In the cybersecurity world, the time between a “patch released” announcement and an “active attack started” warning is getting shorter and shorter. Two critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting Fortinet devices, which Fortinet announced last week, were actively exploited by threat actors as of December 12, 2025, less than a week after their disclosure.
A Local Privilege Escalation (LPE) vulnerability identified as CVE-2025-66430 with a CVSS 9.1 severity score has been detected in the widely used Plesk platform. This vulnerability allows any Plesk user with limited privileges to inject malicious data into the Apache configuration, enabling them to execute arbitrary commands on the server with root privileges. This poses a risk of cross-contamination to all server commands and customer data, particularly in shared hosting environments.
Windows RasMan 0-Day (CVE-2025-59230): Actively Exploited Vulnerability Patched, But Risk Remains
The CVE-2025-59230 vulnerability, which was fixed as part of Microsoft‘s October 2025 Patch Tuesday update, was a 0-day vulnerability discovered and actively exploited in the Remote Access Connection Manager (RasMan) component of Windows.
The vulnerability was due to a local privilege escalation (EoP) flaw that allowed attackers to gain “SYSTEM” level privileges from a low-privilege user account.
Microsoft has released a patch to close this vulnerability; however, systems that have not been patched are still at serious risk.
SMTP Smuggling is a technique that allows you to send e-mail from almost any e-mail address by hiding another e-mail message in the data flow of an e-mail communication. Basically, another e-mail is injected into the message by exploiting interpretation differences in the SMTP protocol. Since the main message successfully passes security checks such as SPF, DKIM and DMARC, the injected message is delivered to the recipient boxes without any warning.
On June 6, 2023, security researchers discovered a vulnerability in Roundcube’s “markasjunk” plugin. This vulnerability allow attackers to execute command by sending a specifically crafted identity email address through plugin.
Although the CVSSv3 score of the vulnerability is defined as “6.5”, according to Cyberthint analysts, its impact is actually critical and CWE ID: CWE-77.
Affected Versions: Roundcube versions 1.6.1 and earlier versions, when the markasjunk plugin is enabled.
Joomla is used in many websites as a popular content management system. On February 16, 2023, a critical vulnerability with the identifier “CVE-2023-23752” was announced for Joomla. This vulnerability allows unauthorized users to access sensitive information on the website.
A heap buffer underflow vulnerability has been identified in the management interface of Fortinet’s FortiOS and FortiProxy products. CVSSv3 score was determined as 9.3 of the vulnerability tracked by code CVE-2023-25610.
This security vulnerability allows threat actors to unauthorized code/commands execution or perform DoS attacks with specially generated with HTTP requests.