🧠 Introduction
July 2025 saw a sharp spike in critical cybersecurity vulnerabilities exploited (CVEs) in the wild — with several affecting commonly used platforms in Australian businesses, such as Microsoft SharePoint, Google Chrome, and Fortinet systems.
Using data from the CISA Known Exploited Vulnerabilities Catalog, we’ve analysed the top CVEs added in July 2025 and identified those that pose the greatest risk to Australian networks.
This list is especially relevant for SMEs, MSPs, and IT leaders responsible for patching enterprise and customer-facing applications.
📊 Top Exploited CVEs – July 2025
Here’s a breakdown of the most critical CVEs with confirmed exploitation in the wild, sorted by severity and relevance to Australian infrastructure:
| CVE ID | Vendor | Product | Vulnerability Type | CWE | Date Added | Due Date |
|---|---|---|---|---|---|---|
| 25-49704 | Microsoft | SharePoint | Code Injection | CWE-94 | 2025-07-22 | 2025-07-23 |
| 25-49706 | Microsoft | SharePoint | Improper Authentication | CWE-287 | 2025-07-22 | 2025-07-23 |
| 25-53770 | Microsoft | SharePoint | Deserialization of Untrusted Data | CWE-502 | 2025-07-21 | 2025-07-23 |
| 25-6558 | Chromium | Improper Input Validation | CWE-20 | 2025-07-22 | 2025-08-12 | |
| 25-54309 | CrushFTP | CrushFTP | Alternate Channel Access | CWE-420 | 2025-07-22 | 2025-08-12 |
| 25-25257 | Fortinet | FortiWeb | SQL Injection | CWE-89 | 2025-07-18 | 2025-08-04 |
| 25-5777 | Citrix | NetScaler ADC & Gateway | Out-of-Bounds Read | CWE-125 | 2025-07-10 | 2025-07-25 |
| 25-48928 | TeleMessage | TM SGNL | Code Dump Exposure | CWE-528 | 2025-07-01 | 2025-07-23 |
💡 CWE refers to the Common Weakness Enumeration system used to classify software vulnerabilities by type.
📈 Analysis & Trends
- Microsoft SharePoint vulnerabilities dominated July’s list, with three different CVEs affecting various layers of its authentication and deserialization logic — indicating it’s a high-value target for attackers.
- Web-facing applications (SharePoint, FortiWeb, Chromium, CrushFTP) made up over 70% of the list, reinforcing the need for hardened perimeter defenses.
- All vulnerabilities listed are actively being exploited, meaning attackers are using them in real-world attacks — not theoretical exploits.
🔧 What Should Australian Organisations Do?
If your infrastructure includes any of the above software, you should:
- Apply patches immediately – All of these CVEs have recommended vendor mitigations available now.
- Audit public-facing assets – Use tools like Shodan or Censys to check exposure of systems like CrushFTP or SharePoint.
- Review internal access controls – Many CVEs involve privilege escalation or improper access logic (e.g., CWE-287, CWE-420).
- Monitor logs and network traffic – Look for indicators of compromise tied to each vendor’s advisories (see links below).
- Educate your security team – Stay current on KEV additions using RSS or email updates from CISA.
🔗 Resources
- CISA KEV Catalog
- Microsoft SharePoint Security Guidance
- Chromium Security Advisories
- Fortinet Threat Intelligence
- Citrix Product Security Updates
Your next read: Kaspersky Antivirus Free: The Ultimate Guide for 2025