Welcome to vFeed August 2025 edition of Cybersecurity and Vulnerability Newsletter
August continued to overwhelm vulnerability analysts and incident responders with a higher range of published vulnerabilities with increased severities, and widespread exploits. The month saw a significant spike accounting of about 3,360 published vulnerabilities, one of the largest in the month seen recently, though comparatively lower than 3,600 last month. vFeed has currently seen about 24,340 vulnerabilities published so far in 2025 alone, well on track to be one of the highest ranges in recent years. A record 4,350 CVEs had modified risks, priorities, advisories during the month of August since the beginning of the year, compared to 5,174 in July. In comparison, only about 3,385 modified CVEs had their risk scores, advisories, and priorities revised in August 2024.
vFeed vendor patch advisory data exceeded even greater counts of about 2.2M, led by sources including Ubuntu, Debian, Suse, Oracle, and Windows in 2025, accounting for nearly 72% of patched advisories issued during the month.
vFeed vulnerability feed database has continued to embrace NVD 2.0 schema structures for the last several months. Our database continued to build upon CVSS4 and EPSS4 risk scoring metrics as part of our threat intel feed, and so far we captured 6,885 risk scores in 2025 alone, the largest we have seen so far. Particularly, about 41 of those are determined to be critical vulnerabilities of which 15 also have a higher exploitability percentiles greater than 70%. A higher EPSS percentile score indicates the likelihood of being exploited in the wild soon in the coming months compared to other similar vulnerabilities in the platform.
The number of critical vulnerabilities identified by vFeed in August – those with a critical score of 9.0 or higher continued to rise significantly to 484 compared to 535 last month, 187 in March and 129 in February. Among those critical vulnerabilities, about 45 of them (~ 9%) had a high likelihood of exploitations in the next few months. Among those 16 of the critical ones (~ 3%) had a perfect 10.0 score observed across several router and network platforms such as Belkin F9K1009, TRENDnet, NetScaler ADC, Cisco Secure Firewall, Squid proxy, and Linux iPerf. Many of those critical ones are also caused by WordPress plugins that leveraged SQL injection, unrestricted file uploads using PHP, and remote code execution (RCE) vulnerabilities.
A chain of critical vulnerabilities were observed in the NVIDIA Triton Inference Server during August that included: CVE-2025-23310-11, CVE-2025-23317 discovered to be possessing vulnerability in the HTTP handling logic. These were rooted in Triton’s HTTP endpoint logic in improper handling of chunked HTTP requests allowed remote attackers to trigger stack-based buffer overflows, potentially crashing the service or facilitating code execution.
Another severe attack chain affecting NVIDIA Triton Inference Server consists of vulnerabilities CVE-2025-23319-20 CVE-2025-23333-34, which are all exploitable through specially crafted requests that target the Python backend services. These vulnerabilities result in Out-of-Bounds read/write, and shared memory limit bypasses in Python backend services. Typically these can be seen when a large crafted request triggers a verbose error message, leaking the unique internal name of the server’s backend shared memory region, and could ultimately execute arbitrary code by abusing the server’s message-passing mechanisms and memory management.
A rather unique CVE-2025-53767 critical elevation of privilege vulnerability was reported in Microsoft Azure OpenAI services caused by Server-Side Request Forgery (SSRF), discovered and patched in August 2025. With this vulnerability, attackers could bypass authentication and authorization protections, resulting in elevated privileges within the Azure OpenAI environment, and potential lateral movements.
WordPress plugins appear to be one of the top contributors to the overall weaknesses observed during the month. About 195 WordPress plugins have been identified that could cause a majority of websites to be exploitable, of which 17 critical plugins (~ 9%) related to file uploads, privilege escalation, improper input validation, and remote code execution risks were observed affecting websites that are exploitable soon. Specifically, CVE-2025-8898 (Taxi Booking Manager for Woocommerce), CVE-2025-8723 (Cloudflare Image Resizing plugin) are linked to incorrect or missing access controls and input validation enabling attackers execute unauthorized actions or escalate privileges with minimal or no authentication. CVE-2025-7955 (RingCentral Communications plugin), CVE-2025-7778 (Icons Factory plugin) lead to lack of authorization enforcement, enabling attackers to manipulate plugin features or execute arbitrary commands that compromise site integrity and user data. Further, CVE-2025-7710 (Brave Conversion Engine), CVE-2025-7642 (Simpler Checkout plugin), CVE-2025-7441 (StoryChief plugin) vulnerabilities include unsafe file upload mechanisms or data handling issues to upload malicious files or tamper with site content, resulting in remote code execution style attacks.
Microsoft’s August 2025 Patch Tuesday was significant, addressing 107 vulnerabilities, including 13 critical ones (~ 12%), 9 Remote Code (~ 8%), and one elevation of privilege in the OpenAI system. The August 2025 vulnerabilities showed concerning trends with active exploitations, particularly affecting enterprise infrastructure like Azure Cloud Services Vulnerabilities, Remote Code Execution (RCE) weaknesses found in endpoint software including WinRAR, Office, Windows Graphics Components, and GDI. Elevation of Privilege was also seen being exploited using Windows NTLM, and Kerberos.
vFeed identified several top weaknesses (CWE) that contributed to critical vulnerabilities during the month. Particularly, CWE-74 (Improper Neutralization/Injection) nearly accounted for 28% of all critical ones observed. This is followed by CWE-119 (Improper Restriction of Operations/Memory Buffer) of nearly 15%. Others included CWE-79 (Cross-site Scripting), CWE-89 (SQL Injection), CWE-93 (CRLF Injection), CWE-119 (Buffer Overflow), CWE-121 (Stack-based Buffer Overflow) contributing to a majority of published vulnerabilities and advisories during the month.
Critical Exploitable Vulnerabilities – August 2025
Pay attention to these top critical vulnerabilities that are likely exploitable this month.
| CVE | Description | CVSS 3 Base | EPSS Percentile | Exploit PoC Available? | Date Published | Weakness | Versions Affected | References |
| CVE-2025-53766 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized user to execute code over the network. | 9.8 | 33.2% | No | 2025-08-12 | CWE-122 | Windows Server 2008-2025, Windows 10-11, Microsoft Office | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53766 |
| CVE-2025-53767 | Azure OpenAI Elevation of Privilege Vulnerability | 10.0 | 22.4% | No | 2025-08-07 | CWE-918 | N/A | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767 |
| CVE-2025-8730 | Authentication Bypass in Belkin F9K1009/F9K1010 routers | 9.8 | 92.5% | Yes | 2025-08-08 | CWE-259, CWE-798 | 2.00.04/2.00.09 | https://github.com/byteReaper77/CVE-2025-8730 |
| CVE-2025-54574 | Heap Buffer Overflow in Squid URN Handling | 9.8 | 81.3% | Yes | 2025-08-01 | CWE-122, CWE-787 | <= 6.3 | https://github.com/B1ack4sh/Blackash-CVE-2025-54574 |
| CVE-2025-23319 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend | 9.8 | 72.5% | No | 2025-08-06 | CWE-787, CWE-805 | Up to (excluding),25.07 | https://nvidia.custhelp.com/app/answers/detail/a_id/5687 |
| CVE-2025-7775 | Memory overflow leading to RCE/DoS in NetScaler ADC Gateway | 9.8 | 92.6% | Yes | 2025-08-26 | CWE-119 | Gateway 13.1, 14.1 | https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 |
May you live in interesting times! 🙂
Click here to schedule your demo with vFeed Threat Intel today!