December 2025 – Page 7 – TheCyberThrone

Apache Tika CVE-2025-66516 Scores Perfect 10

CVE-2025-66516, a critical XXE vulnerability in Apache Tika's core with CVSS 10.0, exposes organizations to data exfiltration and SSRF through malicious PDF uploads, affecting document processing pipelines in search, DLP,…

PravinKarthik December 6, 2025

React2Shell CVE-2025-55182- Shaking React and Next.js Ecosystems

React Server Components promised a revolution in web development—seamless server-side rendering with client interactivity. But a critical flaw dubbed React2Shell has turned that promise into a widespread security crisis. Tracked…

PravinKarthik December 5, 2025

King Addons vulnerability CVE-2025-8489 for Elementor Plugin

A critical security vulnerability, tracked as CVE-2025-8489, has been discovered in the popular King Addons for Elementor WordPress plugin, affecting versions from 24.12.92 through 51.1.14. This vulnerability allows unauthenticated attackers…

PravinKarthik December 4, 2025

Android Framework Zero-Days Hit CISA KEV

CISA added two high-severity Android Framework vulnerabilities—CVE-2025-48572 and CVE-2025-48633—to its Known Exploited Vulnerabilities (KEV) catalog on December 1, 2025, confirming limited, targeted exploitation in the wild. These zero-days, addressed in…

PravinKarthik December 3, 2025

Android Patch Update December 2025

December 2025 brings one of the most important Android security updates of the year, with over a hundred vulnerabilities fixed across the OS, kernel, and major chipset vendors. This blog…

PravinKarthik December 2, 2025