CISA Known Exploited Vulnerabilities (KEV)

CVE-2025-9242 - WatchGuard Firebox Out-of-Bounds Write Vulnerability -

Action Due Dec 03, 2025 ( 19 days left ) Target Vendor : WatchGuard

Description : WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242

CVE-2025-62215 - Microsoft Windows Race Condition Vulnerability -

Action Due Dec 03, 2025 ( 19 days left ) Target Vendor : Microsoft

Description : Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215

CVE-2025-12480 - Gladinet Triofox Improper Access Control Vulnerability -

Action Due Dec 03, 2025 ( 19 days left ) Target Vendor : Gladinet

Description : Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://access.triofox.com/releases_history ; https://nvd.nist.gov/vuln/detail/CVE-2025-12480

CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability -

Action Due Dec 01, 2025 ( 17 days left ) Target Vendor : Samsung

Description : Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042

CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability -

Action Due Nov 25, 2025 ( 11 days left ) Target Vendor : Gladinet

Description : Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371

CVE-2025-48703 - CWP Control Web Panel OS Command Injection Vulnerability -

Action Due Nov 25, 2025 ( 11 days left ) Target Vendor : CWP

Description : CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703

CVE-2025-24893 - XWiki Platform Eval Injection Vulnerability -

Action Due Nov 20, 2025 ( 6 days left ) Target Vendor : XWiki

Description : XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893

CVE-2025-41244 - Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability -

Action Due Nov 20, 2025 ( 6 days left ) Target Vendor : Broadcom

Description : Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244

CVE-2025-6205 - Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability -

Action Due Nov 18, 2025 ( 4 days left ) Target Vendor : Dassault Systèmes

Description : Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205

CVE-2025-6204 - Dassault Systèmes DELMIA Apriso Code Injection Vulnerability -

Action Due Nov 18, 2025 ( 4 days left ) Target Vendor : Dassault Systèmes

Description : Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6204

CVE-2025-59287 - Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability -

Action Due Nov 14, 2025 Target Vendor : Microsoft

Description : Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287

CVE-2025-54236 - Adobe Commerce and Magento Improper Input Validation Vulnerability -

Action Due Nov 14, 2025 Target Vendor : Adobe

Description : Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

CVE-2025-61932 - Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability -

Action Due Nov 12, 2025 Target Vendor : Motex

Description : Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.motex.co.jp/news/notice/2025/release251020/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-61932

CVE-2025-61884 - Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability -

Action Due Nov 10, 2025 Target Vendor : Oracle

Description : Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884

CVE-2025-33073 - Microsoft Windows SMB Client Improper Access Control Vulnerability -

Action Due Nov 10, 2025 Target Vendor : Microsoft

Description : Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33073

CVE-2025-2747 - Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability -

Action Due Nov 10, 2025 Target Vendor : Kentico

Description : Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2747

CVE-2025-2746 - Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability -

Action Due Nov 10, 2025 Target Vendor : Kentico

Description : Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2746

CVE-2022-48503 - Apple Multiple Products Unspecified Vulnerability -

Action Due Nov 10, 2025 Target Vendor : Apple

Description : Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en-us/HT213346 ; https://nvd.nist.gov/vuln/detail/CVE-2022-48503

CVE-2025-54253 - Adobe Experience Manager Forms Code Execution Vulnerability -

Action Due Nov 05, 2025 Target Vendor : Adobe

Description : Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-54253

CVE-2025-47827 - IGEL OS Use of a Key Past its Expiration Date Vulnerability -

Action Due Nov 04, 2025 Target Vendor : IGEL

Description : IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827 ; https://nvd.nist.gov/vuln/detail/CVE-2025-47827