Introduction

This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for September 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, SPLOITUS, and more. For further details, please visit this page.

The Month at a Glance

September 2025 has been marked by a diverse set of vulnerability sightings across multiple platforms and software ecosystems. The data collected through Vulnerability-Lookup indicates that both newly disclosed and previously known vulnerabilities continued to see active exploitation and discussion in the wild.

CVE-2025-10585, affecting Google Chrome, dominated the reports with 94 sightings. Other frequently sighted vulnerabilities include CVE-2025-10035 in Fortra’s GoAnywhere MFT and CVE-2025-42957 in SAP S/4HANA, both of which reflect persistent enterprise-level risks. These instances underscore the continued need for rapid patch deployment and robust monitoring in enterprise environments.

Network and infrastructure devices also remained a focus for adversaries. Vulnerabilities such as CVE-2023-51767 in OpenSSH and several router-specific CVEs like CVE-2017-18368 highlight the ongoing relevance of securing network endpoints against unauthorized access and exploitation. Similarly, Linux-based vulnerabilities, including CVE-2024-50264, accounted for a significant number of sightings, reinforcing the importance of kernel updates and system hardening practices.

From a severity perspective, most sightings fell into the High and Critical categories, with VLAI confidence scores often exceeding 0.95. This aligns with global observations of attackers prioritizing high-impact targets, such as widely used browsers, enterprise software, and critical network infrastructure. For example, Adobe Commerce, Sitecore Experience Manager, and Microsoft Entra were all associated with vulnerabilities of critical severity, underlining the necessity for organizations to prioritize patching and risk mitigation.

September 2025 reinforces several key trends in the cybersecurity landscape: high-severity vulnerabilities remain prevalent across browsers, enterprise software, and networking devices; unpublished vulnerabilities are actively exploited; and community-driven data aggregation plays a critical role in timely awareness and response. Organizations are encouraged to review patch management processes, monitor community sightings, and leverage threat intelligence feeds to mitigate exposure to these ongoing threats.

This month’s report features a new section dedicated to Known Exploited Vulnerabilities catalogs.

Top 10 Vendors of the Month

Top 15 vulnerabilities of the Month

Vulnerability	Sighting Count	Vendor	Product	VLAI Severity
CVE-2025-10585	94	Google	Chrome	High (confidence: 0.9945)
CVE-2025-10035	79	Fortra	GoAnywhere MFT	Critical (confidence: 0.9076)
CVE-2025-42957	71	SAP_SE	SAP S/4HANA (Private Cloud or On-Premise)	Critical (confidence: 0.9849)
CVE-2025-55241	68	Microsoft	Microsoft Entrac	High (confidence: 0.4512)
CVE-2025-54236	64	Adobe	Adobe Commerce	Critical (confidence: 0.9679)
CVE-2024-50264	60	Linux	Linux	High (confidence: 0.9854)
CVE-2015-2051	58	dlink	dir-645	High (confidence: 0.4993)
CVE-2023-51767	57	openssh	openssh	High (confidence: 0.5824)
CVE-2017-18368	57	zyxel	p660hn-t1a_v2	Critical (confidence: 0.9679)
CVE-2025-43300	54	Apple	iOS and iPadOS	High (confidence: 0.9548)
CVE-2025-55177	53	Facebook	WhatsApp Desktop for Mac	High (confidence: 0.5006)
CVE-2018-10562	51	dasannetworks	gpon_router	Critical (confidence: 0.9522)
CVE-2016-1555	49	netgear	wnap320	Critical (confidence: 0.9159)
CVE-2025-20333	48	code-projects	Blood Bank Management System	Medium (confidence: 0.9945)
CVE-2025-53690	44	Sitecore	Experience Manager (XM)	Critical (confidence: 0.9573)

Known Exploited Vulnerabilities

New entries have been added to major Known Exploited Vulnerabilities catalogs.

CISA

CVE ID	Date Added	Vendor	Product	VLAI Severity
CVE-2025-59689	29/09/25	Cisco	IOS	Medium (confidence: 0.8045)
CVE-2025-10035	29/09/25	Fortra	GoAnywhere MFT	Critical (confidence: 0.9076)
CVE-2025-32463	29/09/25	Sudo project	Sudo	High (confidence: 0.5599)
CVE-2021-21311	29/09/25	vrana	adminer	High (confidence: 0.6111)
CVE-2025-20352	29/09/25	Cisco	IOS	High (confidence: 0.9912)
CVE-2025-20333	25/09/25	Cisco	Cisco Adaptive Security Appliance (ASA) Software	Critical (confidence: 0.9823)
CVE-2025-20362	25/09/25	Cisco	Cisco Adaptive Security Appliance (ASA) Software	Medium (confidence: 0.9948)
CVE-2025-10585	23/09/25	Google	Chrome	High (confidence: 0.9945)
CVE-2025-5086	11/09/25	Dassault Systèmes	DELMIA Apriso	Critical (confidence: 0.9632)
CVE-2025-53690	04/09/25	Sitecore	Experience Manager (XM)	Critical (confidence: 0.9573)
CVE-2025-48543	04/09/25	Google	Android	High (confidence: 0.9709)
CVE-2025-38352	04/09/25	Linux	Linux	High (confidence: 0.8176)
CVE-2023-50224	03/09/25	TP-Link	TL-WR841N	Medium (confidence: 0.9651)
CVE-2025-9377	03/09/25	TP-Link Systems Inc.	Archer C7(EU) V2	High (confidence: 0.9895)
CVE-2020-24363	02/09/25	TP-Link	tl-wa855re	High (confidence: 0.9407)

ENISA

CVE ID	Date Added	Vendor	Product	VLAI Severity
CVE-2025-25231	09/09/25	Omnissa	Omnissa Workspace ONE UEM	High (confidence: 0.8877)

Top 10 Weaknesses of the Month

Click the image for more information.

Unpublished Vulnerabilities in the Wild

Sightings detected between 2025-09-01 and 2025-09-30 that are associated with unpublished vulnerabilities.

Vulnerability ID	Occurrences	Comment
CVE-2023-42344	15	OpenCMS Unauthenticated XXE Vulnerability
CVE-2025-30333	2
CVE-2025-27225	1	Nuclei template
CVE-2025-27222	1
CVE-2025-14414	1	Oracle
CVE-2011-2553	1	Exploit (SPLOITUS) source code not published
CVE-2025-56708	1	Exploit (SPLOITUS)
CVE-2025-55817	1	Exploit (SPLOITUS)

Continuous Exploitation

• CVE-2024-28995 - SolarWinds Serv-U
• CVE-2023-42344
• CVE-2019-1653 - Cisco Small Business RV Series Router Firmware

Insights from Contributors

• SAP Security Patch Day - September 2025
• npm.js - account qix and duckdb_admin compromised and associated CVEs allocated
• Cisco AnyConnect/ASA - vulnerabilities
• Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support

If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

Funding

The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole.
Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work.

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe.

Press release