CISA Known Exploited Vulnerabilities (KEV)

CVE-2023-33538 - TP-Link Multiple Routers Command Injection Vulnerability -

Action Due Jul 07, 2025 Target Vendor : TP-Link

Description : TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538

CVE-2025-43200 - Apple Multiple Products Unspecified Vulnerability -

Action Due Jul 07, 2025 Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/122174 ; https://support.apple.com/en-us/122173 ; https://support.apple.com/en-us/122900 ; https://support.apple.com/en-us/122901 ; https://support.apple.com/en-us/122902 ; https://support.apple.com/en-us/122903 ; https://support.apple.com/en-us/122904 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43200

CVE-2025-33053 - Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability -

Action Due Jul 01, 2025 Target Vendor : Web Distributed Authoring and Versioning

Description : Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053

CVE-2025-24016 - Wazuh Server Deserialization of Untrusted Data Vulnerability -

Action Due Jul 01, 2025 Target Vendor : Wazuh

Description : Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016

CVE-2024-42009 - RoundCube Webmail Cross-Site Scripting Vulnerability -

Action Due Jun 30, 2025 Target Vendor : Roundcube

Description : RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-42009

CVE-2025-32433 - Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability -

Action Due Jun 30, 2025 Target Vendor : Erlang

Description : Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433

CVE-2025-5419 - Google Chromium V8 Out-of-Bounds Read and Write Vulnerability -

Action Due Jun 26, 2025 Target Vendor : Google

Description : Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2025-5419",

CVE-2025-21479 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -

Action Due Jun 24, 2025 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21479

CVE-2025-21480 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -

Action Due Jun 24, 2025 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21480

CVE-2025-27038 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -

Action Due Jun 24, 2025 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-27038

CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability -

Action Due Jun 23, 2025 Target Vendor : ASUS

Description : ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030

CVE-2025-3935 - ConnectWise ScreenConnect Improper Authentication Vulnerability -

Action Due Jun 23, 2025 Target Vendor : ConnectWise

Description : ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935

CVE-2025-35939 - Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability -

Action Due Jun 23, 2025 Target Vendor : Craft CMS

Description : Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/craftcms/cms/pull/17220 ; https://nvd.nist.gov/vuln/detail/CVE-2025-35939

CVE-2024-56145 - Craft CMS Code Injection Vulnerability -

Action Due Jun 23, 2025 Target Vendor : Craft CMS

Description : Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145

CVE-2023-39780 - ASUS RT-AX55 Routers OS Command Injection Vulnerability -

Action Due Jun 23, 2025 Target Vendor : ASUS

Description : ASUS RT-AX55 devices contain a OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ; https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-39780

CVE-2025-4632 - Samsung MagicINFO 9 Server Path Traversal Vulnerability -

Action Due Jun 12, 2025 Target Vendor : Samsung

Description : Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632

CVE-2023-38950 - ZKTeco BioTime Path Traversal Vulnerability -

Action Due Jun 09, 2025 Target Vendor : ZKTeco

Description : ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950

CVE-2024-27443 - Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability -

Action Due Jun 09, 2025 Target Vendor : Synacor

Description : Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443

CVE-2025-27920 - Srimax Output Messenger Directory Traversal Vulnerability -

Action Due Jun 09, 2025 Target Vendor : Srimax

Description : Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920

CVE-2024-11182 - MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability -

Action Due Jun 09, 2025 Target Vendor : MDaemon

Description : MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.

Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182