CISA Updates KEV Catalog with New Critical Vulnerability
Discover the latest vulnerability added to CISA's KEV Catalog and learn how to protect against exploitation with essential mitigation steps and expert insights.
TL;DR
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with a new critical vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Organizations are urged to apply mitigations and updates to protect against active exploitation.
CISA Adds New Vulnerability to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The latest addition, CVE-2025-22457, is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal enterprises and organizations.
Mitigation Steps and Guidelines
CISA strongly urges organizations to apply the necessary mitigations as outlined in their guidelines. Key actions include:
- Conducting Hunt Activities: Proactively search for signs of compromise within your network.
- Taking Remediation Actions: Apply patches and updates to address the vulnerability.
- Applying Updates: Ensure all devices are updated before returning them to service.
For detailed steps, refer to the following resources:
- Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways
- CISA Mitigation Instructions for CVE-2025-22457
Reporting Incidents
Organizations are encouraged to report any incidents or anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870. When reporting, include the following details:
- Date, time, and location of the incident
- Type of activity
- Number of people affected
- Type of equipment used
- Name of the submitting company or organization
- Designated point of contact
Binding Operational Directive (BOD) 22-01
The Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that pose significant risks. BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to safeguard against active threats. For more information, refer to the BOD 22-01 Fact Sheet.
While BOD 22-01 specifically applies to FCEB agencies, CISA strongly recommends all organizations prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Conclusion
The addition of CVE-2025-22457 to the KEV Catalog underscores the ongoing need for vigilance and proactive security measures. By following CISA’s guidelines and promptly addressing known vulnerabilities, organizations can significantly reduce their exposure to cyber threats and protect critical infrastructure. Stay informed and take necessary actions to safeguard against evolving cyber risks.
For more details, visit the full article: source
Additional Resources
For further insights, check: