Cyble Vulnerability Intelligence researchers tracked nearly 700 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks exploiting those vulnerabilities. 

A total of 46 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 36 received a critical severity rating based on the newer CVSS v4.0 scoring system. 

Here are some of the top IT and ICS vulnerabilities noted by Cyble in recent reports to clients. 

The Week’s Top IT Vulnerabilities 

Cyble noted that three vulnerabilities in Oracle products could lead to full system compromise if successfully exploited. They include CVE-2025-62481, a missing authentication flaw in the Oracle Marketing module of Oracle E-Business Suite; CVE-2025-61757, affecting Oracle Identity Manager within Oracle Fusion Middleware; and CVE-2025-53072, affecting the Oracle Marketing product of Oracle E-Business Suite. 

Two other Oracle vulnerabilities, CVE-2025-61884 and  CVE-2025-61882 in Oracle E-Business Suite (EBS), were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. 

CISA added several other significant vulnerabilities to its KEV catalog recently. They include:  

• CVE-2025-59287, an update to address a critical remote code execution vulnerability affecting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025) that a previous update did not fully mitigate. 

• CVE-2025-33073, a critical vulnerability in the Windows Server Message Block (SMB) client that could allow an authenticated attacker to escalate privileges to the SYSTEM level. 

• CVE-2022-48503, a high-severity vulnerability in JavaScriptCore/WebKit that affects multiple Apple operating systems and can lead to arbitrary code execution by a remote attacker. 

• CVE-2025-54236, an Adobe Commerce and Magento Improper Input Validation Vulnerability dubbed “SessionReaper” that could be abused to achieve session takeover. Exploitation of the issue does not require user interaction. 

Cyble vulnerability researchers also flagged CVE-2025-62168, a 10.0-severity information disclosure vulnerability in Squid Proxy, a widely used open-source caching proxy server. The flaw could potentially allow attackers to exploit Squid’s error pages to expose sensitive HTTP authentication data, including tokens or credentials used by trusted clients and backend web applications. 

7-Zip Vulnerabilities Under Discussion by Threat Actors 

Cyble also observed threat actors on dark web and underground cybercrime forums discussing weaponizing multiple vulnerabilities, including: 

CVE-2025-11001, a critical vulnerability in the 7-Zip file parsing component of 7-Zip, stemming from improper handling of symbolic links within ZIP archives. When a specially crafted ZIP file is opened or extracted, 7-Zip may follow these symbolic links outside the intended extraction directory, enabling directory traversal. An attacker could exploit this flaw to execute arbitrary code under the context of the user running the application, potentially gaining access to or overwriting system files. 

CVE-2025-11002, a critical vulnerability present in the 7-ZIP file parser. The vulnerability is closely related to CVE-2025-11001 and also arises from improper validation of symbolic links during ZIP file extraction. The vulnerability could be exploited through a malicious ZIP archive that manipulates directory traversal paths, potentially allowing remote attackers to execute arbitrary code or overwrite critical files on the target system. 

CVE-2025-8061, a high-severity security flaw in the Lenovo Dispatcher driver (versions 3.0 and 3.1), specifically in the LnvMSRIO.sys component, that could allow local privilege escalation due to insufficient access control in driver interfaces. It could enable authenticated attackers to execute arbitrary code at the kernel level (Ring-0), potentially bypassing security mechanisms like EDR and PPL by exploiting IOCTL handlers that permit physical memory and MSR register read/write operations. 

CVE-2025-30247, a critical OS command injection vulnerability affecting Western Digital My Cloud NAS devices running firmware versions prior to 5.31.108. It could potentially allow unauthenticated remote attackers to execute arbitrary system commands through specially crafted HTTP POST requests. 

ICS Vulnerabilities 

Cyble also flagged three industrial control system (ICS) vulnerabilities as meriting high-priority attention by security teams. These include: 

CVE-2025-11534 is an Authentication Bypass Using an Alternate Path or Channel vulnerability in Raisecomm products RAX701-GC-WP-01 P200R002C52, and RAX701-GC-WP-01 P200R002C53. Successful exploitation of the vulnerability could allow a remote attacker to bypass authentication and obtain an unauthenticated root shell on affected devices. 

CVE-2025-40771 is a Missing Authentication for Critical Function vulnerability affecting multiple versions of Siemens SIMATIC CP and Siemens SIPLUS ET 200SP CP. The SIMATIC ET 200SP, a compact and modular remote I/O system used to connect field devices to Siemens automation controllers, contains a vulnerability in which configuration connections are not properly authenticated. The flaw could allow an unauthenticated remote attacker to access sensitive configuration data, potentially compromising system integrity and exposing critical industrial network settings to unauthorized manipulation or observation. 

CVE-2025-6554 is a Google Chrome Type Confusion vulnerability present in Siemens HyperLynx and Industrial Edge App Publisher that could potentially allow a remote attacker to perform arbitrary code execution via a crafted HTML page. 

Conclusion 

The high number of critical vulnerabilities affecting enterprise systems this week underscores the need for rapid, well-targeted actions by security teams to successfully defend IT and critical infrastructure. A risk-based vulnerability management program should be at the heart of those defensive efforts.   

Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; removing or protecting web-facing assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.   

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks.