Current CVEs You Need to Patch — Critical Threats in August 2025
- Microsoft SharePoint: ToolShell Exploitation (CVE-2025-53770 / 53771)
- What's happening: A critical deserialization vulnerability (CVE-2025-53770, CVSS 9.8) is being actively exploited. It enables unauthenticated remote code execution on-premises. It's part of the "ToolShell" exploit chain, including spoofing bypass (CVE-2025-53771).
- Impacted systems: SharePoint Server 2016, 2019, Subscription Edition – SharePoint Online is unaffected.
- Recommended action: Patch immediately. Microsoft has issued urgent guidance and CISA added this to its Known Exploited Vulnerabilities catalog.
- CitrixBleed 2: NetScaler Memory Leak (CVE-2025-5777)
- Overview: A critical input validation flaw in Citrix NetScaler ADC and Gateway allows unauthenticated memory overread – leaking tokens, credentials, and more.
- Scope: Affects widespread versions (ADC 14.1 and before, Gateway 13.1 and before). CISA placed it in its KEV catalog and mandated patching within 24 hours.
- Action required: Patch immediately. Reduce exposure by isolating affected admin interfaces until fixed.
- Android "No-Touch" Remote Code Execution (CVE-2025-48530, 22441, 48533)
- What's going on: Google issued a critical patch for three remote code execution CVEs allowing exploitation without user interaction– dubbed "no-touch" attacks.
- Affected devices: Many current Android phone– though older models like Pixel 3a, Galaxy S10, OnePlus 7 are now unsupported and remain vulnerable.
- Recommended action: Update Android devices immediately. For unsupported models, consider upgrading.
- Apple Zero-Day Under Active Exploitation (CVE-2025-6558)
- Summary: Apple addressed an actively exploited zero-day flaw in WebKit– affecting iOS, macOS, iPadOS, watchOS, and more– that enables arbitrary code execution via crafted HTML content.
- Mandate: CISA added it to its KEV list, requiring patching by federal agencies by August 12.
- What to do: Install the latest iOS 18.6 / macOS Sequoia 15.6 updates now.
Why These Matter
| Risk | Why You Should Care |
|---|---|
| ToolShell | Full network compromise—not just isolated systems. |
| CitrixBleed 2 | Credential theft can enable wide-reaching breaches. |
| Android "No-Touch" | Phones are gateways to personal and corporate data. |
| Apple Webkit Zero-day | Targeted attacks bypass browser sandbox defenses. |
ThreatGrid Takeaways
- Prioritize patching these CVEs immediately, starting with enterprise assets.
- Monitor logs and anomalous behavior post-patch to detect lingering activity.
- Harden configurations– e.g, Secure Boot validation, Network segmentation, disabled unused services.
- Consider temporary mitigations where patches are not yet available or devices are unsupported.
