< ciso
brief />
Tag Banner

All news with #cisa kev tag

176 articles · page 6 of 9

Fortinet guidance: ongoing CVE-2026-24858 SSO bypass

🔒 Fortinet released guidance after disclosure of CVE-2026-24858, an authentication bypass in FortiCloud single sign-on (SSO) that can allow an attacker with a FortiCloud account to access devices registered to other users. The flaw affects multiple products including FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Fortinet temporarily disabled FortiCloud SSO on Jan. 26, 2026 and restored the service with mitigations on Jan. 27; CISA added the CVE to its KEV Catalog and urges operators to check for indicators of compromise and apply vendor updates immediately.
read more →

CISA Adds Five Known Exploited Vulnerabilities to Catalog

⚠️ CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, affecting Linux Kernel, SmarterMail, Microsoft Office, and GNU InetUtils. The newly listed CVEs are CVE-2018-14634, CVE-2025-52691, CVE-2026-21509, CVE-2026-23760, and CVE-2026-24061 and represent frequent attack vectors that pose significant risks to federal and enterprise environments. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates, and CISA urges all organizations to prioritize timely remediation as part of vulnerability management.
read more →

CISA Adds Four Actively Exploited Flaws to KEV Catalog

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, including a high-severity PHP remote file inclusion in Zimbra (CVE-2025-68645) and an authentication bypass in Versa Concerto (CVE-2025-34026). One entry describes a supply-chain compromise that trojanized eslint-config-prettier and six related npm packages to deliver a malicious DLL. Federal agencies are required to remediate under BOD 22-01 by February 12, 2026.
read more →

CISA Adds VMware vCenter CVE to KEV Catalog January 2026

⚠️ CISA has added CVE-2024-37079, an out-of-bounds write in VMware vCenter Server (Broadcom), to the Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of memory-corruption flaw is a common attacker vector and poses significant risk to the federal enterprise. Under BOD 22-01, FCEB agencies must remediate cataloged vulnerabilities by the required due date; CISA urges all organizations to prioritize timely remediation and to reduce exposure to active threats.
read more →

CISA Adds Four Vulnerabilities to KEV Catalog; Agencies Urged

⚠️ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries include CVE-2025-31125 (Vite improper access control), CVE-2025-34026 (Versa Concerto improper authentication), CVE-2025-54313 (Prettier eslint-config-prettier embedded malicious code), and CVE-2025-68645 (Synacor Zimbra Collaboration Suite PHP remote file inclusion). CISA urges organizations to prioritize remediation and follow BOD 22-01 guidance to reduce exposure to active threats.
read more →

CISA Adds Cisco Code Injection CVE to KEV Catalog (Jan 2026)

🔔 CISA has added CVE-2026-20045, a code injection vulnerability affecting Cisco Unified Communications products, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The agency warns that code injection is a frequent attack vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by the required deadlines. CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.
read more →

CISA Flags Active Exploitation of Gogs Symlink Flaw

⚠️ CISA has added a high-severity flaw in Gogs to its Known Exploited Vulnerabilities list after active attacks were observed. Tracked as CVE-2025-8110 (CVSS v4.0 8.7), the issue stems from improper handling of symbolic links in the PutContents API and allows authenticated users to overwrite files outside repositories, potentially enabling remote code execution. Wiz reported hundreds of compromises and Censys shows over 1,600 exposed instances; no official patch is yet available, so administrators should apply immediate mitigations such as disabling open registration and restricting access.
read more →

CISA: Active Exploitation of Gogs Path Traversal Flaw

⚠️ CISA has added CVE-2025-8110 to its Known Exploited Vulnerabilities catalog after reports of active exploitation targeting Gogs. The high-severity (CVSS 8.7) flaw is a path traversal in the repository file editor's PutContents API that mishandles symbolic links and can lead to remote code execution. There is not yet an official upstream patch, though GitHub pull requests show fixes have been merged and maintainers say new images will include the correction once built. Until patched, users should disable default open-registration, restrict server access behind VPNs or allow-lists, and apply other access controls; FCEB agencies must implement mitigations by Feb 2, 2026.
read more →

CISA Orders Federal Patch for Gogs RCE Zero-Day Exploit

⚠️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a high-severity remote code execution flaw in Gogs tracked as CVE-2025-8110. The issue is a path traversal weakness in the PutContents API that lets authenticated attackers overwrite files outside repositories via symbolic links, enabling arbitrary command execution. Patches released last week add symlink-aware path validation; agencies must remediate by February 2, 2026. Administrators are advised to disable default open registration and restrict server access.
read more →

CISA Retires Ten Emergency Directives After Review

🔐 CISA has formally closed ten Emergency Directives issued between 2019 and 2024 after finding their objectives were met and required remediations implemented across federal civilian agencies. The agency said many issues were absorbed into Binding Operational Directive 22-01 and are now tracked via the known exploited vulnerabilities (KEV) catalog. A subset of directives were closed because requirements no longer matched current risk posture, while Emergency Directives remain available for urgent threats.
read more →

CISA Retires Ten Emergency Directives, Strengthening Security

🛡️ CISA announced the retirement of ten Emergency Directives issued between 2019 and 2024 after required mitigations were implemented or their coverage was incorporated into BOD 22‑01 and CISA’s Known Exploited Vulnerabilities catalog. The closures include directives tied to specific CVEs and high‑profile incidents such as SolarWinds and Exchange. CISA said the action reflects strengthened federal remediation, operational collaboration, and continued emphasis on Secure by Design principles.
read more →

CISA Flags Critical HPE OneView Flaw as Actively Exploited

🚨 CISA has added a maximum-severity vulnerability in HPE OneView (CVE-2025-37164) to its catalog of flaws actively exploited in the wild. Reported by Nguyen Quoc Khanh (brocked200) and patched by HPE in mid-December, the bug affects all OneView releases before v11.00 and enables unauthenticated code-injection attacks leading to remote code execution. There are no known mitigations or workarounds; HPE and CISA urge immediate upgrades, and federal agencies must remediate by January 28 under BOD 22-01.
read more →

CISA Flags Microsoft Office and HPE OneView KEV Flaws

⚠️ CISA added two vulnerabilities — in Microsoft Office PowerPoint (CVE-2009-0556, CVSS 8.8) and HPE OneView (CVE-2025-37164, CVSS 10.0) — to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. The HPE flaw permits unauthenticated remote code execution and affects versions prior to 11.00; HPE has released hotfixes for OneView 5.20 through 10. A proof-of-concept exploit for CVE-2025-37164 was disclosed publicly on December 23, 2025, prompting eSentire to urge immediate patching. Federal agencies subject to BOD 22-01 are instructed to remediate by January 28, 2026.
read more →

CISA Adds Two CVEs to KEV Catalog, Urges Remediation

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0556 (Microsoft Office PowerPoint code injection) and CVE-2025-37164 (HPE OneView code injection). CISA notes evidence of active exploitation and highlights that these vulnerability types are frequent attack vectors posing significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by the specified due date. CISA strongly urges all organizations to prioritize timely remediation as part of sound vulnerability management.
read more →

CISA Adds CVE-2025-14847 (MongoDB) to KEV Catalog Now

⚠️ CISA has added CVE-2025-14847, an MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency vulnerability, to the KEV Catalog after evidence of active exploitation. The designation signals a significant risk to the federal enterprise under BOD 22-01, which requires Federal Civilian Executive Branch agencies to remediate listed vulnerabilities by their due dates. Although BOD 22-01 applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and will continue adding qualifying CVEs to the catalog.
read more →

CISA Adds One KEV: CVE-2023-52163 for Digiever DS-2105

⚠️ CISA has added CVE-2023-52163 — a missing authorization flaw in Digiever DS-2105 Pro — to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate cataloged vulnerabilities by specified due dates, and CISA emphasizes this entry represents a common and significant attack vector. While the binding directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation and incorporate this KEV into their vulnerability management processes.
read more →

CISA Flags ASUS Live Update CVE, But Attack Is Years Old

🛡️ CISA's addition of CVE-2025-59374 to the KEV catalog documents a historical ASUS Live Update supply‑chain compromise rather than a new, active campaign. The CVE formalizes the 2018–2019 'ShadowHammer' incident in which maliciously modified Live Update binaries were selectively delivered to targeted systems, and the client reached End‑of‑Support in October 2021. ASUS's December 2025 FAQ appears to be a documentation update clarifying upgrade paths to the last Live Update release (3.6.15), and CISA emphasized that KEV inclusion does not necessarily indicate ongoing exploitation. Security teams should apply context‑aware triage and ensure supported software is up to date.
read more →

RCE Flaw Exposes Over 115,000 WatchGuard Firewalls

⚠️WatchGuard released patches for a critical remote code execution vulnerability, CVE-2025-14733, affecting Firebox devices running Fireware OS 11.x, 12.x and 2025.1 up to 2025.1.3. The flaw permits unauthenticated attackers to execute arbitrary code on devices configured for IKEv2 VPN, and may also be reachable via certain Branch Office VPN setups. Shadowserver reported more than 115,000 exposed instances online. CISA added the issue to its KEV catalog and ordered federal agencies to patch under BOD 22-01.
read more →

CISA Adds Critical ASUS Live Update Flaw to KEV Catalog

⚠️ CISA has added a critical vulnerability (CVE-2025-59374, CVSS 9.3) in ASUS Live Update to its Known Exploited Vulnerabilities catalog after identifying evidence of active exploitation tied to a supply-chain compromise. The flaw stems from trojanized installer builds distributed during the 2018 Operation ShadowHammer campaign that could make targeted devices perform unintended actions. ASUS previously remediated the issue in v3.6.8, but the vendor has since declared the client end-of-support; federal agencies are urged to discontinue use by January 7, 2026.
read more →

CISA Adds Three CVEs to Known Exploited Vulnerabilities

🔔 CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The entries are CVE-2025-20393 (Cisco multiple products, improper input validation), CVE-2025-40602 (SonicWall SMA1000, missing authorization), and CVE-2025-59374 (ASUS Live Update, embedded malicious code). These flaws are frequent attack vectors that pose significant risks to federal and nonfederal organizations. Agencies covered by BOD 22-01 must remediate by the required due dates; CISA urges all organizations to prioritize mitigation.
read more →