The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-49113

• Severity: 9.9 CRITICAL
• Impacted Products: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11
• Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-49113
• PoC: https://github.com/rasool13x/exploit-CVE-2025-49113/

CVE-2025-48828

• Severity: 9.0 CRITICAL
• Impacted Products: Vbulletin 6.0.3
• Description: Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the “var_dump”(“test”) syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-48828
• PoC: https://karmainsecurity.com/pocs/vBulletin-replaceAdTemplate-RCE.php

CVE-2025-48827

• Severity: 10.0 CRITICAL
• Impacted Products: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3
• Description: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-48827
• PoC: https://github.com/0xgh057r3c0n/CVE-2025-48827

CVE-2025-4123

• Severity: 7.6 HIGH
• Impacted Products: Grafana 11.2, Grafana 11.3, Grafana 11.4, Grafana 11.5, Grafana 11.6, Grafana 12.0
• Description: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the connect-src directive.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-4123
• PoC: https://github.com/B1ack4sh/Blackash-CVE-2025-4123

CVE-2025-45854

• Severity: 10.0 CRITICAL
• Impacted Products: JEHC-BPM 2.0.1
• Description: /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-45854
• PoC: https://gist.github.com/Cafe-Tea/bc14b38f4bfd951de2979a24c3358460

CVE-2025-4009

• Severity: 9.3 CRITICAL
• Impacted Products: Evertz SDVN 3080ipx-10G
• Description: The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-4009
• PoC: https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.