Cyber Threat Digest – 2025-09-20

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
• CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
• CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
• CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-10712 — A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation… MEDIUM 6.9 — Details
• CVE-2025-10715 — A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the comp… MEDIUM 4.8 — Details
• CVE-2025-46703 — Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 t… MEDIUM 5.9 — Details
• CVE-2025-48007 — Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: fr… MEDIUM 5.9 — Details
• CVE-2025-57880 — Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice… MEDIUM 5.9 — Details
• CVE-2025-58114 — Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 th… MEDIUM 5.9 — Details

---

📰 Security News

Top headlines from trusted sources.

• Microsoft starts rolling out Gaming Copilot on Windows 11 PCs
  — Fri, 19 Sep 2025 18:46:22 GMT
• FBI warns of cybercriminals using fake FBI crime reporting portals
  — Fri, 19 Sep 2025 16:43:29 GMT
• CISA exposes malware kits deployed in Ivanti EPMM attacks
  — Fri, 19 Sep 2025 15:46:44 GMT
• Fortra warns of max severity flaw in GoAnywhere MFT's License Servlet
  — Fri, 19 Sep 2025 14:20:52 GMT
• Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses
  — Fri, 19 Sep 2025 14:01:11 GMT
• Steam will stop running on Windows 32-bit in January 2026
  — Fri, 19 Sep 2025 12:14:41 GMT