – 2025-09-18

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
• CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
• CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
• CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-10593 — A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipula… MEDIUM 5.3 — Details
• CVE-2025-10594 — A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php.… MEDIUM 5.3 — Details
• CVE-2025-50709 — An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter MEDIUM 4.3 — Details
• CVE-2025-55904 — Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP … MEDIUM 4.0 — Details
• CVE-2025-59474 — Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission,… — Details
• CVE-2025-59475 — Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read per… — Details

---

📰 Security News

Top headlines from trusted sources.

• Notepad gets free AI features on Copilot+ PCs with Windows 11
  — Thu, 18 Sep 2025 13:50:04 GMT
• PyPI invalidates tokens stolen in GhostAction supply chain attack
  — Thu, 18 Sep 2025 13:09:09 GMT
• WatchGuard warns of critical vulnerability in Firebox firewalls
  — Thu, 18 Sep 2025 08:23:28 GMT
• Google patches sixth Chrome zero-day exploited in attacks this year
  — Thu, 18 Sep 2025 07:23:14 GMT
• ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
  — Wed, 17 Sep 2025 21:11:06 GMT
• VC giant Insight Partners warns thousands after ransomware breach
  — Wed, 17 Sep 2025 17:50:52 GMT