Post

CISA Updates Known Exploited Vulnerabilities Catalog with Three New Entries

Posted
By Tom Grant
1 min read
CISA Updates Known Exploited Vulnerabilities Catalog with Three New Entries

TL;DR

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.

  • The vulnerabilities include issues in Broadcom Brocade Fabric OS, Qualitia Active! Mail, and Commvault Web Server.
  • Organizations are urged to prioritize remediation to mitigate risks.

CISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with three new entries based on evidence of active exploitation. These vulnerabilities pose significant risks to federal and private sector organizations, highlighting the importance of timely remediation.

Newly Added Vulnerabilities

  1. CVE-2025-1976: Broadcom Brocade Fabric OS Code Injection Vulnerability
  2. CVE-2025-42599: Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
  3. CVE-2025-3928: Commvault Web Server Unspecified Vulnerability

Risks and Mitigation

These vulnerabilities are common attack vectors for malicious cyber actors, posing significant risks to federal and private sector networks. The Binding Operational Directive (BOD) 22-01 establishes the Known Exploited Vulnerabilities Catalog as a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk. BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect against active threats.

For more details, refer to the BOD 22-01 Fact Sheet.

Recommendations for Organizations

Although BOD 22-01 specifically applies to FCEB agencies, CISA strongly encourages all organizations to prioritize the remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach will help reduce exposure to cyberattacks and enhance overall cybersecurity posture. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.

Conclusion

The addition of these vulnerabilities to CISA’s catalog underscores the ongoing threat of cyber exploits. Organizations must remain vigilant and proactive in their vulnerability management to safeguard against potential attacks. By following CISA’s guidelines and prioritizing remediation, both federal and private sector entities can significantly enhance their cybersecurity defenses.

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerabilities threat intelligence
This post is licensed under CC BY 4.0 by the author.