CISA Adds Four Vulnerabilities to KEV Catalog; Urges Fixes
🚨 CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2024-7399 (Samsung MagicINFO 9 path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). The agency notes these are common attack vectors that present significant risk to the federal enterprise and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. Although that directive applies only to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of standard vulnerability management.
