Security Vulnerabilities - Known exploited
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Known exploited
CVSS Score
9.3
EPSS Score
0.211
Published
2025-06-30
CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Known exploited
CVSS Score
10.0
EPSS Score
0.132
Published
2025-06-25
CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
9.8
EPSS Score
0.036
Published
2025-06-25
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
7.5
EPSS Score
0.574
Published
2025-06-17
CVE-2025-43200
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Known exploited
CVSS Score
4.2
EPSS Score
0.002
Published
2025-06-16
CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.353
Published
2025-06-10
CVE-2025-33053
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.33
Published
2025-06-10
CVE-2025-47827
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Known exploited
CVSS Score
4.6
EPSS Score
0.007
Published
2025-06-05
CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known exploited
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-03
CVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Known exploited
CVSS Score
7.5
EPSS Score
0.011
Published
2025-06-03