Cyble Vulnerability Intelligence researchers tracked 971 vulnerabilities over the past week, as monthly Patch Tuesday releases from vendors yielded a high number of new bugs. 

More than 142 of the disclosed vulnerabilities already have publicly available Proofs-of-Concept (PoCs), a rate that’s lower than the recently seen 20-30% exploitation rate, but still shows how quickly new vulnerabilities can be exploited. 

54 vulnerabilities were rated as critical under CVSS v3.1, while 33 received a critical severity rating based on the newer CVSS v4.0 scoring system. Microsoft, Adobe, Intel, Huawei, and Kenwood were the top vendors with reported vulnerabilities during the week. 

What follows are some of the more significant IT and industrial control systems (ICS) vulnerabilities examined by Cyble researchers in the last week. The goal is to help security teams better focus their mitigation efforts. 

The Week’s Top IT Vulnerabilities 

One noteworthy vulnerability this week is CVE-2025-8088, a critical zero-day path traversal vulnerability affecting WinRAR version 7.12 on Windows. Since mid-July, the vulnerability has been actively exploited in targeted spear-phishing campaigns primarily aimed at financial, manufacturing, defense, and logistics companies in Europe, Canada, and Russia. The vulnerability has already been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. 

Another vulnerability receiving significant attention is CVE-2025-53786, a high-severity post-authentication elevation of privilege vulnerability affecting on-premises Microsoft Exchange servers configured for hybrid-joined environments. The flaw could allow an authenticated attacker with administrative access to the on-prem Exchange server to escalate privileges within the connected Microsoft 365 cloud environment. Microsoft said the issue is addressed by following their guidance and applying a hotfix from April or later. 

Other significant vulnerabilities fixed by Microsoft in its August 2025 Patch Tuesday update included: 

• CVE-2025-53766, a heap-based buffer overflow in Windows GDI+ that could allow an unauthorized attacker to remotely execute code over a network 

• CVE-2025-50171, a missing authorization vulnerability in Remote Desktop Server that could allow unauthorized attackers to perform spoofing attacks over a network. 

• CVE-2025-50165, an untrusted pointer dereference vulnerability in Microsoft Graphics Component that could lead to unauthorized actions or system instability in Windows 11 systems and Server 2025. 

• CVE-2025-53767, a critical elevation of privilege/server-side request forgery (SSRF) vulnerability in Microsoft’s Azure OpenAI services. The 10.0-rated flaw has been fully mitigated by Microsoft and requires no customer action. 

CVE-2025-6543 is a critical security vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway devices that was first disclosed in June but continues to receive attention. It is a memory overflow bug that can lead to unintended control flow manipulation or denial of service (DoS) on impacted devices. The flaw occurs when these devices are configured as a Gateway (such as VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as a AAA virtual server. 

CVE-2025-25256 is a critical OS command injection vulnerability affecting multiple versions of Fortinet FortiSIEM software. It could potentially allow a remote, unauthenticated attacker to execute arbitrary commands or code via specially crafted command-line interface (CLI) requests without requiring user interaction. 

Cyble honeypot sensors have detected attack attempts on CVE-2025-32432, a 10.0-rated remote code execution vulnerability in certain versions of Craft, a CMS for creating digital experiences on the web and beyond. The flaw can be found in versions 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17; the issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17. 

Cyble dark web researchers documented numerous discussions of vulnerabilities on underground forums. Among the vulnerabilities attracting attention from threat actors are CVE-2025-20281, a critical remote code execution vulnerability affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC), and CVE-2025-38236, a high-severity privilege escalation vulnerability in the Linux kernel related to its handling of the MSG_OOB (Out-Of-Band) feature for UNIX domain sockets. 

Cyble also observed threat actors claiming zero-day vulnerabilities in Android versions up to and including Android 15 (ARM and ARM64 architecture), the Cisco Secure Email Gateway, and Fortinet FortiOS SSL-VPN versions 7.4 to 7.6. 

ICS Vulnerabilities 

Cyble researchers examined 42 ICS and operational technology (OT) vulnerabilities during the week and flagged three products as meriting high-priority attention due to the presence of internet-facing instances: 

CVE-2025-5095 is a Missing authentication for critical function vulnerability in Burk Technology ARC Solo (versions prior to v1.0.62) that could potentially allow an attacker to gain access to the device, lock out authorized users, or disrupt operations. 

CVE-2025-8284 is a Missing authentication for critical function vulnerability in Packet Power EMX and EG (versions prior to 4.1.0) that could potentially allow an attacker to gain full access to the device without authentication. 

Sante PACS Server is affected by five vulnerabilities, the highest rated of which are CVE-2025-53948 and CVE-2025-54156. Exploitation could potentially allow an attacker to create arbitrary files, cause denial-of-service conditions, obtain sensitive information, or steal user session cookies. 

Conclusion 

With hundreds of new vulnerabilities to contend with each week – and one in five being rapidly exploited – security teams must respond with fast, well-targeted actions to defend IT and critical infrastructure. A risk-based vulnerability management program should be at the heart of those defensive efforts. 

Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; removing or protecting web-facing assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans. 

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks. Get a free external threat profile for your organization today.