NVD disclosure day

Published threat advisories for September 18, 2025

CVE-2025-10035

Fortra GoAnywhere MFT Command Injection Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A deserialization vulnerability in Fortra's GoAnywhere MFT may allow an attacker to execute commands, potentially impacting systems and data.

NVD published: September 18, 2025 • CISA KEV

CVE advisoryCRITICAL

CVE-2025-54807

Hardcoded Firmware Key Allows Full System Bypass

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists where a hardcoded secret in device firmware allows attackers to bypass authentication and gain complete system access. This issue is relevant to systems using this firmware, and if reachable, could compromise system integrity and availability. Readers should care because this could lead

NVD published: September 18, 2025