CVE-2015-7648
ENISA EUVD: EUVD-2015-7551 ↗
✓ Confirmed 0-Day
Triaged: March 20, 2026
1 article
Published: 2015-10-18
EPSS Score
Source: FIRST.org · 2026-05-23
56.76%
probability
This CVE has a 56.76% probability
of being exploited in the next 30 days.
0%
Top 98.2th percentile of all CVEs
100%
CVSS v2 (legacy)
10.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
VulnerabilityLookup (CNA)Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
Affected Products
n/a
n/a
Exploits & PoC
http://rhn.redhat.com/errata/RHSA-2015-1913.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-2024.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1033850
vdb-entry
x_refsource_SECTRACK
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201511-02
vendor-advisory
x_refsource_GENTOO
https://www.exploit-db.com/exploits/38970/
exploit
x_refsource_EXPLOIT-DB
Signal Intelligence
Confidence
72%
EPSS
56.76%
Mentions
1
CNA Information
CNA Assigner
adobe
Analyst Note
CVE-2015-7648 is explicitly identified as a zero-day in TheHackerNews article reporting active exploitation by Pawn Storm against foreign affairs ministries prior to patch availability. The article references an emergency patch being released in response to the active wild exploitation. However, confidence is moderate due to limited corroborating sources (only 1 article) and unavailable official CVE details for independent verification.
Triage Info
Decided atMar 20, 2026
Published DateOct 18, 2015