The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2025-59718

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, Fortinet FortiProxy, Fortinet FortiSwitchManager
• Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an improper verification of cryptographic signature vulnerability that allows an unauthenticated attacker to bypass FortiCloud SSO login authentication. This flaw can be exploited by sending a specially crafted SAML response message.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-59718
• PoC:
  • https://github.com/Ashwesker/Blackash-CVE-2025-59718
  • https://github.com/exfil0/CVE-2025-59718-PoC

CVE-2025-55182

• Severity: 10.0 CRITICAL
• Impacted Products: React Server Components (RSC) 19.0.0, React Server Components (RSC) 19.1.0, React Server Components (RSC) 19.1.1, React Server Components (RSC) 19.2.0
• Description: React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 are affected by a deserialization of untrusted data vulnerability. This flaw allows an unauthenticated, remote attacker to achieve arbitrary code execution on affected systems.
• Remediation:
  • oss-security - CVE-2025-55182: RCE in React Server Components
  • Critical Security Vulnerability in React Server Components – React
  • GCP-2025-072
• More Info: NVD - CVE-2025-55182
• PoC:
  • https://github.com/assetnote/react2shell-scanner/blob/master/scanner.py
  • https://github.com/sickwell/CVE-2025-55182/blob/main/cve-2025-55182.yaml
  • https://github.com/Cillian-Collins/CVE-2025-55182/blob/main/CVE-2025-55182.py

CVE-2018-4063

• Severity: 9.9 CRITICAL
• Impacted Products: ACEManager
• Description: A vulnerability exists within the upload.cgi in the ACEManager webserver which allows template file uploads without the need for authorization. The ACEManager webserver runs as root and therefore, so will executables.
• Remediation:
  • SWI-PSA-2019-003
• More Info: NVD - CVE-2018-4063
• PoC:
  • https://www.talosintelligence.com/reports/TALOS-2018-0748

CVE-2025-67506

• Severity: 9.8 CRITICAL
• Impacted Products: PipesHub 0.1.0-beta
• Description: PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload to os.path.join(tmpdir, file.filename) without normalizing the filename.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-67506
• PoC:
  • https://github.com/pipeshub-ai/pipeshub-ai/security/advisories/GHSA-w398-9m55-2357

CVE-2025-67494

• Severity: 9.3 CRITICAL
• Impacted Products: ZITADEL 4.7.0 and below
• Description: ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration etc.
• Remediation:
  • https://github.com/zitadel/zitadel/commit/4c879b47334e01d4fcab921ac1b44eda39acdb96
• More Info: NVD - CVE-2025-67494
• PoC:
  • https://github.com/Chocapikk/CVE-2025-67494

CVE-2025-67489

• Severity: 9.8 CRITICAL
• Impacted Products: @vitejs/plugin-rs 0.5.5 and below
• Description: @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decodeReply, decodeAction) when integrated into RSC applications that expose server function endpoints. Attackers with network access to the development server can read/modify files, exfiltrate sensitive data and so on.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-67489
• PoC:
  • https://github.com/advisories/GHSA-j76j-5p5g-9wfr

CVE-2025-66438

• Severity: 9.8 CRITICAL
• Impacted Products: Frappe ERPNext through 15.89.0
• Description: A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.get_html_and_style() triggers the rendering of the html field inside a Print Format document using frappe.render_template(template, doc) via the get_rendered_template() call chain.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-66438
• PoC:
  • https://www.notion.so/SSTI-bug-5-239e6086eadc80a48f17c1257a604d2c

CVE-2025-66434

• Severity: 8.8 HIGH
• Impacted Products: Frappe ERPNext through 15.89.0
• Description: An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (body_text) using frappe.render_template() with a user-supplied context (doc).
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-66434
• PoC:
  • https://www.notion.so/SSTI-bug-1-239e6086eadc8096bfcfe90551a3a483

CVE-2025-65741

• Severity: 9.8 CRITICAL
• Impacted Products: Sublime Text 3 Build 3208 or prior
• Description: Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-65741
• PoC:
  • https://github.com/vinicius-batistella/CVE-2025-65741/blob/main/README.md

CVE-2025-14709

• Severity: 9.8 CRITICAL
• Impacted Products: Shiguangwu sgwbox N3 2.0.25
• Description: A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshell_server of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14709
• PoC:
  • https://www.notion.so/sgwbox-NAS-N3-Buffer-Overflow-2be6cf4e528a80258b82dee0d6d1ebd1

CVE-2025-14708

• Severity: 9.8 CRITICAL
• Impacted Products: Shiguangwu sgwbox N3 2.0.25
• Description: A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14708
• PoC:
  • https://www.notion.so/sgwbox-NAS-N3-Buffer-Overflow-2be6cf4e528a808b9f71fe434929c73b

CVE-2025-14707

• Severity: 9.8 CRITICAL
• Impacted Products: Shiguangwu sgwbox N3 2.0.25
• Description: A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14707
• PoC:
  • https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a805f9b94f7b8799c77a8

CVE-2025-14705

• Severity: 9.8 CRITICAL
• Impacted Products: Shiguangwu sgwbox N3 2.0.25
• Description: A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14705
• PoC:
  • https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a80d69da5d6d17456a183

CVE-2025-13780

• Severity: 9.1 CRITICAL
• Impacted Products: pgAdmin 9.10
• Description: pgAdmin versions up to 9.10 are affected by a remote code execution vulnerability when operating in server mode and performing restores from PLAIN-format dump files. This flaw allows an attacker to inject and execute arbitrary commands on the server hosting pgAdmin.
• Remediation:
  • pgadmin4-9.11-1.fc42
• More Info: NVD - CVE-2025-13780
• PoC:
  • https://github.com/meenakshisl/PoC-CVE-2025-13780
  • https://github.com/ThemeHackers/CVE-2025-13780

CVE-2025-61757

• Severity: 9.8 CRITICAL
• Impacted Products: Oracle Fusion Middleware Identity Manager 12.2.1.4.0, Oracle Fusion Middleware Identity Manager 14.1.2.1.0
• Description: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
• Remediation:
  • Oracle Critical Patch Update Advisory - October 2025
  • Text Form of Oracle Critical Patch Update - October 2025 Risk Matrices
• More Info: NVD - CVE-2025-61757
• PoC:
  • https://github.com/Jinxia62/Oracle-Identity-Manager-CVE-2025-61757/blob/main/CVE-2025-61757.py
  • https://github.com/B1ack4sh/Blackash-CVE-2025-61757/blob/main/CVE-2025-61757.py

CVE-2025-20393

• Severity: 10.0 CRITICAL
• Impacted Products: Cisco AsyncOS Software for Cisco Secure Email Gateway, Cisco AsyncOS Software for Cisco Secure Email and Web Manager
• Description: Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager contains an improper input validation vulnerability that allows remote attackers to execute arbitrary commands with root privileges on the underlying operating system. This flaw requires the Spam Quarantine feature to be enabled and reachable from the internet.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-20393
• PoC:
  • https://github.com/cyberleelawat/CVE-2025-20393
  • https://github.com/thesystemowner/CVE-2025-20393-POC
  • https://github.com/KingHacker353/CVE-2025-20393

CVE-2025-14706

• Severity: 9.8 CRITICAL
• Impacted Products: Shiguangwu sgwbox N3 2.0.25
• Description: A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14706
• PoC:
  • https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a807cb619f9d2e1bcda20

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.