Threat Advisories - NVD Disclosed December 18, 2025

CVE-2025-7358

SoliClub Authentication Abuse Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A critical hard-coded credentials vulnerability in SoliClub allows authentication abuse, potentially enabling unauthorized access to application data and functionalities. This issue could lead to significant compromise if exploited. The vulnerability is reachable over the network.

NVD published: December 18, 2025

CVE advisoryKnown Exploit

CVE-2025-40602

SonicWall SMA1000 Privilege Escalation Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

SonicWall SMA1000 appliance management consoles are affected by a local privilege escalation vulnerability. This could allow an attacker to gain elevated access, potentially leading to unauthorized data modification or system changes, posing a business risk.

NVD published: December 18, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-68461

Roundcube Webmail Vulnerability Allows Cross-Site Scripting

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Roundcube Webmail may allow for script execution, potentially impacting user sessions and data. Organizations should identify and patch affected systems promptly to mitigate business risk.

NVD published: December 18, 2025 • CISA KEV