All news with #cisa kev tag

⚠️ CISA has added CVE-2023-52163 — a missing authorization flaw in Digiever DS-2105 Pro — to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate cataloged vulnerabilities by specified due dates, and CISA emphasizes this entry represents a common and significant attack vector. While the binding directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation and incorporate this KEV into their vulnerability management processes.

🛡️ CISA's addition of CVE-2025-59374 to the KEV catalog documents a historical ASUS Live Update supply‑chain compromise rather than a new, active campaign. The CVE formalizes the 2018–2019 'ShadowHammer' incident in which maliciously modified Live Update binaries were selectively delivered to targeted systems, and the client reached End‑of‑Support in October 2021. ASUS's December 2025 FAQ appears to be a documentation update clarifying upgrade paths to the last Live Update release (3.6.15), and CISA emphasized that KEV inclusion does not necessarily indicate ongoing exploitation. Security teams should apply context‑aware triage and ensure supported software is up to date.

⚠️WatchGuard released patches for a critical remote code execution vulnerability, CVE-2025-14733, affecting Firebox devices running Fireware OS 11.x, 12.x and 2025.1 up to 2025.1.3. The flaw permits unauthenticated attackers to execute arbitrary code on devices configured for IKEv2 VPN, and may also be reachable via certain Branch Office VPN setups. Shadowserver reported more than 115,000 exposed instances online. CISA added the issue to its KEV catalog and ordered federal agencies to patch under BOD 22-01.

⚠️ CISA has added a critical vulnerability (CVE-2025-59374, CVSS 9.3) in ASUS Live Update to its Known Exploited Vulnerabilities catalog after identifying evidence of active exploitation tied to a supply-chain compromise. The flaw stems from trojanized installer builds distributed during the 2018 Operation ShadowHammer campaign that could make targeted devices perform unintended actions. ASUS previously remediated the issue in v3.6.8, but the vendor has since declared the client end-of-support; federal agencies are urged to discontinue use by January 7, 2026.

🔔 CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The entries are CVE-2025-20393 (Cisco multiple products, improper input validation), CVE-2025-40602 (SonicWall SMA1000, missing authorization), and CVE-2025-59374 (ASUS Live Update, embedded malicious code). These flaws are frequent attack vectors that pose significant risks to federal and nonfederal organizations. Agencies covered by BOD 22-01 must remediate by the required due dates; CISA urges all organizations to prioritize mitigation.

🔔 CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The vulnerability is described as an improper verification of cryptographic signature affecting multiple Fortinet products and represents a high-risk attack vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by mandated due dates. CISA strongly urges all organizations to prioritize timely remediation and apply vendor fixes or mitigations promptly.

⚠️ CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The entries are CVE-2025-14611 (Gladinet CentreStack and Triofox hard coded cryptographic vulnerability) and CVE-2025-43529 (Apple multiple products use-after-free in WebKit). BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate listed KEV items by the specified due dates, and CISA strongly urges all organizations to prioritize timely remediation.

🚨 CISA has ordered federal agencies to immediately patch GeoServer to address a critical unauthenticated XML External Entity (XXE) flaw, tracked as CVE-2025-58360. The vulnerability (CVSS 9.8) enables attackers to retrieve arbitrary files, trigger SSRF, or cause denial-of-service against affected GeoServer instances. Exploit code has circulated since late November and CISA added the issue to its Known Exploited Vulnerabilities catalog, urging remediation before December 26, 2025.

⚠️ CISA has added a high-severity Sierra Wireless AirLink vulnerability, CVE-2018-4063, to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The flaw in the ACEManager upload.cgi function permits unrestricted file uploads that can lead to remote code execution, and ACEManager runs with root privileges. Federal agencies are advised to update affected devices to supported versions or discontinue use by January 2, 2026.

⚠ CISA added CVE-2025-14174, a Google Chromium out-of-bounds memory access vulnerability, to the Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of flaw frequently enables memory corruption and can lead to code execution or information disclosure, posing significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates; CISA urges all organizations to prioritize timely remediation as part of their vulnerability management.

🔒 CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The listed issue, CVE-2018-4063, affects Sierra Wireless AirLink ALEOS and involves an unrestricted upload of files with dangerous types, a common attack vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by prescribed deadlines, and CISA urges all organizations to prioritize timely remediation to reduce exposure.

🔔 CISA has added CVE-2025-58360 — an OSGeo GeoServer XML External Entity (XXE) vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The issue involves improper restriction of XML External Entity references, a common vector attackers use to access sensitive data or cause service disruption. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates; CISA also urges all organizations to prioritize timely patching, mitigations, and monitoring. CISA will continue updating the KEV Catalog as additional exploited CVEs meet its criteria.

🔒 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Microsoft Windows use-after-free). The agency cited evidence of active exploitation and emphasized that these flaws are frequent attack vectors posing significant risk to the federal enterprise. CISA reiterated that BOD 22-01 requires FCEB agencies to remediate cataloged CVEs by the required due dates and urged all organizations to prioritize timely remediation.

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2022-37055, a buffer overflow affecting D-Link routers, and CVE-2025-66644, an OS command injection in Array Networks ArrayOS AG. Both were included based on evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by their due dates, and CISA urges all organizations to prioritize timely remediation and risk-reduction measures.

⚠️ CISA has added a critical remote code execution flaw affecting React Server Components (tracked as CVE-2025-55182 / React2Shell) to its Known Exploited Vulnerabilities catalog. The vulnerability, rated CVSS 10.0, stems from insecure deserialization in React’s Flight protocol and enables unauthenticated attackers to run arbitrary commands via crafted HTTP requests. Fixes are available in react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack (versions 19.0.1, 19.1.2, 19.2.1) and should be applied immediately.

⚠️ CISA added CVE-2025-55182, a remote code execution vulnerability in Meta React Server Components, to the Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. This type of RCE is a common and serious attack vector that poses significant risk to federal networks and other organizations. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates. CISA strongly urges all organizations to prioritize timely remediation and vulnerability management to reduce exposure.

🚨 CISA added CVE-2021-26828 — an OpenPLC ScadaBR unrestricted file upload vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The flaw allows dangerous file types to be uploaded, a frequent attack vector that poses significant risks to federal networks. Under BOD 22-01 federal agencies must remediate cataloged CVEs by required dates; CISA also urges all organizations to prioritize remediation.

⚠️ CISA added two Android Framework vulnerabilities to the KEV Catalog: CVE-2025-48572 (privilege escalation) and CVE-2025-48633 (information disclosure). Both issues show evidence of active exploitation and pose significant risk to the federal enterprise. Under BOD 22-01, FCEB agencies must remediate cataloged vulnerabilities by their due dates; CISA strongly urges all organizations to prioritize timely patching and other mitigations.

⚠️ CISA has added an actively exploited cross-site scripting flaw, CVE-2021-26829, to its Known Exploited Vulnerabilities catalog after reports of operational abuse against OpenPLC ScadaBR. The XSS affects Windows 1.12.4 and Linux 0.9.1 via system_settings.shtm and was used to deface HMI pages and disable logs. Federal civilian agencies must remediate by December 19, 2025; operators should apply vendor fixes, change default credentials, enable logging and monitor for web-layer manipulation and outbound callbacks.

🔔 CISA has added CVE-2021-26829 — a cross-site scripting vulnerability in OpenPLC ScadaBR — to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Cross-site scripting is a frequent attack vector that can enable data theft, session hijacking, and unauthorized actions, posing significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV-listed flaws by the specified due date; CISA also strongly urges all organizations to prioritize timely remediation. CISA will continue to update the catalog as new threats meet its criteria.