CISA Adds Five Known Exploited Vulnerabilities to Its Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities Catalog by adding five new vulnerabilities that have been actively exploited by threat actors. These vulnerabilities, identified through evidence of real-world attacks, highlight persistent security risks that organizations—especially federal agencies—must address promptly.What’s New?
The five vulnerabilities added are:- CVE-2025-25181: Advantive VeraCore SQL Injection Vulnerability
This flaw allows attackers to inject arbitrary SQL code, potentially leading to unauthorized data manipulation and access. - CVE-2024-57968: Advantive VeraCore Unrestricted File Upload Vulnerability
Exploitation of this vulnerability could enable malicious file uploads, increasing the risk of remote code execution. - CVE-2024-13159: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
By exploiting this flaw, attackers might navigate directories and access sensitive files beyond intended boundaries. - CVE-2024-13160: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
- CVE-2024-13161: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
These additional vulnerabilities in Ivanti Endpoint Manager further expose systems to risks of unauthorized file access through improper path sanitization.
Risks and Implications
Vulnerabilities like these serve as common entry points for malicious cyber actors to compromise critical systems. In federal and enterprise environments, exploiting such flaws can lead to large-scale data breaches and extended unauthorized access, significantly increasing the potential impact of cyberattacks.Binding Operational Directive (BOD) 22-01
To mitigate these risks, BOD 22-01—Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities—requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by their established due dates. This directive is part of a broader strategy to reduce exposure to known threats by enforcing timely patch management and robust security practices across critical networks.While BOD 22-01 specifically applies to federal agencies, CISA strongly urges all organizations to prioritize the remediation of these catalog vulnerabilities as part of their overall vulnerability management practices. By addressing such vulnerabilities promptly, businesses can minimize their exposure to potential cyberattacks and safeguard critical data.
A Living Catalog for Ongoing Cyber Defense
The Known Exploited Vulnerabilities Catalog is a continuously updated resource that helps organizations stay informed about the most critical security flaws. CISA will keep adding vulnerabilities that meet specific risk criteria, enabling organizations to adapt their defenses proactively and avoid potential exploits.For more information about these vulnerabilities and detailed remediation guidelines, please refer to the CISA Known Exploited Vulnerabilities Catalog and the BOD 22-01 Fact Sheet.
Source: CISA
Source: CISA CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA
