All news with #kev added tag

CISA Adds Five CVEs to Known Exploited Vulnerabilities

🚨 CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2022-48503 (Apple), CVE-2025-2746 and CVE-2025-2747 (Kentico Xperience Staging Sync Server), CVE-2025-33073 (Microsoft Windows SMB Client), and CVE-2025-61884 (Oracle E-Business Suite SSRF). These flaws include authentication bypasses, improper access control, and SSRF, which are frequent attack vectors and pose significant risks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate identified KEV items by the required due dates; CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practice.

CISA Warns: Critical Adobe AEM Flaw Actively Exploited

🚨 CISA has added a maximum-severity vulnerability in Adobe Experience Manager (AEM) Forms to its Known Exploited Vulnerabilities Catalog after confirming active exploitation. Tracked as CVE-2025-54253, the flaw is an authentication bypass via Struts DevMode that can result in unauthenticated remote code execution on AEM JEE 6.5.23 and earlier. Adobe released fixes on August 9 after public proof-of-concept code appeared; CISA requires federal agencies to remediate by November 5 and urges all organizations to prioritize patching, apply vendor mitigations, or restrict Internet access to affected AEM Forms deployments.

CISA Adds Adobe AEM Critical RCE Flaw with CVSS 10.0

⚠ Adobe's Experience Manager (AEM) has a critical misconfiguration—CVE-2025-54253—scored 10.0 and added to CISA's KEV after evidence of active exploitation. The flaw exposes the /adminui/debug servlet, which evaluates OGNL expressions without authentication, enabling arbitrary code execution via a single crafted HTTP request. Adobe addressed the issue in 6.5.0-0108; affected organizations should apply updates immediately and FCEB agencies must remediate by November 5, 2025.

CISA Adds KEV Entry: Adobe Experience Manager Vulnerability

🔔CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-54253, an Adobe Experience Manager Forms code execution vulnerability that CISA says shows evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their assigned due dates. CISA strongly urges all organizations to prioritize timely remediation and follow vendor guidance and standard patch management practices; the agency will continue updating the catalog as new exploitation evidence emerges.

Microsoft Patches 183 Flaws; Two Windows Zero-Days

🔒 Microsoft released updates addressing 183 vulnerabilities across its products, including three flaws now known to be exploited in the wild. Two Windows zero-days — CVE-2025-24990 (Agere modem driver, ltmdm64.sys) and CVE-2025-59230 (RasMan) — can grant local elevation of privilege; Microsoft plans to remove the legacy Agere driver rather than patch it. A third exploited issue bypasses Secure Boot in IGEL OS (CVE-2025-47827). With Windows 10 support ending unless enrolled in ESU, organizations should prioritize these fixes; CISA has added the three to its KEV catalog and set a federal remediation deadline.

CISA Adds Five Exploited Vulnerabilities to KEV Catalog

🔒 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions include CVE-2016-7836 (SKYSEA Client View), CVE-2025-6264 (Rapid7 Velociraptor), CVE-2025-24990 and CVE-2025-59230 (Microsoft Windows), and CVE-2025-47827 (IGEL OS). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the designated due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

CISA Adds Grafana Path Traversal to KEV Catalog Notice

📢 CISA has added CVE-2021-43798 — a Grafana path traversal vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. The agency notes that path traversal is a frequent attack vector that poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates. CISA strongly urges all organizations to prioritize remediation and will continue updating the KEV Catalog.

CISA Adds Synacor Zimbra XSS to Known Exploited Catalog

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-27915, a cross-site scripting (XSS) flaw in Synacor Zimbra Collaboration Suite (ZCS). CISA notes that XSS remains a common attack vector that can enable credential theft, session hijacking, and distribution of malicious content. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by prescribed due dates. CISA urges all organizations to prioritize timely remediation and reduce exposure.

Oracle EBS Targeted by Cl0p Exploiting CVE-2025-61882

🚨 CrowdStrike attributes the exploitation of Oracle E-Business Suite to Graceful Spider, also known as Cl0p, with the first observed compromise on August 9, 2025. The attacks exploit a critical pre-authentication remote code execution flaw, CVE-2025-61882 (CVSS 9.8), enabling authentication bypass and the upload of malicious XSLT templates via Oracle XML Publisher. Successful exploitation leads to outbound connections from the Java web server and remote web shell deployment for data exfiltration and persistence; CISA has added the flaw to its Known Exploited Vulnerabilities catalog and urged agencies to patch immediately.

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

CISA Adds Meteobridge Command Injection CVE-2025-4008

⚠️ CISA has added a high-severity command injection flaw, CVE-2025-4008, affecting Smartbedded Meteobridge to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The vulnerability allows unauthenticated remote attackers to execute arbitrary commands as root via a vulnerable /cgi-bin/template.cgi endpoint that improperly uses eval calls. ONEKEY reported the issue and Meteobridge issued a fix in version 6.2 on May 13, 2025.

CISA Adds Five Vulnerabilities to KEV Catalog — Oct 2025

🔔 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The additions are CVE-2014-6278 (GNU Bash), CVE-2015-7755 (Juniper ScreenOS), CVE-2017-1000353 (Jenkins), CVE-2025-4008 (Smartbedded Meteobridge), and CVE-2025-21043 (Samsung mobile). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by their due dates; CISA urges all organizations to prioritize timely mitigation and patching.

CISOs Urged to Rethink Vulnerability Management amid Surge

⚠️ Enterprises face an unprecedented surge in disclosed vulnerabilities — over 20,000 in H1 2025 — with roughly 35% (6,992) accompanied by public exploit code, according to Flashpoint. Security leaders are urged to adopt risk-based patching and intelligence-led remediation that prioritizes remotely exploitable and actively exploited flaws while factoring in business context. Relying solely on CVE and the NVD is increasingly impractical due to enrichment delays; experts recommend integrating threat context, exposure management, and CTEM-style operations to concentrate limited resources on what truly matters.

CISA: Critical sudo Linux Vulnerability Actively Exploited

⚠ CISA warns that a critical sudo vulnerability (CVE-2025-32463) is being actively exploited to gain root privileges on Linux systems. The flaw affects sudo versions 1.9.14 through 1.9.17 and can be abused via the -R (--chroot) option to run arbitrary commands as root even for users not listed in sudoers. A proof-of-concept was published in early July and CISA has added the issue to its KEV catalog, requiring federal mitigations by October 20 or discontinuation of sudo.

CISA Adds Critical Sudo Vulnerability to KEV Catalog

🔒 CISA added a critical vulnerability affecting the Sudo utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, CVE-2025-32463 (CVSS 9.3), impacts Sudo versions prior to 1.9.17p1 and can be abused via the -R (--chroot) option to execute arbitrary commands as root, bypassing sudoers. Four additional flaws were also added to the KEV list. Agencies and organizations are advised to apply mitigations and updates by October 20, 2025 and upgrade or implement compensating controls immediately.

CISA Adds Five Vulnerabilities to KEV Catalog; Federal Risk

⚠️ CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on Sept. 29, 2025, citing evidence of active exploitation. The newly listed issues are CVE-2021-21311 (Adminer SSRF), CVE-2025-20352 (Cisco IOS/IOS XE stack overflow), CVE-2025-10035 (Fortra GoAnywhere deserialization), CVE-2025-59689 (Libraesva command injection), and CVE-2025-32463 (sudo untrusted-control vulnerability). Federal Civilian Executive Branch agencies must remediate these under BOD 22-01, and CISA urges all organizations to prioritize timely fixes as part of standard vulnerability management.

Urgent Cisco ASA Zero-Day Duo Under Active Attack Now

⚠️ Cisco is urging customers to immediately patch two zero-day vulnerabilities affecting the VPN web server in Cisco Secure Firewall Adaptive Security Appliance (ASA) and FTD software after observing exploitation in the wild. CVE-2025-20333 (CVSS 9.9) allows an authenticated VPN user to execute arbitrary code as root; CVE-2025-20362 (CVSS 6.5) permits unauthenticated access to restricted URL endpoints. CISA has issued Emergency Directive ED 25-03, added both flaws to the Known Exploited Vulnerabilities catalog with a 24-hour mitigation requirement, and warned of a widespread campaign linked to the ArcaneDoor/UAT4356 cluster that can modify ASA ROM to persist.

CISA Directs Agencies to Mitigate Cisco Device Risks

🚨 CISA issued Emergency Directive ED 25-03 directing federal agencies to identify, analyze, and mitigate potential compromises of Cisco ASA and Cisco Firepower devices after adding CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. Agencies must inventory all devices (all versions) and collect memory/core dump files for forensic analysis, transmitting them to CISA by 11:59 p.m. EST on Sept. 26. CISA published supplemental guidance, an Eviction Strategies Tool template, and referenced Cisco and UK NCSC analyses to support containment, eviction, and remediation.

CISA: Federal Agency Breached via GeoServer RCE Incident

🔒 CISA reported that an unnamed federal civilian agency was breached after actors exploited CVE-2024-36401, an RCE in a public-facing GeoServer, on July 11, 2024. The vendor had patched the flaw on June 30 and CISA added it to the KEV catalogue on July 15; a second GeoServer was compromised on July 24. Attackers deployed open-source tools and web shells such as China Chopper, used living-off-the-land and brute-force techniques, and established persistence. CISA highlighted failures in timely patching, incident-response testing, and continuous EDR monitoring.

CISA: GeoServer RCE Exploit Led to Federal Agency Breach

🔒 CISA says attackers breached a U.S. federal agency after exploiting an unpatched GeoServer instance using the critical RCE flaw CVE-2024-36401. Threat actors uploaded web shells and access scripts, then moved laterally to compromise a web server and an SQL server. The intrusion remained undetected for three weeks until an EDR alert flagged suspected malware on July 31, 2024. CISA urges rapid patching of critical flaws and continuous EDR monitoring.