CISA Updates Catalog with Three New Exploited Vulnerabilities
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the importance of timely remediation to protect against cyber threats.
TL;DR
CISA has updated its Known Exploited Vulnerabilities Catalog with three new entries, emphasizing the need for prompt remediation to safeguard against active cyber threats. The additions include vulnerabilities in Edimax IP cameras, NAKIVO backup solutions, and SAP NetWeaver software.
CISA Adds New Vulnerabilities to Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog. This update is based on evidence of active exploitation, underscoring the urgent need for remediation to protect against cyber threats.
Newly Added Vulnerabilities
The newly added vulnerabilities are:
- CVE-2025-1316: Edimax IC-7100 IP Camera OS Command Injection Vulnerability
- CVE-2024-48248: NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
- CVE-2017-12637: SAP NetWeaver Directory Traversal Vulnerability
These vulnerabilities are common targets for malicious cyber actors and pose significant risks to federal and private sector organizations.
Binding Operational Directive (BOD) 22-01
Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a comprehensive list of known Common Vulnerabilities and Exposures (CVEs) that present substantial risks. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date to protect against active threats. For more information, refer to the BOD 22-01 Fact Sheet.
Recommendations for Organizations
Although BOD 22-01 applies specifically to FCEB agencies, CISA strongly recommends that all organizations prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach helps reduce exposure to cyberattacks and enhances overall cybersecurity posture. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.
Conclusion
The addition of these vulnerabilities to CISA’s catalog serves as a reminder of the ongoing need for vigilance and prompt action in cybersecurity. Organizations must stay informed about emerging threats and take proactive measures to safeguard their systems and data.
Additional Resources
For further insights, check the full article: CISA Adds Three Known Exploited Vulnerabilities to Catalog.