CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
10.0
CVE-2025-32433 - Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability -
Action Due Jun 30, 2025 Target Vendor : Erlang
Description : Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433
8.8
CVE-2025-5419 - Google Chromium V8 Out-of-Bounds Read and Write Vulnerability -
Action Due Jun 26, 2025 Target Vendor : Google
Description : Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2025-5419",
8.6
CVE-2025-21479 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21479
8.6
CVE-2025-21480 - Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description : Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21480
7.5
CVE-2025-27038 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -
Action Due Jun 24, 2025 Target Vendor : Qualcomm
Description : Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-27038
9.8
CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ASUS
Description : ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030
8.1
CVE-2025-3935 - ConnectWise ScreenConnect Improper Authentication Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ConnectWise
Description : ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935
6.9
CVE-2025-35939 - Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability -
Action Due Jun 23, 2025 Target Vendor : Craft CMS
Description : Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/craftcms/cms/pull/17220 ; https://nvd.nist.gov/vuln/detail/CVE-2025-35939
9.8
CVE-2024-56145 - Craft CMS Code Injection Vulnerability -
Action Due Jun 23, 2025 Target Vendor : Craft CMS
Description : Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145
8.8
CVE-2023-39780 - ASUS RT-AX55 Routers OS Command Injection Vulnerability -
Action Due Jun 23, 2025 Target Vendor : ASUS
Description : ASUS RT-AX55 devices contain a OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ; https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-39780
9.8
CVE-2025-4632 - Samsung MagicINFO 9 Server Path Traversal Vulnerability -
Action Due Jun 12, 2025 Target Vendor : Samsung
Description : Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632
7.5
CVE-2023-38950 - ZKTeco BioTime Path Traversal Vulnerability -
Action Due Jun 09, 2025 Target Vendor : ZKTeco
Description : ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950
6.1
CVE-2024-27443 - Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 09, 2025 Target Vendor : Synacor
Description : Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443
8.8
CVE-2025-27920 - Srimax Output Messenger Directory Traversal Vulnerability -
Action Due Jun 09, 2025 Target Vendor : Srimax
Description : Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920
6.1
CVE-2024-11182 - MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 09, 2025 Target Vendor : MDaemon
Description : MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182
8.8
CVE-2025-4428 - Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability -
Action Due Jun 09, 2025 Target Vendor : Ivanti
Description : Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4428
7.5
CVE-2025-4427 - Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability -
Action Due Jun 09, 2025 Target Vendor : Ivanti
Description : Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427
9.1
CVE-2025-42999 - SAP NetWeaver Deserialization Vulnerability -
Action Due Jun 05, 2025 Target Vendor : SAP
Description : SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3604119 ; https://nvd.nist.gov/vuln/detail/CVE-2025-42999
9.8
CVE-2024-12987 - DrayTek Vigor Routers OS Command Injection Vulnerability -
Action Due Jun 05, 2025 Target Vendor : DrayTek
Description : DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.5/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor300B/Firmware/v1.5.1.5/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor3900/Firmware/v1.5.1.5/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-12987
4.3
CVE-2025-4664 - Google Chromium Loader Insufficient Policy Enforcement Vulnerability -
Action Due Jun 05, 2025 Target Vendor : Google
Description : Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.
Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-4664