CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2024-0769 - D-Link DIR-859 Router Path Traversal Vulnerability -
Action Due Jul 16, 2025 Target Vendor : D-Link
Description :D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0769
7.8
CVE-2023-0386 - Linux Kernel Improper Ownership Management Vulnerability -
Action Due Jul 08, 2025 Target Vendor : Linux
Description :Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a ; https://access.redhat.com/security/cve/cve-2023-0386 ; https://security.netapp.com/advisory/ntap-20230420-0004/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-0386
8.8
CVE-2023-33538 - TP-Link Multiple Routers Command Injection Vulnerability -
Action Due Jul 07, 2025 Target Vendor : TP-Link
Description :TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538
4.8
CVE-2025-43200 - Apple Multiple Products Unspecified Vulnerability -
Action Due Jul 07, 2025 Target Vendor : Apple
Description :Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://support.apple.com/en-us/122174 ; https://support.apple.com/en-us/122173 ; https://support.apple.com/en-us/122900 ; https://support.apple.com/en-us/122901 ; https://support.apple.com/en-us/122902 ; https://support.apple.com/en-us/122903 ; https://support.apple.com/en-us/122904 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43200
8.8
CVE-2025-33053 - Microsoft Windows External Control of File Name or Path Vulnerability -
Action Due Jul 01, 2025 Target Vendor : Microsoft
Description :Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053
9.9
CVE-2025-24016 - Wazuh Server Deserialization of Untrusted Data Vulnerability -
Action Due Jul 01, 2025 Target Vendor : Wazuh
Description :Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://wazuh.com/blog/addressing-the-cve-2025-24016-vulnerability/ ; https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016
9.3
CVE-2024-42009 - RoundCube Webmail Cross-Site Scripting Vulnerability -
Action Due Jun 30, 2025 Target Vendor : Roundcube
Description :RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-42009
10.0
CVE-2025-32433 - Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability -
Action Due Jun 30, 2025 Target Vendor : Erlang
Description :Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433
8.8
CVE-2025-5419 - Google Chromium V8 Out-of-Bounds Read and Write Vulnerability -
Action Due Jun 26, 2025 Target Vendor : Google
Description :Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2025-5419",
8.6
CVE-2025-21480 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description :Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21480
8.6
CVE-2025-21479 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description :Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21479
7.5
CVE-2025-27038 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description :Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-27038
8.1
CVE-2025-3935 - ConnectWise ScreenConnect Improper Authentication Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ConnectWise
Description :ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935
6.9
CVE-2025-35939 - Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability -
Action Due Jun 23, 2025 Target Vendor : Craft CMS
Description :Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://github.com/craftcms/cms/pull/17220 ; https://nvd.nist.gov/vuln/detail/CVE-2025-35939
9.8
CVE-2024-56145 - Craft CMS Code Injection Vulnerability -
Action Due Jun 23, 2025 Target Vendor : Craft CMS
Description :Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145
8.8
CVE-2023-39780 - ASUS RT-AX55 Routers OS Command Injection Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ASUS
Description :ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ; https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-39780
9.8
CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ASUS
Description :ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030
9.8
CVE-2025-4632 - Samsung MagicINFO 9 Server Path Traversal Vulnerability -
Action Due Jun 12, 2025 Target Vendor : Samsung
Description :Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632
7.5
CVE-2023-38950 - ZKTeco BioTime Path Traversal Vulnerability -
Action Due Jun 09, 2025 Target Vendor : ZKTeco
Description :ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950
8.8
CVE-2025-27920 - Srimax Output Messenger Directory Traversal Vulnerability -
Action Due Jun 09, 2025 Target Vendor : Srimax
Description :Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920