The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-8088

• Severity: 8.8 HIGH
• Impacted Products: WinRAR > 7.13
• Description: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-8088
• PoC: https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

CVE-2025-6543

• Severity: 9.2 CRITICAL
• Impacted Products: Citrix Netscaler Gateway and Application Delivery Controller - various versions
• Description: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-6543
• PoC: https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC

CVE-2025-25256

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9
• Description: An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-25256
• PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256/ and blog here

CVE-2025-50154

• Severity: 7.1 HIGH
• Impacted Products: Windows: various
• Description: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-50154
• PoC: https://github.com/rubenformation/CVE-2025-50154

CVE-2025-54253

• Severity: 10.0 CRITICAL
• Impacted Products: Adobe Experience Manager versions 6.5.23 and earlier
• Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-54253
• PoC: https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms

CVE-2025-32433

• Severity: 10 CRITICAL
• Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20
• Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-32433
• PoC: https://github.com/tobiasGuta/Erlang-OTP-CVE-2025-32433/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.