Post

CISA Updates Catalog with Six New Exploited Vulnerabilities

Discover the latest vulnerabilities added to CISA's Known Exploited Vulnerabilities Catalog and understand the critical steps organizations must take to mitigate these threats.

CISA Updates Catalog with Six New Exploited Vulnerabilities

TL;DR

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the urgent need for organizations to prioritize remediation efforts to protect against active threats.

CISA Adds Six New Vulnerabilities to Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with six new entries based on evidence of active exploitation. These vulnerabilities pose significant risks to federal enterprises and are frequent targets for malicious cyber actors.

Newly Added Vulnerabilities

  1. CVE-2025-24983: Microsoft Windows Win32k Use-After-Free Vulnerability
  2. CVE-2025-24984: Microsoft Windows NTFS Information Disclosure Vulnerability
  3. CVE-2025-24985: Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
  4. CVE-2025-24991: Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
  5. CVE-2025-24993: Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
  6. CVE-2025-26633: Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

Understanding the Risks

These vulnerabilities are critical attack vectors for cyber threats, underscoring the need for immediate remediation. The Binding Operational Directive (BOD) 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to address these vulnerabilities by the specified due dates to safeguard against active threats.

Broader Implications

Although BOD 22-01 is specifically aimed at FCEB agencies, CISA strongly recommends that all organizations prioritize the timely remediation of these vulnerabilities as part of their vulnerability management practices. This proactive approach is essential to reduce exposure to cyberattacks.

Staying Informed

CISA will continue to update the catalog with vulnerabilities that meet the specified criteria. For more detailed information, refer to the BOD 22-01 Fact Sheet.

Additional Resources

For further insights, check:

For more details, visit the full article: Read More

This post is licensed under CC BY 4.0 by the author.