Welcome to this month’s Vulnerability Report, brought to you by Rivanorth Oko, the leading dark web monitoring solution in Australia.
In this report, we analyse security vulnerabilities discovered in May that are actively exploited by cybercriminals. While many assume that advanced threats pose the greatest danger, most incidents occur because known vulnerabilities remain unpatched.
Once attackers gain access through these flaws, they often deploy malware such as information stealers or ransomware. The resulting data breaches often lead to stolen information being listed or sold on the dark web, a space our dark web scanning and cybercrime monitoring platform continuously tracks.
This report provides not just a list of vulnerabilities but actionable insights informed by real-time cyber threat detection and dark web threat intelligence gathered through Oko.
What is a CVE, and why does it matter?
A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed security flaw, tracked and catalogued to help organisations mitigate risks. Despite being publicly known, many CVEs remain unpatched, providing a direct entry point for attackers.
These vulnerabilities are often linked to data leaks, with attackers using them to install malware, exfiltrate credentials, and compromise internal systems. This compromised data then becomes part of larger dark web data breaches, contributing to credential stuffing campaigns and ransomware attacks.
How CVEs Lead to Dark Web Exposure
Unpatched CVEs play a major role in the supply chain of cybercrime. Here is how:
- Initial access is gained via an unpatched CVE
- Information-stealing malware collects browser data, credentials, and sensitive files
- The stolen data is exfiltrated, bundled, and either sold or leaked
- The data resurfaces in dark web markets, often linked to broader breaches
Our dark web investigation capabilities enable detection of this activity, whether the breach occurs within your network or through a third party.
Actively Exploited CVEs
-
CVE-2025-4632 – Samsung MagicINFO 9 Server
Affected Version: before 21.1052
Severity Rating: 9.8 (Critical) -
CVE-2025-32756 – Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, FortiCamera
Affected Versions: multiple
Severity Rating: 9.8 (Critical) -
CVE-2025-42999 – SAP NetWeaver Visual Composer
Severity Rating: 9.1 (Critical) -
CVE-2025-4428 – Ivanti Endpoint Manager Mobile
Affected Version: 12.5.0.0 and prior
Severity Rating: 8.8 (High) -
CVE-2025-32709 – Windows Ancillary Function Driver for WinSock
Severity Rating: 7.8 (High) -
CVE-2025-32706 – Windows Common Log File System Driver
Severity Rating: 7.8 (High) -
CVE-2025-30400 – Windows DWM
Severity Rating: 7.8 (High) -
CVE-2025-4427 – Ivanti Endpoint Manager Mobile
Affected Version: 12.5.0.0 and prior
Severity Rating: 7.5 (High) -
CVE-2025-30397 – Microsoft Scripting Engine
Severity Rating: 7.5 (High) -
CVE-2025-27920 – Output Messenger
Affected Version: before 2.0.63
Severity Rating: 7.2 (High) -
CVE-2025-35939 – Craft CMS
Affected Versions: 5.7.5 and 4.15.3
Severity Rating: 6.9 (Medium) -
CVE-2025-47729 – TeleMessage archiving backend
Affected Version: through 2025-05-05
Severity Rating: 4.9 (Medium)
Recommendations
If your organisation uses any of the affected software versions, take the following actions:
- Apply security patches and ensure deployment is verified across all endpoints
- Monitor for signs of compromise using tools that provide cyber threat intelligence and behavioural analysis
- Isolate vulnerable systems through segmentation and access control
- Track mentions of your company or partners using a dark web protection service like Oko
Why Oko is Critical for CVE Response
Even with patches in place, threats may already be active. Oko's AI-driven dark web monitoring delivers proactive visibility into:
- Leaked credentials and internal documents
- Mentions of your organisation in ransomware forums
- Listings of compromised access related to known CVEs
- Breaches of third-party vendors who handle your sensitive data
This kind of dark web security and cybercrime monitoring is crucial in the Australian threat landscape.
Proactive Security: Do Not Wait Until It's Too Late
Cybercriminals are continuously scanning the internet for unpatched systems. A proactive security strategy involves patching, monitoring, and staying ahead of evolving threats through threat intelligence in Australia.
Rivanorth Oko dark web solution provides early warning signs that your data has been exposed or targeted. With a focus on dark web monitoring in Australia, Oko helps businesses take control of their digital risk before it’s too late.
Need to know if your business is at risk?
Click here, to request a free dark web threat intelligence check today.
Join Our Newsletter