PoC Week 2025-07-07

Posted on Jul 7, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-6554

  • Severity: 7.5 HIGH
  • Impacted Products: Google Chrome prior to 138.0.7204.96
  • Description: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-6554
  • PoC: https://github.com/windz3r0day/CVE-2025-6554

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.