On this page, I list the latest zero-day vulnerabilities. These ought to be patched immediately to prevent potential threat actors from attacking the infrastructure.
These zero-day vulnerabilities list the latest threats. For remedial action, yon can refer the pages referenced by each zero-day threat.
The list below is curated manually. Due consideration has been paid to the vulnerabilities based on the following criteria:
- CVSS rating of the vulnerability
- EPSS score of the percentage of exploitation expected
- KEV or the Known Exploited Vulnerability database
Please share your comments or feedback over email to techepage at gmail.com.
Zero-day Vulnerabilities seeing increased exploitation attempts
The following security vulnerabilities are experiencing increased exploitation attempts during the last week (ending November 25, 2025)
CVE-2025-61757 – CVSS 9.8 – Critical – Oracle Fusion Middleware
This vulnerability is in the KEV catalog maintained by the CISA.
Vulnerability description – Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager.
Oracle has published security update to mitigage the risk.
CVE-2025-13223 – CVSS 8.8 – HIGH Severity – Type Confusion in V8 in Google Chrome
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High).
This vulnerability has been added by the CISA to the KEV catalog with a resolution date of 12 December 2025. You can check the CISA page here.
On November 20, 2025, Chrome released stable channel version 143.0.7499.40/.41 for Windows and Mac. So, users are requested to update to the latest Chrome version. Build 142 of Chrome was active in October 2025. Therefore, apply at least one security update released by Chome development team in the month of November 2025.
CVE-2025-58034 – Fortinet FortiWeb OS Command Injection Vulnerability – CVSS 7.8 – HIGH Severity
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Affected versions of FortiWeb include the following:
- Versions from including (>=) 7.0.0 and before (<) 7.0.12
- Versions from including (>=) 7.2.0 and before (<) 7.2.12
- Versions from including (>=) 7.4.0 and before (<) 7.4.11
- Versions from including (>=) 7.6.0 and before (<) 7.6.6
- Versions from including (>=) 8.0.0 and before (<) 8.0.2
CISA reference page can be read. The expected resolution date is 25 November 2025.