Blog
Flashpoint Weekly Vulnerability Insights and Prioritization Report
Week of May 31 – June 5, 2025
Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.
Table Of Contents
Your Guide to
Proactive Vulnerability
Management
Flashpoint’s VulnDB documents over 400,000 vulnerabilities and has over 4,500 entries in Flashpoint’s KEV database, making it a critical resource as vulnerability exploitation rises. However, if your organization is relying solely on CVE data, you may be missing critical vulnerability metadata and insights that hinder timely remediation. That’s why we created this weekly series—where we surface and analyze the most high priority vulnerabilities security teams need to know about.
Key Vulnerabilities:
Week of May 31 – June 5, 2025
Foundational Prioritization
Of the vulnerabilities Flashpoint published this week, there are 98 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.
Diving Deeper – Urgent Vulnerabilities
Of the vulnerabilities Flashpoint published last week, five are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:
- Are in widely used products and are potentially enterprise-affecting
- Are exploited in the wild or have exploits available
- Allow full system compromise
- Can be exploited via the network alone or in combination with other vulnerabilities
- Have a solution to take action on
In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.
To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.
| CVE ID | Title | CVSS Scores (v2, v3, v4) | Exploit Status | Exploit Consequence | Ransomware Likelihood Score | Social Risk Score | Solution Availability |
| CVE-2025-20289 | Cisco Identity Services Engine (ISE) Unspecified Hardcoded Credentials | 9.0 9.9 9.3 | Private | Gaining privileged access to the device | Critical | High | Yes |
| CVE-2025-5597 | Airleader Master Login Form Improper Authentication Remote Authentication Bypass | 10.0 10.0 10.0 | Private | Remote Information Disclosure | High | Low | Yes |
| CVE-2025-20674 | MediaTek Chipsets WLAN AP Driver Missing Permissions Check Packet Handling | 10.0 9.8 9.3 | Private | Remote Privilege Escalation | High | Low | Yes |
| CVE-2025-5622 | D-Link DIR-816 /goform/wirelessApcli_5g Multiple Parameter Remote Stack Buffer Overflow | 10.0 9.8 9.3 | Proof of Concept (POC) Public | Arbitrary Code Execution | Medium | Low | No |
| CVE-2025-5419 | Google V8 compiler/turboshaft/store-store-elimination-reducer-inl.h RedundantStoreAnalysis Class Out-of-bounds Access | 6.8 8.8 8.6 | Exploited in the Wild | Arbitrary Code Execution | Critical | High | Yes |
NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.
CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.
Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.
Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.
Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for CVE-2025-20289 looks like.
This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.
Analyst Comments on the Notable Vulnerabilities
Below, Flashpoint analysts describe the five vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.
CVE-2025-20289
Cisco Identity Services Engine (ISE) insecurely generates credentials for certain cloud deployments, causing the same credentials to be reused across multiple deployments. This may allow a remote attacker to trivially gain privileged access to the device.
Flashpoint analysts note that this vulnerability was reported in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments. Specifically, this vulnerability is only present when the Primary Administration node is deployed in the cloud, rather than on-premises.
CVE-2025-5579
Airleader Master contains a flaw in the Login form triggered by improper authentication mechanisms. This flaw may allow a remote attacker to bypass authentication.
CVE-2025-20674
MediaTek Chipsets contain a flaw in the WLAN AP driver that is triggered as certain permissions are not properly checked. A remote attacker can gain elevated privileges with a specially crafted packet.
CVE-2025-5622
D-Link DIR-816 contains an overflow condition in /goform/wirelessApcli_5g that is triggered as input passed to the “apcli_mode_5g,” “apcli_enc_5g,” and “apcli_default_key_5g” parameters is not properly validated. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial-of-service or potentially allowing the execution of arbitrary code.
Because there is no official solution for this vulnerability, Flashpoint analysts recommend discontinuing use of affected devices.
CVE-2025-5419
Google V8 contains an out-of-bounds access flaw in the RedundantStoreAnalysis class in compiler/turboshaft/store-store-elimination-reducer-inl.h that is triggered as alias analysis during store-store elimination fails to properly handle fixed offsets in a dynamically indexed load. A context-dependent attacker can execute arbitrary code with a specially crafted web page.
Flashpoint analysts note that this is a library/framework vulnerability. This code is used in a wide variety of software, and the issue may manifest in a number of different ways. This issue was addressed in V8 on May 27, 2025, and mitigated on May 28 by a configuration change pushed out to Stable across all Chrome platforms. Google rates the severity as high for Google Chrome. This rating is normally for issues with potential code execution impact within the sandbox. It also covers issues interfering with browser security features or circumventing the same-origin policy. As of May 27, this has been reported as being exploited in the wild.
Previously Highlighted Vulnerabilities
| CVE/VulnDB ID | Flashpoint Published Date |
| CVE-2025-21218 | Week of January 15, 2025 |
| CVE-2024-57811 | Week of January 15, 2025 |
| CVE-2024-55591 | Week of January 15, 2025 |
| CVE-2025-23006 | Week of January 22, 2025 |
| CVE-2025-20156 | Week of January 22, 2025 |
| CVE-2024-50664 | Week of January 22, 2025 |
| CVE-2025-24085 | Week of January 29, 2025 |
| CVE-2024-40890 | Week of January 29, 2025 |
| CVE-2024-40891 | Week of January 29, 2025 |
| VulnDB ID: 389414 | Week of January 29, 2025 |
| CVE-2025-25181 | Week of February 5, 2025 |
| CVE-2024-40890 | Week of February 5, 2025 |
| CVE-2024-40891 | Week of February 5, 2025 |
| CVE-2024-8266 | Week of February 12, 2025 |
| CVE-2025-0108 | Week of February 12, 2025 |
| CVE-2025-24472 | Week of February 12, 2025 |
| CVE-2025-21355 | Week of February 24, 2025 |
| CVE-2025-26613 | Week of February 24, 2025 |
| CVE-2024-13789 | Week of February 24, 2025 |
| CVE-2025-1539 | Week of February 24, 2025 |
| CVE-2025-27364 | Week of March 3, 2025 |
| CVE-2025-27140 | Week of March 3, 2025 |
| CVE-2025-27135 | Week of March 3, 2025 |
| CVE-2024-8420 | Week of March 3, 2025 |
| CVE-2024-56196 | Week of March 10, 2025 |
| CVE-2025-27554 | Week of March 10, 2025 |
| CVE-2025-22224 | Week of March 10, 2025 |
| CVE-2025-1393 | Week of March 10, 2025 |
| CVE-2025-24201 | Week of March 17, 2025 |
| CVE-2025-27363 | Week of March 17, 2025 |
| CVE-2025-2000 | Week of March 17, 2025 |
| CVE-2025-27636 CVE-2025-29891 | Week of March 17, 2025 |
| CVE-2025-1496 | Week of March 24, 2025 |
| CVE-2025-27781 | Week of March 24, 2025 |
| CVE-2025-29913 | Week of March 24, 2025 |
| CVE-2025-2746 | Week of March 24, 2025 |
| CVE-2025-29927 | Week of March 24, 2025 |
| CVE-2025-1974 CVE-2025-2787 | Week of March 31, 2025 |
| CVE-2025-30259 | Week of March 31, 2025 |
| CVE-2025-2783 | Week of March 31, 2025 |
| CVE-2025-30216 | Week of March 31, 2025 |
| CVE-2025-22457 | Week of April 2, 2025 |
| CVE-2025-2071 | Week of April 2, 2025 |
| CVE-2025-30356 | Week of April 2, 2025 |
| CVE-2025-3015 | Week of April 2, 2025 |
| CVE-2025-31129 | Week of April 2, 2025 |
| CVE-2025-3248 | Week of April 7, 2025 |
| CVE-2025-27797 | Week of April 7, 2025 |
| CVE-2025-27690 | Week of April 7, 2025 |
| CVE-2025-32375 | Week of April 7, 2025 |
| VulnDB ID: 398725 | Week of April 7, 2025 |
| CVE-2025-32433 | Week of April 12, 2025 |
| CVE-2025-1980 | Week of April 12, 2025 |
| CVE-2025-32068 | Week of April 12, 2025 |
| CVE-2025-31201 | Week of April 12, 2025 |
| CVE-2025-3495 | Week of April 12, 2025 |
| CVE-2025-31324 | Week of April 17, 2025 |
| CVE-2025-42599 | Week of April 17, 2025 |
| CVE-2025-32445 | Week of April 17, 2025 |
| VulnDB ID: 400516 | Week of April 17, 2025 |
| CVE-2025-22372 | Week of April 17, 2025 |
| CVE-2025-32432 | Week of April 29, 2025 |
| CVE-2025-24522 | Week of April 29, 2025 |
| CVE-2025-46348 | Week of April 29, 2025 |
| CVE-2025-43858 | Week of April 29, 2025 |
| CVE-2025-32444 | Week of April 29, 2025 |
| CVE-2025-20188 | Week of May 3, 2025 |
| CVE-2025-29972 | Week of May 3, 2025 |
| CVE-2025-32819 | Week of May 3, 2025 |
| CVE-2025-27007 | Week of May 3, 2025 |
| VulnDB ID: 402907 | Week of May 3, 2025 |
| VulnDB ID: 405228 | Week of May 17, 2025 |
| CVE-2025-47277 | Week of May 17, 2025 |
| CVE-2025-34027 | Week of May 17, 2025 |
| CVE-2025-47646 | Week of May 17, 2025 |
| VulnDB ID: 405269 | Week of May 17, 2025 |
| VulnDB ID: 406046 | Week of May 19, 2025 |
| CVE-2025-48926 | Week of May 19, 2025 |
| CVE-2025-47282 | Week of May 19, 2025 |
| CVE-2025-48054 | Week of May 19, 2025 |
| CVE-2025-41651 | Week of May 19, 2025 |
Transform Vulnerability Management with Flashpoint
Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.