Post

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Entries

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Entries

TL;DR

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the urgent need for remediation to protect against active cyber threats. The update includes vulnerabilities in Apple and Microsoft products, emphasizing the importance of timely patching and robust cybersecurity measures.

CISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities Catalog with the addition of three critical vulnerabilities. This update is based on evidence of active exploitation, underscoring the urgent need for remediation to safeguard against ongoing cyber threats.

Newly Added Vulnerabilities

  1. CVE-2025-31200: Apple Multiple Products Memory Corruption Vulnerability
  2. CVE-2025-31201: Apple Multiple Products Arbitrary Read and Write Vulnerability
  3. CVE-2025-24054: Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

These vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to federal and private sector organizations.

Importance of Remediation

The Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date to protect against active threats. For more details, refer to the BOD 22-01 Fact Sheet.

While BOD 22-01 applies specifically to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach is essential to reducing exposure to cyberattacks.

Ongoing Efforts

CISA will continue to update the catalog with vulnerabilities that meet the specified criteria, ensuring that organizations stay informed about the latest threats and take necessary actions to mitigate risks.

For more details, visit the full article: CISA Adds Three Known Exploited Vulnerabilities to Catalog

Conclusion

The addition of these three vulnerabilities to CISA’s catalog highlights the continuous evolution of cyber threats. Organizations must remain vigilant and proactive in their cybersecurity measures to protect against these exploits. Timely remediation and robust vulnerability management are crucial in defending against ongoing and future cyber risks.

This post is licensed under CC BY 4.0 by the author.