NVD disclosure day

Published threat advisories for October 14, 2025

CVE advisoryKnown Exploit

CVE-2025-59287

Windows Server Update Service Remote Code Execution Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

Windows Server Update Service is affected by a vulnerability allowing unauthorized remote code execution. This poses a significant business risk as attackers can compromise affected systems and operations. Exploitation requires no special privileges or user interaction.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-59230

Windows Elevation of Privilege Vulnerability in Remote Access Manager.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An improper access control vulnerability in Windows Remote Access Connection Manager allows a local attacker with authorized access to elevate privileges. This impacts organizations by enabling potential unauthorized access to sensitive data and disruption of business operations. The realistic business risk involves co

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-24990

Windows Agere Modem Driver Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability was identified in a third-party Agere Modem driver in Windows. This driver's removal impacts fax modem hardware functionality. Organizations should remove dependencies on this hardware to mitigate business risk.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2025-10610

Winsure SQL Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability in Winsure could permit unauthenticated attackers to infer sensitive information or manipulate data by sending specially crafted network input. This impacts the integrity and availability of system data. Technical readers and security-aware leaders should confirm if their organization uses

NVD published: