vFeed Newsletter July 2025

Welcome to vFeed July 2025 edition of Cybersecurity and Vulnerability Newsletter.

July continued to keep security professionals and vulnerability analysts on their toes. The month saw a significant spike in published vulnerabilities accounting about 3,600, one of the largest in the month seen recently. vFeed has currently seen about 20,361 vulnerabilities published so far in 2025 alone, well on track to be one of the highest in recent years. A record 5,174 CVEs had modified risks, priorities, advisories during the month of July. In comparison, only about 1,338 published CVEs had their risk scores, advisories, and priorities revised in July of 2024.

The number of critical vulnerabilities published – those with a critical score of 9.0 or higher continued to rise significantly to 535 in July compared to 559 last month, 187 in March and 129 in February. Among those 18 of the critical ones had a perfect 10.0 score that included several Wi-Fi router platforms such as B-link, D-link, Cisco ISE, and they are also caused by several WordPress plugins leveraging code injection, unrestricted file uploads, and remote code execution (RCE).

Vendor and product advisories reached overwhelming levels of about 135,000 till July 2025 as opposed to about 353,000 seen in the entire 2024 and 102,000 seen in 2023. Oracle, Suse, and Debian nearly accounted for more than 80% of those advisories in 2025. Vendor patch advisory threat data exceeded even larger counts to about 2.4M led by sources including Ubuntu, Debian, Suse in 2025, accounting for nearly 70% of patched advisories issued during the month.

vFeed vulnerability database added CVSS4 risk scoring metrics to our threat intel feed, and so far we captured 4,750 risk scores in 2025 alone, the largest we have seen so far. Particularly, about 132 vulnerabilities with CVSS4 scores had a high exploitability percentile greater than 70% indicating that those are likely exploited soon in the next few weeks to months.

Windows vulnerabilities in July continued a rising trend in both number and severity, highlighted by critical flaws such as CVE-2025-47981. Microsoft’s July 2025 Patch Tuesday addressed a total of about 130 vulnerabilities across various products, including Windows, Microsoft Office, and SharePoint. Among these included 12 critical, several critical vulnerabilities were identified, including one that allows for remote code execution (RCE) with no user interaction. A critical CVE-2025-47981 rate at 33.3% exploitability percentile affecting Windows 10/11 and Server, expecting real-world attacks within days of disclosure. Other critical windows vulnerabilities included Windows Office suite CVE-2025-49695/6/7 (23.1% EPSS), CVE-2025-49702 (31.2% EPSS), that are critically rated RCE flaws affecting Office, some of which can be triggered via the Preview Pane. CVE-2025-53770 is another critical and actively exploited remote code execution vulnerability in on-premises Microsoft SharePoint Server 2016, 2019, and Subscription Edition. This vulnerability has a high EPSS percentile of 94.6%, and allows unauthenticated attackers to gain remote access, upload malicious files, exfiltrate sensitive cryptographic secrets, and seize full control of vulnerable servers — posing a major risk to Windows enterprise environments that rely on SharePoint for collaboration and document management.

WordPress plugins caused a significant increase in reporting of about 30 critical ones with CVSS score of 9.0 and above reported. Per SolidWP, 113 WordPress vulnerabilities have been publicly disclosed during the month of July. Security patches for 60 of these plugins and themes are available now, so run those updates as soon as possible. A few of these WordPress plugins that caused critical vulnerabilities include: Alone Theme, Google Sheets and Contact Form 7, WP Database Backup, HT Contact Form Widget, WooCommerce, and Charity Multipurpose themes. Specifically, the Alone Charity Multipurpose Non-profit WordPress Theme is published with a high CVSS score of 9.8 and 47.8% EPSS probability. The vulnerability allows unauthenticated attackers to upload arbitrary files potentially leading to a site takeover.

A peculiar CVE-2024-51977 identified in June 2025 had about eight related vulnerabilities that converted multiple Brother multi-function printer and scanner devices to leak sensitive device information that is currently being exploited through HTTP/S/IPP ports, some of them through the authentication bypass. These vulnerabilities include CVE-2024-51977/78/79/80/81/82/83/84. These vulnerabilities affected about 689 models of Brother range of printers, scanners, and label maker devices, and currently are considered trending with higher EPSS exploitability percentile of 97.6%. These must be remediated via a firmware update available from the vendor. See Brother Printer Advisory for further details.

Several critical upload weakness related to CWE-434 (Unrestricted Upload of File with Dangerous Type), CWE-502 (Deserialization of Untrusted Data), CWE-158 (Improper Neutralization of Null Byte), and CWE-862 (Missing Authorization) were observed in the month of July 2025. Some of these includes:

1. CVE-2025-5394 Alone Charity Multipurpose Non-profit WordPress Theme theme that is vulnerable to arbitrary file uploads with a EPSS 47.2% percentile of being exploited, and having a high CVSS risk score of 9.8
2. CVE-2025-31324 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agents to upload potentially malicious executable binaries with a 98.3% EPSS exploitability percentile and a high risk score of 9.8. While the vulnerability was published in April 2025, it is categorized among the most critical vulnerabilities of July 2025 due to its high risk, ease of exploitation, and the severe impact on SAP NetWeaver systems
3. CVE-2025-47812 Wing FTP Server weakness has several exploitable PoCs via anonymous FTP accounts leveraging RCE, and has a high risk of 99% being exploited. This vulnerability carries a critical 10.0 score risk with a low attack network complexity, and must be patched the soonest.

Critical Exploitable Vulnerabilities – July 2025

Pay attention to these top critical vulnerabilities that are likely exploitable this month.

CVE	Description	CVSS 3 Base	EPSS Percentile	Date Published	Weakness	Versions Affected	References
CVE-2025-47812	Wing FTP Server admin web interfaces mishandle	10.0	99.5%	2025-07-10	CWE-158	< 7.4.4	https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
CVE-2024-51977	Multiple Brother devices authentication bypass via default administrator password generation	5.3	97.6%	2025-06-25	CWE-538	1.65(ZH)	https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/
CVE-2025-20337	A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root.	10.0	79.5%	2025-07-16	CWE-74	Cisco ISE 3.3.0	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
CVE-2025-47981	Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.	9.8	33.3%	2025-07-08	CWE-122	Up to 10.0.10240.21073	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47981
CVE-2025-53770	Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows unauthorized attacker to execute code over a network	9.8	94.6%	2025-07-20	CWE-502	Up to 16.0.18526.20508	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
CVE-2025-5394	Alone Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check.	9.8	47.2%	2025-07-15	CWE-862	<= 7.8.3	https://themeforest.net/item/alone-charity-multipurpose-nonprofit-wordpress-theme/15019939

May you live in interesting times! 🙂

Click here to schedule your demo with vFeed Threat Intel today!