CISA Updates Known Exploited Vulnerabilities Catalog with Two New Entries
The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities pose significant risks to federal enterprises and highlight the importance of timely remediation.
TL;DR
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, actively exploited, pose significant risks to federal enterprises.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new entries, based on evidence of active exploitation. The added vulnerabilities are:
- CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
- CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
These vulnerabilities are frequent attack vectors for malicious cyber actors, posing significant risks to federal enterprises.
Binding Operational Directive (BOD) 22-01
The Binding Operational Directive (BOD) 22-01 established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. For more information, refer to the BOD 22-01 Fact Sheet.
Recommendations for All Organizations
Although BOD 22-01 applies specifically to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Conclusion
The addition of these vulnerabilities to the KEV Catalog underscores the importance of proactive cybersecurity measures. Organizations must stay vigilant and prioritize the remediation of known exploited vulnerabilities to mitigate risks and protect against cyber threats. For more details, visit the full article: CISA Adds Two Known Exploited Vulnerabilities to Catalog.