PatchNow

📡 RSS Feed - High Risk Alerts

📅 Last Updated: 2025-10-19 03:30:03 UTC

☕ Support This Service

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

🔴 CVE-2025-61882 - Oracle E-Business Suite Concurrent Processing 12.2.3-12.2.14

T1190 - Exploit Public-Facing App Deploy: HIGH CVSS: 9.8 CISA KEV
Critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite Concurrent Processing component accessible via HTTP. Actively exploited by Cl0p ransomware group for data theft attacks with complete system takeover potential.
📅 CVE Published: 2025-10-05 → KEV Added: 2025-10-06 1 DAY BETWEEN CVE AND KEV 13 DAYS SINCE KEV
View Details →

🔴 CVE-2025-10035 - Fortra GoAnywhere MFT versions <= 7.8.3

T1190 - Exploit Public-Facing App Deploy: HIGH CVSS: 10.0 CISA KEV
CVE-2025-10035 is a critical deserialization vulnerability in Fortra GoAnywhere MFT's License Servlet that allows unauthenticated remote code execution. This vulnerability has been actively exploited as a zero-day and affects internet-facing managed file transfer servers.
📅 CVE Published: 2025-09-18 → KEV Added: 2025-09-29 11 DAYS BETWEEN CVE AND KEV 20 DAYS SINCE KEV
View Details →

🔴 CVE-2025-20352 - Cisco IOS (versions 12.2.x through 15.9.x), Cisco IOS XE (versions 3.5.x through 17.18.x), Cisco IOS XE Catalyst SD-WAN (versions 16.9.x through 16.12.x)

T1190 - Exploit Public-Facing App Deploy: HIGH CVSS: 7.7 CISA KEV
Critical SNMP stack overflow vulnerability in Cisco IOS/IOS XE that allows remote code execution with high privileges or denial of service with low privileges. Actively exploited in the wild against network infrastructure devices commonly exposed to the internet.
📅 CVE Published: 2025-09-24 → KEV Added: 2025-09-29 5 DAYS BETWEEN CVE AND KEV 20 DAYS SINCE KEV
View Details →

🔴 CVE-2025-59689 - Libraesva Email Security Gateway 4.5 - 5.5.x (before fixed versions)

T1190 - Exploit Public-Facing App Deploy: VERY_HIGH CVSS: 6.1 CISA KEV
Critical command injection vulnerability in Libraesva Email Security Gateway allowing remote code execution via malicious compressed email attachments. This vulnerability is actively exploited in the wild and affects internet-facing email security appliances.
📅 CVE Published: 2025-09-19 → KEV Added: 2025-09-29 10 DAYS BETWEEN CVE AND KEV 20 DAYS SINCE KEV
View Details →

🔴 CVE-2025-20333 - Cisco ASA Software (versions 9.8.1 through 9.22.1.2), Cisco Firepower Threat Defense Software (versions 6.2.3 through 7.6.0)

T1190 - Exploit Public-Facing App Deploy: VERY_HIGH CVSS: 9.9 CISA KEV
CVE-2025-20333 is a critical buffer overflow vulnerability in the VPN web server component of Cisco ASA and Firepower Threat Defense Software that allows authenticated remote attackers to execute arbitrary code as root. This vulnerability is actively being exploited in the wild and affects internet-facing VPN appliances that are commonly deployed with public internet access.
📅 CVE Published: 2025-09-25 → KEV Added: 2025-09-25 0 DAY 24 DAYS SINCE KEV
View Details →

🔴 CVE-2025-20362 - Cisco ASA Software (versions 9.8.x through 9.23.x), Cisco Firepower Threat Defense (FTD) Software (versions 6.2.x through 7.7.x)

T1190 - Exploit Public-Facing App Deploy: VERY_HIGH CVSS: 6.5 CISA KEV
CVE-2025-20362 is a missing authorization vulnerability in Cisco ASA and FTD VPN web servers that allows unauthenticated remote attackers to access restricted URL endpoints. The vulnerability is being actively exploited in the wild and affects internet-facing firewall appliances.
📅 CVE Published: 2025-09-25 → KEV Added: 2025-09-25 0 DAY 24 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis