CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.0

    CRITICAL
    CVE-2025-53690 - Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability -

    Action Due Sep 25, 2025 ( 19 days left ) Target Vendor : Sitecore

    Description : Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690

    Alert Date: Sep 04, 2025 | 1 days ago

    8.8

    HIGH
    CVE-2025-48543 - Android Runtime Use-After-Free Vulnerability -

    Action Due Sep 25, 2025 ( 19 days left ) Target Vendor : Android

    Description : Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48543

    Alert Date: Sep 04, 2025 | 1 days ago

    7.4

    HIGH
    CVE-2025-38352 - Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability -

    Action Due Sep 25, 2025 ( 19 days left ) Target Vendor : Linux

    Description : Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff ; https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-38352

    Alert Date: Sep 04, 2025 | 1 days ago

    8.6

    HIGH
    CVE-2025-9377 - TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability -

    Action Due Sep 24, 2025 ( 18 days left ) Target Vendor : TP-Link

    Description : TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377

    Alert Date: Sep 03, 2025 | 2 days ago

    6.5

    MEDIUM
    CVE-2023-50224 - TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability -

    Action Due Sep 24, 2025 ( 18 days left ) Target Vendor : TP-Link

    Description : TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-50224

    Alert Date: Sep 03, 2025 | 2 days ago

    8.0

    HIGH
    CVE-2025-55177 - Meta Platforms WhatsApp Incorrect Authorization Vulnerability -

    Action Due Sep 23, 2025 ( 17 days left ) Target Vendor : Meta Platforms

    Description : Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.whatsapp.com/security/advisories/2025/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-55177

    Alert Date: Sep 02, 2025 | 3 days ago

    8.8

    HIGH
    CVE-2020-24363 - TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability -

    Action Due Sep 23, 2025 ( 17 days left ) Target Vendor : TP-Link

    Description : TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.tp-link.com/us/home-networking/range-extender/tl-wa855re/#overview ; https://www.tp-link.com/us/support/download/tl-wa855re/#FAQs ; https://nvd.nist.gov/vuln/detail/CVE-2020-24363

    Alert Date: Sep 02, 2025 | 3 days ago

    10.0

    CRITICAL
    CVE-2025-57819 - Sangoma FreePBX Authentication Bypass Vulnerability -

    Action Due Sep 19, 2025 ( 13 days left ) Target Vendor : Sangoma

    Description : Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h ; https://nvd.nist.gov/vuln/detail/CVE-2025-57819

    Alert Date: Aug 29, 2025 | 7 days ago

    9.8

    CRITICAL
    CVE-2025-7775 - Citrix NetScaler Memory Overflow Vulnerability -

    Action Due Aug 28, 2025 Target Vendor : Citrix

    Description : Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775

    Alert Date: Aug 26, 2025 | 10 days ago

    8.8

    HIGH
    CVE-2024-8069 - Citrix Session Recording Deserialization of Untrusted Data Vulnerability -

    Action Due Sep 15, 2025 ( 9 days left ) Target Vendor : Citrix

    Description : Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069

    Alert Date: Aug 25, 2025 | 11 days ago

    8.0

    HIGH
    CVE-2024-8068 - Citrix Session Recording Improper Privilege Management Vulnerability -

    Action Due Sep 15, 2025 ( 9 days left ) Target Vendor : Citrix

    Description : Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068

    Alert Date: Aug 25, 2025 | 11 days ago

    8.0

    HIGH
    CVE-2025-48384 - Git Link Following Vulnerability -

    Action Due Sep 15, 2025 ( 9 days left ) Target Vendor : Git

    Description : Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384

    Alert Date: Aug 25, 2025 | 11 days ago

    8.8

    HIGH
    CVE-2025-43300 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -

    Action Due Sep 11, 2025 ( 5 days left ) Target Vendor : Apple

    Description : Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.apple.com/en-us/124925 ; https://support.apple.com/en-us/124926 ; https://support.apple.com/en-us/124927 ; https://support.apple.com/en-us/124928 ; https://support.apple.com/en-us/124929 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43300

    Alert Date: Aug 21, 2025 | 15 days ago

    9.8

    CRITICAL
    CVE-2025-54948 - Trend Micro Apex One OS Command Injection Vulnerability -

    Action Due Sep 08, 2025 ( 2 days left ) Target Vendor : Trend Micro

    Description : Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948

    Alert Date: Aug 18, 2025 | 18 days ago

    9.4

    CRITICAL
    CVE-2025-8876 - N-able N-Central Command Injection Vulnerability -

    Action Due Aug 20, 2025 Target Vendor : N-able

    Description : N-able N-Central contains a command injection vulnerability via improper sanitization of user input.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876

    Alert Date: Aug 13, 2025 | 23 days ago

    9.4

    CRITICAL
    CVE-2025-8875 - N-able N-Central Insecure Deserialization Vulnerability -

    Action Due Aug 20, 2025 Target Vendor : N-able

    Description : N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875

    Alert Date: Aug 13, 2025 | 23 days ago

    8.8

    HIGH
    CVE-2025-8088 - RARLAB WinRAR Path Traversal Vulnerability -

    Action Due Sep 02, 2025 Target Vendor : RARLAB

    Description : RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088

    Alert Date: Aug 12, 2025 | 24 days ago

    9.3

    HIGH
    CVE-2007-0671 - Microsoft Office Excel Remote Code Execution Vulnerability -

    Action Due Sep 02, 2025 Target Vendor : Microsoft

    Description : Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671

    Alert Date: Aug 12, 2025 | 24 days ago

    9.3

    HIGH
    CVE-2013-3893 - Microsoft Internet Explorer Resource Management Errors Vulnerability -

    Action Due Sep 02, 2025 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893

    Alert Date: Aug 12, 2025 | 24 days ago

    7.5

    HIGH
    CVE-2020-25078 - D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability -

    Action Due Aug 26, 2025 Target Vendor : D-Link

    Description : D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25078

    Alert Date: Aug 05, 2025 | 31 days ago
Showing 20 of 1416 Results

Filters