The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2025-64446

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiWeb 8.0.0 through 8.0.1, Fortinet FortiWeb 7.6.0 through 7.6.4, Fortinet FortiWeb 7.4.0 through 7.4.9, Fortinet FortiWeb 7.2.0 through 7.2.11, Fortinet FortiWeb 7.0.0 through 7.0.11
• Description: A relative path traversal vulnerability may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
• Remediation:
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2025-64446
• PoC:
  • https://github.com/sensepost/CVE-2025-64446/blob/main/scanner.py
  • https://x.com/defusedcyber/status/1975242250373517373
  • https://github.com/lincemorado97/CVE-2025-64446_CVE-2025-58034/blob/main/exploit.py

CVE-2025-58034

• Severity: 7.2 HIGH
• Impacted Products: Fortinet FortiWeb
• Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the policy_scripting_post_handler method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
• Remediation:
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2025-58034
• PoC:
  • https://github.com/B1ack4sh/Blackash-CVE-2025-58034/blob/main/CVE-2025-58034.py
  • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/fortinet_fortiweb_rce.rb

CVE-2025-62215

• Severity: 7.0 HIGH
• Impacted Products: Windows Kernel
• Description: CVE-2025-62215 is a Windows Kernel elevation of privilege vulnerability, given a CVSS 3.1 score of 7.8, where a race condition in Windows Kernel allows an authorized attacker to elevate privileges locally. Microsoft assessed that the attack complexity is “low”.
• Remediation:
  • Windows Kernel Elevation of Privilege Vulnerability
  • Microsoft KB 5068779
  • Microsoft KB 5068781
• More Info: NVD - CVE-2025-62215
• PoC:
  • https://github.com/mrk336/Kernel-Chaos-Weaponizing-CVE-2025-62215-for-SYSTEM-Privilege-Escalation/blob/main/README.md
  • https://github.com/abrewer251/CVE-2025-62215_Windows_Kernel_PE

CVE-2025-63666

• Severity: 9.8 CRITICAL
• Impacted Products: Tenda AC15 v15.03.05.18_multi
• Description: Tenda AC15 v15.03.05.18_multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-63666
• PoC:
  • https://github.com/Remenis/CVE-2025-63666/blob/main/README.md

CVE-2025-63747 - NEW

• Severity: 9.8 CRITICAL
• Impacted Products: QaTraq 6.9.2
• Description: QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-63747
• PoC:
  • https://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce

CVE-2025-63679

• Severity: 5.3 MEDIUM
• Impacted Products: free5gc v4.1.0 and before
• Description: free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-63679
• PoC:
  • https://gist.github.com/DDGod2025/5483d94b028d7a0c111ca23844e8a94d

CVE-2025-12762

• Severity: 9.1 CRITICAL
• Impacted Products: pgAdmin 9.9
• Description: pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-12762
• PoC:
  • https://github.com/B1ack4sh/Blackash-CVE-2025-12762/blob/main/CVE-2025-12762.py

CVE-2025-12539

• Severity: 10.0 CRITICAL
• Impacted Products: TNC Toolbox: Web Performance plugin for WordPress, 1.4.2
• Description: The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the “Tnc_Wp_Toolbox_Settings::save_settings” function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with …
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-12539
• PoC:
  • https://github.com/Nxploited/CVE-2025-12539

CVE-2025-11170 - NEW

• Severity: 9.8 CRITICAL
• Impacted Products: WP移行専用プラグイン for CPI, 1.0.2
• Description: The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-11170
• PoC:
  • https://github.com/Nxploited/CVE-2025-11170

CVE-2023-48022 - NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Anyscale Ray 2.6.3, Anyscale Ray 2.8.0
• Description: Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
• Remediation:
  • GCP-2024-020
• More Info: NVD - CVE-2023-48022
• PoC:
  • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ray_agent_job_rce.rb
  • https://github.com/0x656565/CVE-2023-48022
  • https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.