top5hacker_IT-Sicherheit Alarm

Top 5 Hacker-relevante Schwachstellen
Wöchentliches Briefing zu den risikoreichsten Schwachstellen.

Mit den wöchentlich veröffentlichten Top 5 der Schwachstellen, die Hacker für ihre Angriffe hauptsächlich nutzen liefern wir Anwendungsunternehmen wichtige Informationen darüber, wo schnelles Handeln von ihnen gefragt ist.

Dafür wurde ein neuartiger, Entscheidungsbaum-basierter Priorisierungsansatz entwickelt, der es Organisationen ermöglicht, ihre Ressourcen effektiv zuzuweisen, indem sie auf die risikoreichsten Schwachstellen ihren Fokus richten können, um sich gegen die aktuell vorhandenen Gefahrenpotentiale optimal zu schützen.

Dieser Ansatz wird auf Basis von über 100.000 Schwachstellen- und Bedrohungsinformationen trainiert. Er erweitert Industriestandards wie CVSS und EPSS, um das Echtzeitrisiko und den Kontext neuer Schwachstellen besser zu erfassen.

Die „Top 5 Hacker-relevante Schwachstellen“ werden in Kooperation mit dem IT-Sicherheitsanbieter Entryzero veröffentlicht.

Kalenderwoche 48 2025

456
Total
40
Critical
98
High
177
Medium
17
Low
124
Unknown
Top 5 Schwachstellen
1

GeoServer

| Unauthenticated Remote Attack | XML External Entity Vulnerability |
CVE-2025-58360 EUVD-2025-199606
Details PoC
2

Samba WINS

| Unauthenticated Remote Attack | Command Injection Vulnerability |
CVE-2025-10230 EUVD-2025-38301
Details PoC
3

XWiki

| Unauthenticated Remote Attack | Syntax Injection Vulnerability |
CVE-2025-55730 EUVD-2025-27427
Details
4

Fluent Bit

| Authenticated Remote Attack | Buffer Overflow Vulnerability |
CVE-2025-12970 EUVD-2025-198809
Details PoC
5

RSA Authentication Agent

| Unauthenticated Remote Attack | Relative Path Traversal Vulnerability |
CVE-2024-47856 EUVD-2024-55101
Details

Kalenderwoche 47 2025

707
Total
68
Critical
197
High
349
Medium
23
Low
70
Unknown
Top 5 Schwachstellen
1

Oracle Identity Manager

| Unauthenticated Remote Attack | Missing Authentication Vulnerability |
CVE-2025-61757 EUVD-2025-35253
Details PoC
2

Fortinet Fortiweb

| Authenticated Remote Attack | Command Injection Vulnerability |
CVE-2025-58034 EUVD-2025-198020
Details PoC
3

Grafana Enterprise

| Unauthenticated Remote Attack | Incorrect Privilege Assignment Vulnerability |
CVE-2025-41115 EUVD-2025-198492
Details PoC
4

Zohocorp ManageEngine Analytics Plus

| Unauthenticated Remote Attack | SQL Injection Vulnerability |
CVE-2025-8324 EUVD-2025-84350
Details
5

Google Chromium

| Unauthenticated Remote Attack | Type Confusion Vulnerability |
CVE-2025-13223 EUVD-2025-197896
Details

Kalenderwoche 46 2025

944
Total
40
Critical
258
High
398
Medium
47
Low
201
Unknown
Top 5 Schwachstellen
1

Fortinet FortiWeb

| Unauthenticated Remote Attack | Relative Path Traversal Vulnerability |
CVE-2025-64446 EUVD-2025-197613
Details PoC
2

Gladinet Triofox

| Unauthenticated Remote Attack | Improper Access Control Vulnerability |
CVE-2025-12480 EUVD-2025-44062
Details PoC
3

SAP SQL Anywhere Monitor

| Unauthenticated Remote Attack | Hard-Coded Credentials Vulnerability |
CVE-2025-42890 EUVD-2025-60988
Details
4

Javascript Expr-Eval Library

| Unauthenticated Remote Attack | Insufficient Input Validation Vulnerability |
CVE-2025-12735 EUVD-2025-37820
Details
5

IBM AIX, VIOS & NIM server

| Unauthenticated Remote Attack | Improper Process Control and Path Traversal Vulnerabilities |
CVE-2025-36250 CVE-2025-36251 CVE-2025-36236 EUVD-2025-180539 EUVD-2025-180541 EUVD-2025-180538
Details

Kalenderwoche 45 2025

818
Total
56
Critical
230
High
339
Medium
14
Low
179
Unknown
Top 5 Schwachstellen
1

React Native

| Unauthenticated Remote Attack | Command Injection Vulnerability |
CVE-2025-11953 EUVD-2025-37505
Details PoC
2

Better Auth

| Unauthenticated Remote Attack | Improper Authorization Vulnerability |
CVE-2025-61928 EUVD-2025-33660
Details PoC
3

Cisco Unified Contact Center Express

| Unauthenticated Remote Attack | Unrestricted File Upload and Missing Authentication Vulnerabilities |
CVE-2025-20354 CVE-2025-20358 EUVD-2025-37892 EUVD-2025-37891
Details
4

Monsta FTP

| Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability |
CVE-2025-34299 EUVD-2025-38247
Details PoC
5

Zyxel ATP

| Authenticated Remote Attack | Command Injection Vulnerability |
CVE-2025-8078 EUVD-2025-35120
Details PoC

Kalenderwoche 44 2025

322
Total
21
Critical
82
High
97
Medium
20
Low
102
Unknown
Top 5 Schwachstellen
1

MOVEit Transfer

| Unauthenticated Remote Attack | Uncontrolled Resource Consumption Vulnerability |
CVE-2025-10932 EUVD-2025-36641
Details
2

WSO2 API Manager and Identity Server

| Unauthenticated Remote Attack | Improper Authorization, Access Control and Privilege Management Vulnerabilities |
CVE-2025-9804 CVE-2025-9152 CVE-2025-10611 EUVD-2025-34754 EUVD-2025-34755 EUVD-2025-34753
Details PoC
3

Dassault Systèmes DELMIA Apriso

| Unauthenticated Remote Attack | Missing Authorization and Code Injection Vulnerabilities |
CVE-2025-6204 CVE-2025-6205 EUVD-2025-23494 EUVD-2025-23493
Details
4

BIND

| Unauthenticated Remote Attack | Cache Poisoning Vulnerability |
CVE-2025-40778 EUVD-2025-35581
Details PoC
5

Microsoft Windows

| Unauthenticated Remote Attack | File UI Misrepresentation Vulnerability |
CVE-2025-9491 EUVD-2025-28860
Details