CISA Adds 3 Critical Vulnerabilities to Exploited List, Urges Immediate Remediation

Here is a summary based on the article from CISA (Cybersecurity and Infrastructure Security Agency):
On March 19, 2025, CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, following evidence of active exploitation. These vulnerabilities frequently serve as attack vectors for malicious cyber actors and present serious risks to the federal enterprise.
The three newly added vulnerabilities are:

• CVE-2025-1316: Edimax IC-7100 IP Camera OS Command Injection Vulnerability
• CVE-2024-48248: NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
• CVE-2017-12637: SAP NetWeaver Directory Traversal Vulnerability

CISA’s Binding Operational Directive (BOD) 22-01 established this catalog as a "living list" of known Common Vulnerabilities and Exposures (CVEs) carrying significant risk, requiring U.S. Federal Civilian Executive Branch (FCEB) agencies to remediate vulnerabilities by set due dates to protect networks against active threats.
While BOD 22-01 officially applies only to FCEB agencies, CISA urges all organizations to prioritize timely remediation of cataloged vulnerabilities as part of their vulnerability management practices, to reduce the risk of cyberattacks. CISA continues to update the catalog as new significant threats are identified.
Sources and more information:

• CISA Alert: March 19, 2025
• Known Exploited Vulnerabilities Catalog by CISA
• BOD 22-01 Fact Sheet

---

Source: www.cisa.gov CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA