CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
9.8
CVE-2025-7775 - Citrix NetScaler Memory Overflow Vulnerability -
Action Due Aug 28, 2025 Target Vendor : Citrix
Description : Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775
8.0
CVE-2025-48384 - Git Link Following Vulnerability -
Action Due Sep 15, 2025 Target Vendor : Git
Description : Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384
8.0
CVE-2024-8068 - Citrix Session Recording Improper Privilege Management Vulnerability -
Action Due Sep 15, 2025 Target Vendor : Citrix
Description : Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068
8.8
CVE-2024-8069 - Citrix Session Recording Deserialization of Untrusted Data Vulnerability -
Action Due Sep 15, 2025 Target Vendor : Citrix
Description : Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069
10.0
CVE-2025-43300 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -
Action Due Sep 11, 2025 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/124925 ; https://support.apple.com/en-us/124926 ; https://support.apple.com/en-us/124927 ; https://support.apple.com/en-us/124928 ; https://support.apple.com/en-us/124929 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43300
9.8
CVE-2025-54948 - Trend Micro Apex One OS Command Injection Vulnerability -
Action Due Sep 08, 2025 Target Vendor : Trend Micro
Description : Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948
9.4
CVE-2025-8876 - N-able N-Central Command Injection Vulnerability -
Action Due Aug 20, 2025 Target Vendor : N-able
Description : N-able N-Central contains a command injection vulnerability via improper sanitization of user input.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876
9.4
CVE-2025-8875 - N-able N-Central Insecure Deserialization Vulnerability -
Action Due Aug 20, 2025 Target Vendor : N-able
Description : N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875
8.8
CVE-2025-8088 - RARLAB WinRAR Path Traversal Vulnerability -
Action Due Sep 02, 2025 Target Vendor : RARLAB
Description : RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
9.3
CVE-2007-0671 - Microsoft Office Excel Remote Code Execution Vulnerability -
Action Due Sep 02, 2025 Target Vendor : Microsoft
Description : Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671
9.3
CVE-2013-3893 - Microsoft Internet Explorer Resource Management Errors Vulnerability -
Action Due Sep 02, 2025 Target Vendor : Microsoft
Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893
7.5
CVE-2020-25078 - D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability -
Action Due Aug 26, 2025 Target Vendor : D-Link
Description : D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25078
9.0
CVE-2020-25079 - D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability -
Action Due Aug 26, 2025 Target Vendor : D-Link
Description : D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25079
8.8
CVE-2022-40799 - D-Link DNR-322L Download of Code Without Integrity Check Vulnerability -
Action Due Aug 26, 2025 Target Vendor : D-Link
Description : D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.dlink.com/uk/en/products/dnr-322l-cloud-network-video-recorder ; https://nvd.nist.gov/vuln/detail/CVE-2022-40799
8.8
CVE-2023-2533 - PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability -
Action Due Aug 18, 2025 Target Vendor : PaperCut
Description : PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.papercut.com/kb/Main/SecurityBulletinJune2023 ; https://nvd.nist.gov/vuln/detail/CVE-2023-2533
10.0
CVE-2025-20337 - Cisco Identity Services Engine Injection Vulnerability -
Action Due Aug 18, 2025 Target Vendor : Cisco
Description : Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20337
10.0
CVE-2025-20281 - Cisco Identity Services Engine Injection Vulnerability -
Action Due Aug 18, 2025 Target Vendor : Cisco
Description : Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20281
9.3
CVE-2025-2775 - SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability -
Action Due Aug 12, 2025 Target Vendor : SysAid
Description : SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2775
9.8
CVE-2025-2776 - SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability -
Action Due Aug 12, 2025 Target Vendor : SysAid
Description : SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2776
8.8
CVE-2025-6558 - Google Chromium ANGLE and GPU Improper Input Validation Vulnerability -
Action Due Aug 12, 2025 Target Vendor : Google
Description : Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-6558