Post

CISA Updates Catalog with Five New Exploited Vulnerabilities

Posted
By Tom Grant
1 min read
CISA Updates Catalog with Five New Exploited Vulnerabilities

TL;DR

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities pose significant risks to federal and private organizations.

Main Content

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with five new entries, based on evidence of active exploitation. These vulnerabilities are critical targets for cyber attackers and present substantial risks to federal agencies and private sector organizations.

Newly Added Vulnerabilities

  1. CVE-2021-32030: ASUS Routers Improper Authentication Vulnerability
  2. CVE-2023-39780: ASUS RT-AX55 Routers OS Command Injection Vulnerability
  3. CVE-2024-56145: Craft CMS Code Injection Vulnerability
  4. CVE-2025-3935: ConnectWise ScreenConnect Improper Authentication Vulnerability
  5. CVE-2025-35939: Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

These vulnerabilities are frequently exploited by malicious actors, making them significant threats to cybersecurity.

Binding Operational Directive (BOD) 22-01

The KEV Catalog was established under Binding Operational Directive (BOD) 22-01. This directive aims to reduce the significant risk of known exploited vulnerabilities by mandating Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates. This proactive measure helps protect FCEB networks against active threats. For more details, refer to the BOD 22-01 Fact Sheet.

Recommendations for All Organizations

Although BOD 22-01 is specifically directed at FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of KEV Catalog vulnerabilities. Incorporating this into their vulnerability management practices will significantly reduce their exposure to cyberattacks. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.

Feedback and Engagement

CISA values your input and encourages you to share your thoughts through their anonymous survey. Your feedback is crucial in enhancing their services and initiatives.

For more details, visit the full article: source

Conclusion

The addition of these five vulnerabilities to the KEV Catalog underscores the ongoing need for vigilance and proactive remediation efforts. Organizations must stay informed and take immediate action to mitigate these risks, ensuring the security and integrity of their networks.

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence vulnerability
This post is licensed under CC BY 4.0 by the author.