CISA Updates Known Exploited Vulnerabilities Catalog with Two New Entries

TL;DR

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, actively exploited, pose significant risks to federal enterprises.

Main Content

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new entries, based on evidence of active exploitation. The added vulnerabilities are:

• CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
• CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

These vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal enterprises.

Binding Operational Directive (BOD) 22-01

The Binding Operational Directive (BOD) 22-01 established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. For more information, refer to the BOD 22-01 Fact Sheet.

Recommendations for All Organizations

Although BOD 22-01 applies specifically to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Conclusion

The addition of these vulnerabilities to the KEV Catalog underscores the importance of proactive cybersecurity measures. Organizations must stay vigilant and prioritize the remediation of known exploited vulnerabilities to mitigate risks and protect against cyber threats. For more details, visit the full article: CISA Adds Two Known Exploited Vulnerabilities to Catalog.