Post

CISA Expands Known Exploited Vulnerabilities Catalog with Three New Additions

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the importance of timely remediation to mitigate cyber risks.

CISA Expands Known Exploited Vulnerabilities Catalog with Three New Additions

TL;DR

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the need for organizations to prioritize timely remediation to protect against cyber threats.

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding three new vulnerabilities. This update is based on evidence of active exploitation, underscoring the urgent need for organizations to address these security flaws promptly.

Newly Added Vulnerabilities

The three newly added vulnerabilities are:

  1. CVE-2025-20281: Cisco Identity Services Engine Injection Vulnerability
  2. CVE-2025-20337: Cisco Identity Services Engine Injection Vulnerability
  3. CVE-2023-2533: PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

These vulnerabilities are significant because they are frequent attack vectors for malicious cyber actors, posing substantial risks to federal enterprises and other organizations.

Understanding the KEV Catalog

The KEV Catalog was established as part of Binding Operational Directive (BOD) 22-01, which aims to reduce the significant risk of known exploited vulnerabilities. This directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates to safeguard their networks against active threats.

For more details, refer to the BOD 22-01 Fact Sheet.

Importance of Timely Remediation

Although BOD 22-01 is specifically directed at FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of KEV Catalog vulnerabilities. This proactive approach is essential for reducing exposure to cyberattacks and enhancing overall cybersecurity posture.

CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.

Conclusion

The addition of these three vulnerabilities to the KEV Catalog serves as a reminder of the ongoing need for vigilance and prompt action in cybersecurity. Organizations must stay informed about emerging threats and take proactive measures to protect their systems and data.

For more details, visit the full article: source

Additional Resources

For further insights, check:

This post is licensed under CC BY 4.0 by the author.