December 3, 2025 ASM Discovery Engine Release

Attack Surface Management Discovery Engine release v2025.12.03

This Attack Surface Management Discovery Engine release includes:

Vulnerability Checks

  • Added CVE-2025-0107 - Palo Alto Networks Expedition OS Command Injection
  • Added CVE-2025-34031 - Moodle Jmol Filter Local File Inclusion
  • Added CVE-2025-61757 - Oracle Access Management REST WebServices - Authentication Bypass
  • Added CVE-2024-27348 - Apache HugeGraph - Remote Command Execution
  • Added CVE-2025-52472 - XWiki Platform HQL Injection
  • Added CVE-2025-62168 - Squid HTTP Authentication Credential Disclosure
  • Added CVE-2025-64446 - FortiWeb - Authentication Bypass
  • Added CVE-2025-10035 - GoAnywhere MFT - Insecure Deserialization / Auth Bypass
  • Added CVE-2024-50498 - Wordpress Query Console Plugin - Remote Code Execution
  • Added CVE-2025-58360 - GeoServer XML External Entity Injection
© Copyright Mandiant. All rights reserved
  • First Published: December 3, 2025
  • Last updated: January 29, 2026
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.