Here’s a curated list of the most recent unauthenticated remote code execution (RCE) vulnerabilities (CVE-listed). These issues allow attackers to execute arbitrary code without valid credentials, and many are already being actively exploited.
If anybody wants to share each poc exploits, it would be very good for our fellows.
If anybody wants to share each poc exploits, it would be very good for our fellows.
| # | CVE ID(s) | Product / Component | Summary |
|---|---|---|---|
| 1 | CVE-2025-53770 | Microsoft SharePoint Server | ToolShell exploit: auth bypass via ToolPane.aspx, enables web-shell upload & secret theft |
| 2 | CVE-2025-47812 | Wing FTP Server | Null-byte injection leads to Lua RCE as SYSTEM/root; actively exploited in the wild |
| 3 | CVE-2025-23319 / 23320 / 23334 | NVIDIA Triton Inference Server | Chained Python backend flaws lead to unauthenticated full-server RCE |
| 4 | CVE-2025-32433 | Erlang/OTP SSH Server | SSH message handling flaw allows pre-auth RCE (CVSS 10.0) |
| 5 | CVE-2025-20337 | Cisco ISE | API-based unauthenticated RCE yielding root |
| 6 | CVE-2025-3248 | Langflow (low-code LLM framework) | Critical RCE via unauthenticated request |
| 7 | CVE-2025-29306 | FoxCMS v1.2.5 | Unsafe handling of id parameter leads to RCE |
| 8 | CVE-2025-20281 | Cisco ISE (older issue) | Another critical API-based unauthenticated RCE in ISE |
| 9 | CVE-2025-53771 | SharePoint Server | Referer header spoof for authentication bypass, likely related to ToolShell chain |
| 10 | CVE-2025-24813 | (unspecified; generic) | Path equivalence flaw enabling RCE & file injection |