CISA Adds New Vulnerability to Known Exploited Vulnerabilities Catalog
TL;DR
CISA has added a new FreeType Out-of-Bounds Write Vulnerability (CVE-2025-27363) to its Known Exploited Vulnerabilities Catalog. This addition is based on evidence of active exploitation, highlighting the critical need for timely remediation to protect against cyber threats.
Introduction
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with a new entry: the FreeType Out-of-Bounds Write Vulnerability, identified as CVE-2025-27363. This vulnerability has been actively exploited, posing significant risks to federal and private sector organizations.
Details of the Vulnerability
The CVE-2025-27363 vulnerability affects the FreeType library, which is widely used for rendering fonts. This out-of-bounds write flaw allows attackers to execute arbitrary code or cause a denial of service, making it a critical target for malicious actors.
CISA’s Binding Operational Directive (BOD) 22-01
CISA’s Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog to mitigate significant risks from known exploited vulnerabilities. This directive requires Federal Civilian Executive Branch (FCEB) agencies to address identified vulnerabilities by specified due dates.
For more details, refer to the BOD 22-01 Fact Sheet.
Impact on Federal and Private Sector Organizations
Although BOD 22-01 primarily applies to FCEB agencies, CISA strongly recommends that all organizations prioritize the remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach helps reduce exposure to cyberattacks and enhances overall cybersecurity posture.
Conclusion
The addition of CVE-2025-27363 to CISA’s catalog underscores the ongoing need for vigilant cybersecurity measures. Organizations must stay informed about actively exploited vulnerabilities and take prompt action to mitigate risks. For further updates, visit the CISA news page.