Welcome to this month’s Vulnerability Report, brought to you by Rivanorth Oko, the leading dark web monitoring solution in Australia.
In this report, we analyse security vulnerabilities discovered in May that are actively exploited by cybercriminals. While many assume that advanced threats pose the greatest danger, most incidents occur because known vulnerabilities remain unpatched.
Once attackers gain access through these flaws, they often deploy malware such as information stealers or ransomware. The resulting data breaches often lead to stolen information being listed or sold on the dark web, a space our dark web scanning and cybercrime monitoring platform continuously tracks.
This report provides not just a list of vulnerabilities but actionable insights informed by real-time cyber threat detection and dark web threat intelligence gathered through Oko.
A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed security flaw, tracked and catalogued to help organisations mitigate risks. Despite being publicly known, many CVEs remain unpatched, providing a direct entry point for attackers.
These vulnerabilities are often linked to data leaks, with attackers using them to install malware, exfiltrate credentials, and compromise internal systems. This compromised data then becomes part of larger dark web data breaches, contributing to credential stuffing campaigns and ransomware attacks.
Unpatched CVEs play a major role in the supply chain of cybercrime. Here is how:
Our dark web investigation capabilities enable detection of this activity, whether the breach occurs within your network or through a third party.
CVE-2025-4632 – Samsung MagicINFO 9 Server
Affected Version: before 21.1052
Severity Rating: 9.8 (Critical)
CVE-2025-32756 – Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, FortiCamera
Affected Versions: multiple
Severity Rating: 9.8 (Critical)
CVE-2025-42999 – SAP NetWeaver Visual Composer
Severity Rating: 9.1 (Critical)
CVE-2025-4428 – Ivanti Endpoint Manager Mobile
Affected Version: 12.5.0.0 and prior
Severity Rating: 8.8 (High)
CVE-2025-32709 – Windows Ancillary Function Driver for WinSock
Severity Rating: 7.8 (High)
CVE-2025-32706 – Windows Common Log File System Driver
Severity Rating: 7.8 (High)
CVE-2025-30400 – Windows DWM
Severity Rating: 7.8 (High)
CVE-2025-4427 – Ivanti Endpoint Manager Mobile
Affected Version: 12.5.0.0 and prior
Severity Rating: 7.5 (High)
CVE-2025-30397 – Microsoft Scripting Engine
Severity Rating: 7.5 (High)
CVE-2025-27920 – Output Messenger
Affected Version: before 2.0.63
Severity Rating: 7.2 (High)
CVE-2025-35939 – Craft CMS
Affected Versions: 5.7.5 and 4.15.3
Severity Rating: 6.9 (Medium)
CVE-2025-47729 – TeleMessage archiving backend
Affected Version: through 2025-05-05
Severity Rating: 4.9 (Medium)
If your organisation uses any of the affected software versions, take the following actions:
Even with patches in place, threats may already be active. Oko's AI-driven dark web monitoring delivers proactive visibility into:
This kind of dark web security and cybercrime monitoring is crucial in the Australian threat landscape.
Cybercriminals are continuously scanning the internet for unpatched systems. A proactive security strategy involves patching, monitoring, and staying ahead of evolving threats through threat intelligence in Australia.
Rivanorth Oko dark web solution provides early warning signs that your data has been exposed or targeted. With a focus on dark web monitoring in Australia, Oko helps businesses take control of their digital risk before it’s too late.
Need to know if your business is at risk?
Click here, to request a free dark web threat intelligence check today.