Here is a summary of the key points from the article regarding the recent CISA alert:
- CISA (Cybersecurity and Infrastructure Security Agency) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog because there is evidence they are being actively exploited.
- The vulnerabilities are:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
- These types of vulnerabilities are common attack vectors for cybercriminals and present significant risks, especially to U.S. federal agencies.
- Binding Operational Directive (BOD) 22-01 established this catalog, aiming to reduce significant risks from known exploited vulnerabilities. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies must remediate these issues by a specified deadline to protect federal networks.
- While the directive only formally applies to federal agencies, CISA strongly urges all organizations (public and private) to address these vulnerabilities as soon as possible to reduce their risk.
- The catalog is actively maintained and updated as new exploited vulnerabilities are identified.
- For more information, organizations can refer to the BOD 22-01 Fact Sheet and are encouraged to integrate the remediation of cataloged vulnerabilities into their regular vulnerability management practices.
See the full CISA alert at: CISA Adds Two Known Exploited Vulnerabilities to Catalog (March 26, 2025)
Source: www.cisa.gov CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
