CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability -
Action Due Dec 01, 2025 Target Vendor : Samsung
Description :Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042
7.5
CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability -
Action Due Nov 25, 2025 Target Vendor : Gladinet
Description :Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371
9.0
CVE-2025-48703 - CWP Control Web Panel OS Command Injection Vulnerability -
Action Due Nov 25, 2025 Target Vendor : CWP
Description :CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703
7.8
CVE-2025-41244 - Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability -
Action Due Nov 20, 2025 Target Vendor : Broadcom
Description :Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244
9.8
CVE-2025-24893 - XWiki Platform Eval Injection Vulnerability -
Action Due Nov 20, 2025 Target Vendor : XWiki
Description :XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893
8.0
CVE-2025-6204 - Dassault Systèmes DELMIA Apriso Code Injection Vulnerability -
Action Due Nov 18, 2025 Target Vendor : Dassault Systèmes
Description :Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6204
9.1
CVE-2025-6205 - Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability -
Action Due Nov 18, 2025 Target Vendor : Dassault Systèmes
Description :Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205
9.1
CVE-2025-54236 - Adobe Commerce and Magento Improper Input Validation Vulnerability -
Action Due Nov 14, 2025 Target Vendor : Adobe
Description :Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236
9.8
CVE-2025-59287 - Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability -
Action Due Nov 14, 2025 Target Vendor : Microsoft
Description :Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287
9.8
CVE-2025-61932 - Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability -
Action Due Nov 12, 2025 Target Vendor : Motex
Description :Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.motex.co.jp/news/notice/2025/release251020/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-61932
7.5
CVE-2025-61884 - Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability -
Action Due Nov 10, 2025 Target Vendor : Oracle
Description :Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884
8.8
CVE-2025-33073 - Microsoft Windows SMB Client Improper Access Control Vulnerability -
Action Due Nov 10, 2025 Target Vendor : Microsoft
Description :Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33073
8.8
CVE-2022-48503 - Apple Multiple Products Unspecified Vulnerability -
Action Due Nov 10, 2025 Target Vendor : Apple
Description :Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en-us/HT213346 ; https://nvd.nist.gov/vuln/detail/CVE-2022-48503
9.8
CVE-2025-2746 - Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability -
Action Due Nov 10, 2025 Target Vendor : Kentico
Description :Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2746
9.8
CVE-2025-2747 - Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability -
Action Due Nov 10, 2025 Target Vendor : Kentico
Description :Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2747
10.0
CVE-2025-54253 - Adobe Experience Manager Forms Code Execution Vulnerability -
Action Due Nov 05, 2025 Target Vendor : Adobe
Description :Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-54253
7.8
CVE-2025-59230 - Microsoft Windows Improper Access Control Vulnerability -
Action Due Nov 04, 2025 Target Vendor : Microsoft
Description :Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59230
7.8
CVE-2025-24990 - Microsoft Windows Untrusted Pointer Dereference Vulnerability -
Action Due Nov 04, 2025 Target Vendor : Microsoft
Description :Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24990
10.0
CVE-2016-7836 - SKYSEA Client View Improper Authentication Vulnerability -
Action Due Nov 04, 2025 Target Vendor : SKYSEA
Description :SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.skyseaclientview.net/news/161221/ ; https://nvd.nist.gov/vuln/detail/CVE-2016-7836
8.4
CVE-2025-47827 - IGEL OS Use of a Key Past its Expiration Date Vulnerability -
Action Due Nov 04, 2025 Target Vendor : IGEL
Description :IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827 ; https://nvd.nist.gov/vuln/detail/CVE-2025-47827