Post

Cisa Adds Four Known Exploited Vulnerabilities

Posted
By 10alert
1 min read
Cisa Adds Four Known Exploited Vulnerabilities

title: “CISA Expands Known Exploited Vulnerabilities Catalog with Four New Entries” categories: [Cybersecurity & Data Protection, Vulnerabilities] tags: [cybersecurity, vulnerabilities, threat intelligence] author: “Vitus” date: 2025-07-07 —

TL;DR

The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities pose significant risks to federal and private organizations, highlighting the need for proactive remediation.

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding four new vulnerabilities. This update is based on evidence of active exploitation, underscoring the urgent need for organizations to address these security threats promptly.

New Vulnerabilities Added to the Catalog

The following vulnerabilities have been added to the KEV Catalog:

  1. CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
  2. CVE-2016-10033: PHPMailer Command Injection Vulnerability
  3. CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability
  4. CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability

These vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to both federal and private sector organizations.

Importance of the KEV Catalog

The KEV Catalog was established as part of Binding Operational Directive (BOD) 22-01, which aims to reduce the significant risk of known exploited vulnerabilities. This directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due dates to protect against active threats. For more information, refer to the BOD 22-01 Fact Sheet.

Recommendations for Organizations

Although BOD 22-01 applies specifically to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach is essential for reducing exposure to cyberattacks.

CISA will continue to update the catalog with vulnerabilities that meet the specified criteria, ensuring that organizations stay informed about the latest threats.

Conclusion

The addition of these four vulnerabilities to the KEV Catalog highlights the ongoing need for vigilance in cybersecurity. Organizations must remain proactive in identifying and addressing these threats to protect their digital infrastructure effectively.

Additional Resources

For further insights, check:

References

This post is licensed under CC BY 4.0 by the author.