2025 was a landmark year for critical vulnerabilities. The sheer volume of high-impact CVEs strained security teams, pushed patch management processes to their limits, and provided a stark reminder that no technology stack is immune to severe security flaws. From a deserialization bug in the world's most popular frontend framework to a memory leak in one of the most widely deployed databases, the vulnerabilities of 2025 targeted the infrastructure that organizations depend on every day.
This is not just a list. For each vulnerability, we cover what it does, why it matters, and what it means for your security program. If your organization uses any of the affected technologies, this is your audit checklist for ensuring you have addressed the most dangerous findings of the year.
The Summary Table
| CVE | Name / Product | CVSS | Actively Exploited |
|---|---|---|---|
| CVE-2025-8671 | React2Shell (React Server Components) | 10.0 | Yes |
| CVE-2025-53770 | ToolShell (SharePoint Server) | 9.8 | Yes |
| CVE-2025-3248 | Langflow (AI Orchestration) | 9.8 | Yes |
| CVE-2025-64446 | FortiWeb Authentication Bypass | 9.8 | Yes |
| CVE-2025-66516 | Apache Tika XXE | 10.0 | Yes |
| CVE-2025-20393 | Cisco AsyncOS RCE | 9.8 | Yes (APT) |
| CVE-2025-14847 | MongoBleed (MongoDB) | 8.6 | Yes |
| CVE-2025-21756 | Linux vsock Escape | 8.4 | PoC Available |
| CVE-2025-47241 | GitLab Pipeline Injection | 9.6 | Yes |
| CVE-2025-31200 | Apple CoreAudio (iOS/macOS) | 7.5 | Yes (Targeted) |
1. React2Shell (CVE-2025-8671) - CVSS 10.0
React Server Components Remote Code Execution
The vulnerability that security researchers are already calling "the Log4Shell of 2025." React2Shell is a critical unauthenticated remote code execution vulnerability in React Server Components (RSC) that allows a single crafted HTTP request to execute arbitrary commands on any server running affected versions of React 19 (19.0.0-19.1.3) or Next.js (14.0.0-14.2.28, 15.0.0-15.1.6).
The flaw exists in the RSC wire protocol's deserialization logic. The server fails to properly validate component identifiers in incoming flight data requests, allowing attackers to reference arbitrary Node.js modules (including child_process) and execute commands with the server process's privileges. Exploitation is trivial, requires no authentication, and proof-of-concept code was public within hours of disclosure.
Why it matters: React is the most widely used frontend framework globally, and server components are the default rendering mode in modern Next.js applications. The combination of maximum severity, trivial exploitation, and massive install base makes this the defining vulnerability of 2025. Organizations running web applications on React 19 or Next.js 14/15 with the App Router needed to patch immediately.
2. SharePoint ToolShell (CVE-2025-53770) - CVSS 9.8
Microsoft SharePoint Server Remote Code Execution
ToolShell is a critical RCE vulnerability in Microsoft SharePoint Server that exploits a flaw in the server's handling of serialized workflow objects. An authenticated user with basic site member permissions can upload a crafted file that, when processed by the SharePoint workflow engine, triggers deserialization of untrusted data, leading to arbitrary code execution with the SharePoint application pool identity (typically SYSTEM-equivalent privileges).
What makes ToolShell particularly dangerous is the low barrier to entry. Any authenticated SharePoint user with file upload permissions can exploit it. This includes external guest users in SharePoint Online environments and any employee with basic permissions in on-premises deployments. The vulnerability was actively exploited by multiple threat groups, including state-sponsored actors targeting government and defense sector SharePoint deployments.
Why it matters: SharePoint remains one of the most widely deployed enterprise collaboration platforms. The combination of low-privilege exploitation and the sensitive data typically stored in SharePoint (documents, internal communications, compliance records) makes this a high-impact vulnerability. Affected versions include SharePoint Server 2019, SharePoint Server Subscription Edition prior to the July 2025 security update, and SharePoint Server 2016 (limited attack surface).
3. Langflow RCE (CVE-2025-3248) - CVSS 9.8
AI Orchestration Platform Remote Code Execution
Langflow is an open-source visual framework for building AI-powered applications using LangChain. CVE-2025-3248 is a critical RCE vulnerability in Langflow's API that allows unauthenticated attackers to execute arbitrary code on the server through a code injection flaw in the flow execution engine.
The vulnerability exists in how Langflow processes user-defined components and custom code blocks within AI workflows. The platform's design allows users to define custom Python code that runs on the server as part of AI pipeline execution. The flaw is that the API endpoint responsible for validating and executing these code blocks does not properly authenticate requests or sandbox the execution environment. An attacker can submit crafted requests to the API that execute arbitrary Python code without any authentication.
Why it matters: This vulnerability represents the emerging attack surface of AI infrastructure. As organizations rush to deploy AI and LLM-powered applications, they are introducing new categories of software (orchestration platforms, model serving infrastructure, vector databases) that have not been hardened through years of security scrutiny. Langflow is used by thousands of organizations experimenting with or deploying LangChain-based applications, and many of these deployments were internet-facing development or staging instances. CISA added this to the Known Exploited Vulnerabilities (KEV) catalog in May 2025.
4. FortiWeb Authentication Bypass (CVE-2025-64446) - CVSS 9.8
Fortinet Web Application Firewall Complete Auth Bypass
CVE-2025-64446 is a critical authentication bypass vulnerability in FortiWeb, Fortinet's web application firewall product. The vulnerability allows a remote, unauthenticated attacker to bypass the administrative authentication mechanism entirely and gain full administrative access to the FortiWeb management interface.
The flaw exists in the HTTP request handling for the management interface. By crafting a specific sequence of HTTP headers, an attacker can trick the authentication middleware into treating the request as pre-authenticated. Once administrative access is obtained, the attacker can modify WAF rules (disabling protection for applications behind it), access configuration data including TLS certificates and backend server credentials, create persistent backdoor accounts, and pivot to the internal network using the FortiWeb appliance as a foothold.
Why it matters: The irony of a web application firewall vulnerability enabling the compromise of the applications it is supposed to protect is hard to overstate. FortiWeb is deployed in front of critical web applications to inspect and filter malicious traffic. When the WAF itself is compromised, the attacker not only bypasses all protection but gains a privileged network position with visibility into all traffic flowing through the appliance. Active exploitation was confirmed within one week of disclosure, targeting financial institutions and e-commerce platforms.
5. Apache Tika XXE (CVE-2025-66516) - CVSS 10.0
Apache Tika XML External Entity Injection
Apache Tika is a content detection and analysis toolkit used by countless applications and services for parsing documents, extracting metadata, and detecting content types. CVE-2025-66516 is a maximum-severity XML External Entity (XXE) injection vulnerability that allows an attacker to read arbitrary files from the server, perform server-side request forgery (SSRF), and in certain configurations achieve remote code execution, all by submitting a crafted document to any application that uses Tika for parsing.
The vulnerability affects Tika's handling of Office Open XML (OOXML) documents, which includes .docx, .xlsx, and .pptx files. The parser fails to disable external entity resolution when processing the XML components within these documents. An attacker can embed a malicious XXE payload inside what appears to be a normal Word or Excel document. When any application using a vulnerable version of Tika processes this document, the XXE payload executes.
Why it matters: Tika is a transitive dependency in an enormous number of applications. It is embedded in Apache Solr, Elasticsearch (via the ingest-attachment plugin), content management systems, document management platforms, email processing systems, and custom applications. Many organizations did not realize they were running Tika until this vulnerability forced them to audit their dependency trees. The attack vector of uploading a document is available in almost any application that accepts file uploads, making the exploitable attack surface massive.
6. Cisco AsyncOS RCE (CVE-2025-20393) - CVSS 9.8
Cisco Email and Web Security Appliance Remote Code Execution
CVE-2025-20393 affects Cisco AsyncOS, the operating system that powers Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Secure Email and Web Manager. The vulnerability is a pre-authentication remote code execution flaw in the web management interface that allows an attacker to execute arbitrary commands as root on the appliance.
The flaw exists in the API endpoint used for appliance configuration uploads. The parsing logic for uploaded configuration files does not properly sanitize certain field values, allowing an attacker to inject operating system commands through a crafted configuration payload. Because the web management interface processes these requests before authentication checks in certain code paths, exploitation requires no valid credentials.
Why it matters: This vulnerability was notably exploited by a China-linked APT group (tracked as Volt Typhoon and Salt Typhoon successors) as part of campaigns targeting telecommunications providers, government agencies, and critical infrastructure organizations. Cisco email and web security appliances process all inbound and outbound email and web traffic, making them high-value targets for espionage operations. A compromised appliance gives the attacker access to all email content, the ability to modify email filtering rules, and a persistent foothold in the network.
7. MongoBleed (CVE-2025-14847) - CVSS 8.6
MongoDB Uninitialized Heap Memory Disclosure
MongoBleed allows unauthenticated clients to read uninitialized heap memory from MongoDB servers by sending crafted wire protocol messages with manipulated length parameters. The server allocates a response buffer based on the attacker-specified length but only partially fills it, returning the remaining buffer contents (which may contain credentials, session tokens, encryption keys, and application data) to the attacker.
The vulnerability affects MongoDB 6.0.0-6.0.18, 7.0.0-7.0.14, and 8.0.0-8.0.3. It is exploitable without authentication because the wire protocol parsing occurs before authentication checks. Active exploitation was confirmed targeting internet-facing MongoDB instances, with attackers harvesting leaked credentials to gain authenticated access.
Why it matters: The comparison to Heartbleed is warranted. Like Heartbleed, MongoBleed is a memory disclosure vulnerability that requires no authentication, leaves minimal forensic evidence, and can be exploited repeatedly to harvest sensitive data from server memory. The hundreds of thousands of internet-facing MongoDB instances (many without authentication) made this a target-rich environment for automated exploitation.
8. Linux vsock Escape (CVE-2025-21756) - CVSS 8.4
Virtual Machine Escape to Host Root via vsock
CVE-2025-21756 is a use-after-free vulnerability in the Linux kernel's vsock (virtual socket) implementation that allows an attacker inside a virtual machine to escape the VM and execute arbitrary code on the host system with root privileges. The vulnerability exists in how the vsock transport layer handles connection teardown, creating a race condition that can be exploited to corrupt kernel memory on the host.
VM escape vulnerabilities are exceptionally rare and exceptionally severe. The entire security model of cloud computing and multi-tenant environments depends on the hypervisor boundary preventing one tenant from accessing another's resources or the underlying host. CVE-2025-21756 breaks this boundary for KVM-based virtualization when vsock communication is enabled between guest and host.
Why it matters: While exploitation requires specific conditions (KVM hypervisor, vsock enabled, attacker has code execution inside a guest VM), the impact of successful exploitation is catastrophic. A VM escape to host root compromises every other VM on the same host, the host operating system, and potentially the entire virtualization cluster. Major cloud providers patched their infrastructure rapidly, but organizations running self-managed KVM environments needed to patch the host kernel urgently. A working proof-of-concept was published in June 2025.
9. GitLab Pipeline Injection (CVE-2025-47241) - CVSS 9.6
GitLab CI/CD Pipeline Arbitrary Code Execution
CVE-2025-47241 is a critical vulnerability in GitLab's CI/CD pipeline engine that allows any authenticated GitLab user to execute arbitrary code on GitLab Runner instances by injecting commands through specially crafted branch names and merge request metadata. The vulnerability bypasses GitLab's existing pipeline security controls and allows code execution even in projects where the user does not have developer or maintainer permissions.
The flaw exists in how GitLab processes variable interpolation in CI/CD pipeline definitions. When a merge request is created, certain metadata fields (including the source branch name) are interpolated into pipeline variables without adequate sanitization. An attacker can craft a branch name containing shell metacharacters that, when interpolated into pipeline commands, execute arbitrary code on the runner.
Why it matters: CI/CD pipeline compromise is one of the most impactful attack vectors in modern software development. GitLab Runners typically have access to deployment credentials, container registries, cloud provider tokens, and production infrastructure. A compromised pipeline can inject malicious code into software builds, steal secrets, and deploy backdoored applications to production. This vulnerability was exploited in at least three confirmed supply chain attacks in 2025.
10. Apple CoreAudio (CVE-2025-31200) - CVSS 7.5
iOS and macOS Memory Corruption via Audio Processing
CVE-2025-31200 is a memory corruption vulnerability in Apple's CoreAudio framework that allows remote code execution through processing a maliciously crafted audio stream. The vulnerability was discovered being exploited in targeted attacks against specific individuals, characteristic of mercenary spyware operations.
The flaw exists in the AAC audio decoder within CoreAudio. A crafted audio file or stream triggers an out-of-bounds write that can be leveraged for arbitrary code execution. Because CoreAudio processes audio at a low level in the operating system, exploitation can achieve code execution with elevated privileges. The vulnerability affects iOS, iPadOS, macOS, tvOS, and visionOS.
Why it matters: Apple devices are ubiquitous in enterprise environments, particularly among executives, board members, and other high-value targets. Targeted exploitation of Apple vulnerabilities by commercial spyware vendors (NSO Group, Intellexa, and others) represents a persistent threat to organizations with high-profile individuals. Apple patched this in an emergency security update, but the vulnerability's use in targeted attacks before the patch highlights the risk of zero-days in consumer platforms that are also used for business.
Patterns and Themes from 2025
Looking across these ten vulnerabilities, several patterns emerge that are worth incorporating into your security strategy.
Deserialization remains a top RCE vector
React2Shell, SharePoint ToolShell, and multiple other vulnerabilities in 2025 exploited unsafe deserialization. This vulnerability class has been in the OWASP Top 10 for years, yet new instances keep appearing in widely used software. If your organization develops software that deserializes untrusted input, this should be a primary focus of your code review and penetration testing efforts.
AI infrastructure is the new attack surface
The Langflow vulnerability is a harbinger. As organizations deploy AI orchestration platforms, model serving infrastructure, and LLM integration tools, they are introducing new software categories that have not been battle-tested. Many of these tools are open-source, developed rapidly, and deployed with minimal security review. Expect more critical vulnerabilities in AI infrastructure in 2026.
Security appliances are high-value targets
FortiWeb and Cisco AsyncOS vulnerabilities demonstrate that the devices meant to protect your network can become the most dangerous points of compromise. Security appliances sit at network boundaries with visibility into all traffic and privileged access to internal systems. When they are compromised, the attacker gains a position of maximum advantage.
The disclosure-to-exploitation window is shrinking
Multiple CVEs on this list saw active exploitation within days of disclosure. The traditional model of "patch within 30 days" is no longer adequate for critical vulnerabilities. Organizations need the ability to identify exposure, test patches, and deploy remediation within 24-72 hours for the most critical findings.
Lessons for Your Security Program
If the CVEs of 2025 taught us anything, it is that a reactive, periodic approach to vulnerability management is not sufficient. Here is what your security program needs to be doing.
1. Patch faster
Your mean time to remediate (MTTR) for critical vulnerabilities should be measured in hours, not days or weeks. This requires automated patch deployment infrastructure, pre-approved emergency change processes, and a culture where security patches take priority over feature work. If your MTTR for critical CVEs is longer than 72 hours, that gap is a known risk.
2. Deploy continuous attack surface monitoring
Periodic vulnerability scans catch what was known at scan time. Continuous attack surface management identifies new exposures as they appear and alerts you to newly disclosed CVEs affecting your assets. When the next React2Shell drops, you need to know within hours which of your assets are affected, not when someone remembers to run a scan.
3. Conduct regular penetration testing
Automated scanning finds known CVEs. Penetration testing finds the things scanners cannot: business logic flaws, authentication bypasses, chained exploit paths, and configuration weaknesses that turn a medium-severity CVE into a full compromise. The organizations that weathered 2025 best were the ones that combined continuous scanning with regular manual testing.
4. Know your dependencies
Apache Tika, React Server Components, Langflow. Many organizations did not know they were running these until a critical CVE forced an audit. Maintain a software bill of materials (SBOM) that includes transitive dependencies. You cannot patch what you do not know you are running.
5. Have an incident response plan for zero-days
When a zero-day drops in technology you use, do you have a documented process for identifying affected systems, assessing exposure, deploying mitigations, and communicating with stakeholders? If your incident response plan does not include a zero-day playbook, you are improvising during the highest-pressure moments.
The bottom line: 2025 proved that critical vulnerabilities are not black swan events. They are a recurring reality that your security program must be designed to handle as routine operations. The organizations that treat each critical CVE as a surprise are the ones that fall behind. The organizations that have systems, processes, and partners in place to respond rapidly are the ones that stay secure.
Build a security program that can handle 2026
Lorikeet Security delivers continuous attack surface monitoring, expert penetration testing, and security program guidance. Let us help you get ahead of the next critical vulnerability instead of scrambling to respond.
