Cyber Threat Digest – 2025-09-27

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-20362 — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details
• CVE-2025-20333 — Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details
• CVE-2025-10585 — Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 (Added: 2025-09-23) — Details
• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-11015 — A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipu… MEDIUM 4.8 — Details
• CVE-2025-11016 — A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such… MEDIUM 5.3 — Details
• CVE-2025-11017 — A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Perform… MEDIUM 4.8 — Details
• CVE-2025-11018 — A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;u… MEDIUM 5.5 — Details
• CVE-2025-11019 — A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attac… MEDIUM 4.8 — Details
• CVE-2025-11026 — A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulat… MEDIUM 5.1 — Details

---

📰 Security News

Top headlines from trusted sources.

• Microsoft's new AI feature will organize your photos automatically
  — Fri, 26 Sep 2025 19:41:18 GMT
• US investors to take over TikTok operations in the country
  — Fri, 26 Sep 2025 17:01:38 GMT
• Microsoft shares temp fix for Outlook encrypted email errors
  — Fri, 26 Sep 2025 16:43:48 GMT
• Microsoft Edge to block malicious sideloaded extensions
  — Fri, 26 Sep 2025 15:39:15 GMT
• The hidden cyber risks of deploying generative AI
  — Fri, 26 Sep 2025 14:01:11 GMT
• Maximum severity GoAnywhere MFT flaw exploited as zero day
  — Fri, 26 Sep 2025 13:50:42 GMT