CISA Warns of 4 Actively Exploited Vulnerabilities—Patch Now

735 words, ~3 min read

---
title: "CISA Warns of 4 Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds 4 critical exploited vulnerabilities"
description: "CISA has added four new actively exploited vulnerabilities to its KEV catalog. Learn about the risks, affected systems, and mitigation steps to protect your network."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, known-exploited-vulnerabilities, cve, cybersecurity, patch-management]
score: 0.87
cve_ids: [CVE-2024-7399, CVE-2024-57726, CVE-2024-57728, CVE-2025-29635]
---

## TL;DR
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. These flaws pose significant risks to federal agencies and organizations worldwide. Immediate patching and mitigation are strongly recommended to prevent potential cyberattacks.

Main Content

The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its warnings after adding four newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are frequent attack vectors for malicious cyber actors and pose severe risks to the federal enterprise and global organizations.

Given the active exploitation of these flaws, CISA urges all organizations—not just federal agencies—to prioritize timely remediation as part of their vulnerability management practices.

### Key Points
- CISA has added four new vulnerabilities to its KEV Catalog based on evidence of active exploitation.
- The vulnerabilities affect Samsung MagicINFO, SimpleHelp, and D-Link DIR-823X products.
- Binding Operational Directive (BOD) 22-01 requires federal agencies to remediate these vulnerabilities by specified deadlines.
- While BOD 22-01 applies only to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly recommends all organizations address these flaws promptly.
- Failure to patch these vulnerabilities could expose networks to cyberattacks, data breaches, and unauthorized access.

Technical Details

The four vulnerabilities added to the KEV Catalog are:

1. CVE-2024-7399Samsung MagicINFO 9 Server Path Traversal Vulnerability
- This flaw allows attackers to traverse directories and access sensitive files on the server.
- Exploitation could lead to unauthorized data access or system compromise.

2. CVE-2024-57726SimpleHelp Missing Authorization Vulnerability
- This vulnerability enables attackers to bypass authorization checks and gain unauthorized access to sensitive functionalities.
- Exploitation could result in privilege escalation or remote code execution (RCE).

3. CVE-2024-57728SimpleHelp Path Traversal Vulnerability
- Similar to CVE-2024-7399, this flaw allows attackers to traverse directories and access restricted files.
- Successful exploitation could lead to data leaks or further system compromise.

4. CVE-2025-29635D-Link DIR-823X Command Injection Vulnerability
- This vulnerability permits attackers to inject and execute arbitrary commands on the affected device.
- Exploitation could result in full system takeover or network infiltration.

Impact Assessment

The addition of these vulnerabilities to the KEV Catalog underscores their high-risk nature. Malicious cyber actors actively exploit these flaws to:

  • Gain unauthorized access to sensitive systems and data.
  • Execute remote code execution (RCE) attacks.
  • Conduct data exfiltration or sabotage.
  • Compromise entire networks by leveraging these vulnerabilities as entry points.

Federal agencies are required to remediate these vulnerabilities by the deadlines specified in BOD 22-01. However, all organizations—regardless of sector—are advised to prioritize patching these flaws to mitigate potential cyber threats.

Mitigation Steps

To reduce exposure to these vulnerabilities, CISA recommends the following actions:

1. Apply Patches Immediately
- Download and install the latest security updates from the respective vendors:
- Samsung MagicINFO
- SimpleHelp
- D-Link

2. Restrict Access to Vulnerable Systems
- Limit network access to affected products to trusted users and devices only.

3. Monitor for Suspicious Activity
- Deploy intrusion detection systems (IDS) and security information and event management (SIEM) tools to detect potential exploitation attempts.

4. Follow CISA’s Guidelines
- Refer to CISA’s Binding Operational Directive 22-01 and the KEV Catalog for detailed remediation guidance.

Conclusion

The addition of these four vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog serves as a critical reminder of the importance of proactive cybersecurity measures. Organizations must prioritize patching these flaws to protect their networks from active threats.

While federal agencies are mandated to address these vulnerabilities, all organizations should treat this as a wake-up call to strengthen their vulnerability management practices. Failure to act could result in devastating cyberattacks, data breaches, and operational disruptions.

Stay vigilant, patch promptly, and monitor your systems to stay one step ahead of cyber threats.

## References
[^1]: CISA. "CISA Adds Four Known Exploited Vulnerabilities to Catalog". Retrieved 2025-01-24.
[^2]: CISA. "Known Exploited Vulnerabilities Catalog". Retrieved 2025-01-24.
[^3]: CISA. "Binding Operational Directive 22-01". Retrieved 2025-01-24.

Related CVEs