CISA Adds Apple and Juniper Junos OS Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities affecting Apple products and Juniper Junos OS to its Known Exploited Vulnerabilities catalog. Learn about the impact and necessary actions.
TL;DR
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting Apple products and Juniper Junos OS to its Known Exploited Vulnerabilities catalog. These flaws pose significant security risks, and organizations are urged to address them promptly to avoid potential exploitation by threat actors.
CISA Adds Apple and Juniper Junos OS Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with two new entries:
- CVE-2025-21590: Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
- CVE-2025-24201: Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Juniper Junos OS Vulnerability (CVE-2025-21590)
The vulnerability in Juniper Junos OS allows a local attacker with high privileges to inject arbitrary code, compromising the device’s integrity. This flaw is not exploitable from the Junos CLI.
UNC3886 Targets Juniper Routers
Mandiant researchers have identified that the China-linked APT group UNC3886 is deploying custom backdoors on Juniper Junos OS MX routers. The group’s operations demonstrate deep knowledge of system internals and prioritize stealth by using passive backdoors and tampering with logs to evade detection.
UNC3886 bypassed the Veriexec security mechanism by injecting malicious code into trusted processes, allowing them to install multiple TinyShell-based backdoors for remote access and persistence.
Apple WebKit Vulnerability (CVE-2025-24201)
Apple has released emergency security updates to address a zero-day vulnerability in the WebKit engine. This flaw allows attackers to escape the Web Content sandbox using maliciously crafted web content. Apple has addressed this issue with improved checks in iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.
Binding Operational Directive (BOD) 22-01
According to the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the due date to protect their networks. CISA has set April 3, 2025, as the deadline for federal agencies to fix these vulnerabilities.
Recommendations for Organizations
Private organizations are also advised to review the KEV catalog and address these vulnerabilities in their infrastructure to mitigate potential risks.
Conclusion
The addition of these vulnerabilities to CISA’s KEV catalog underscores the importance of timely patching and security measures. Organizations must remain vigilant and proactive in addressing known exploited vulnerabilities to protect against cyber threats.