CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
7.2
CVE-2025-66644 - Array Networks ArrayOS AG OS Command Injection Vulnerability -
Action Due Dec 29, 2025 ( 19 days left ) Target Vendor : Array Networks
Description : Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644
9.8
CVE-2022-37055 - D-Link Routers Buffer Overflow Vulnerability -
Action Due Dec 29, 2025 ( 19 days left ) Target Vendor : D-Link
Description : D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 ; https://nvd.nist.gov/vuln/detail/CVE-2022-37055
10.0
CVE-2025-55182 - Meta React Server Components Remote Code Execution Vulnerability -
Action Due Dec 26, 2025 ( 16 days left ) Target Vendor : Meta
Description : Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182
8.8
CVE-2021-26828 - OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability -
Action Due Dec 24, 2025 ( 14 days left ) Target Vendor : OpenPLC
Description : OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828
7.8
CVE-2025-48572 - Android Framework Privilege Escalation Vulnerability -
Action Due Dec 23, 2025 ( 13 days left ) Target Vendor : Android
Description : Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572
7.8
CVE-2025-48633 - Android Framework Information Disclosure Vulnerability -
Action Due Dec 23, 2025 ( 13 days left ) Target Vendor : Android
Description : Android Framework contains an unspecified vulnerability that allows for information disclosure.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633
5.4
CVE-2021-26829 - OpenPLC ScadaBR Cross-site Scripting Vulnerability -
Action Due Dec 19, 2025 ( 9 days left ) Target Vendor : OpenPLC
Description : OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/3211 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26829
9.8
CVE-2025-61757 - Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability -
Action Due Dec 12, 2025 ( 2 days left ) Target Vendor : Oracle
Description : Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757
8.8
CVE-2025-13223 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Dec 10, 2025 Target Vendor : Google
Description : Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223
7.2
CVE-2025-58034 - Fortinet FortiWeb OS Command Injection Vulnerability -
Action Due Nov 25, 2025 Target Vendor : Fortinet
Description : Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034
9.8
CVE-2025-64446 - Fortinet FortiWeb Path Traversal Vulnerability -
Action Due Nov 21, 2025 Target Vendor : Fortinet
Description : Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.fortiguard.com/psirt/FG-IR-25-910 ; https://nvd.nist.gov/vuln/detail/CVE-2025-64446
9.8
CVE-2025-9242 - WatchGuard Firebox Out-of-Bounds Write Vulnerability -
Action Due Dec 03, 2025 Target Vendor : WatchGuard
Description : WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242
7.0
CVE-2025-62215 - Microsoft Windows Race Condition Vulnerability -
Action Due Dec 03, 2025 Target Vendor : Microsoft
Description : Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215
9.1
CVE-2025-12480 - Gladinet Triofox Improper Access Control Vulnerability -
Action Due Dec 03, 2025 Target Vendor : Gladinet
Description : Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://access.triofox.com/releases_history ; https://nvd.nist.gov/vuln/detail/CVE-2025-12480
9.8
CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability -
Action Due Dec 01, 2025 Target Vendor : Samsung
Description : Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042
7.5
CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability -
Action Due Nov 25, 2025 Target Vendor : Gladinet
Description : Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371
9.0
CVE-2025-48703 - CWP Control Web Panel OS Command Injection Vulnerability -
Action Due Nov 25, 2025 Target Vendor : CWP
Description : CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703
9.8
CVE-2025-24893 - XWiki Platform Eval Injection Vulnerability -
Action Due Nov 20, 2025 Target Vendor : XWiki
Description : XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893
7.8
CVE-2025-41244 - Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability -
Action Due Nov 20, 2025 Target Vendor : Broadcom
Description : Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244
9.1
CVE-2025-6205 - Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability -
Action Due Nov 18, 2025 Target Vendor : Dassault Systèmes
Description : Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205