CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CRITICAL
    CVE-2024-13161 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability -

    Action Due Mar 31, 2025 Target Vendor : Ivanti

    Description : Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13161

    Alert Date: Mar 10, 2025 | 179 days ago

    9.8

    CRITICAL
    CVE-2024-13160 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability -

    Action Due Mar 31, 2025 Target Vendor : Ivanti

    Description : Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13160

    Alert Date: Mar 10, 2025 | 179 days ago

    9.8

    CRITICAL
    CVE-2024-13159 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability -

    Action Due Mar 31, 2025 Target Vendor : Ivanti

    Description : Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13159

    Alert Date: Mar 10, 2025 | 179 days ago

    9.9

    CRITICAL
    CVE-2024-57968 - Advantive VeraCore Unrestricted File Upload Vulnerability -

    Action Due Mar 31, 2025 Target Vendor : Advantive

    Description : Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57968

    Alert Date: Mar 10, 2025 | 179 days ago

    7.5

    HIGH
    CVE-2025-25181 - Advantive VeraCore SQL Injection Vulnerability -

    Action Due Mar 31, 2025 Target Vendor : Advantive

    Description : Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25181

    Alert Date: Mar 10, 2025 | 179 days ago

    7.1

    HIGH
    CVE-2025-22226 - VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability -

    Action Due Mar 25, 2025 Target Vendor : VMware

    Description : VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22226

    Alert Date: Mar 04, 2025 | 185 days ago

    8.2

    HIGH
    CVE-2025-22225 - VMware ESXi Arbitrary Write Vulnerability -

    Action Due Mar 25, 2025 Target Vendor : VMware

    Description : VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225

    Alert Date: Mar 04, 2025 | 185 days ago

    9.3

    CRITICAL
    CVE-2025-22224 - VMware ESXi and Workstation TOCTOU Race Condition Vulnerability -

    Action Due Mar 25, 2025 Target Vendor : VMware

    Description : VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22224

    Alert Date: Mar 04, 2025 | 185 days ago

    7.8

    HIGH
    CVE-2024-50302 - Linux Kernel Use of Uninitialized Resource Vulnerability -

    Action Due Mar 25, 2025 Target Vendor : Linux

    Description : The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302

    Alert Date: Mar 04, 2025 | 185 days ago

    9.8

    CRITICAL
    CVE-2024-4885 - Progress WhatsUp Gold Path Traversal Vulnerability -

    Action Due Mar 24, 2025 Target Vendor : Progress

    Description : Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-4885

    Alert Date: Mar 03, 2025 | 186 days ago

    8.4

    HIGH
    CVE-2018-8639 - Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability -

    Action Due Mar 24, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639

    Alert Date: Mar 03, 2025 | 186 days ago

    8.8

    HIGH
    CVE-2022-43769 - Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability -

    Action Due Mar 24, 2025 Target Vendor : Hitachi Vantara

    Description : Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769 ; https://nvd.nist.gov/vuln/detail/CVE-2022-43769

    Alert Date: Mar 03, 2025 | 186 days ago

    9.8

    CRITICAL
    CVE-2022-43939 - Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability -

    Action Due Mar 24, 2025 Target Vendor : Hitachi Vantara

    Description : Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- ; https://nvd.nist.gov/vuln/detail/CVE-2022-43939

    Alert Date: Mar 03, 2025 | 186 days ago

    7.2

    HIGH
    CVE-2023-20118 - Cisco Small Business RV Series Routers Command Injection Vulnerability -

    Action Due Mar 24, 2025 Target Vendor : Cisco

    Description : Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 ; https://nvd.nist.gov/vuln/detail/CVE-2023-20118

    Alert Date: Mar 03, 2025 | 186 days ago

    9.0

    CRITICAL
    CVE-2023-34192 - Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability -

    Action Due Mar 18, 2025 Target Vendor : Synacor

    Description : Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2023-34192

    Alert Date: Feb 25, 2025 | 192 days ago

    9.8

    CRITICAL
    CVE-2024-49035 - Microsoft Partner Center Improper Access Control Vulnerability -

    Action Due Mar 18, 2025 Target Vendor : Microsoft

    Description : Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49035

    Alert Date: Feb 25, 2025 | 192 days ago

    8.8

    HIGH
    CVE-2024-20953 - Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability -

    Action Due Mar 17, 2025 Target Vendor : Oracle

    Description : Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953

    Alert Date: Feb 24, 2025 | 193 days ago

    10.0

    HIGH
    CVE-2017-3066 - Adobe ColdFusion Deserialization Vulnerability -

    Action Due Mar 17, 2025 Target Vendor : Adobe

    Description : Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2017-3066

    Alert Date: Feb 24, 2025 | 193 days ago

    9.8

    CRITICAL
    CVE-2025-24989 - Microsoft Power Pages Improper Access Control Vulnerability -

    Action Due Mar 14, 2025 Target Vendor : Microsoft

    Description : Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

    Action : Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989

    Alert Date: Feb 21, 2025 | 196 days ago

    7.1

    HIGH
    CVE-2025-0111 - Palo Alto Networks PAN-OS File Read Vulnerability -

    Action Due Mar 13, 2025 Target Vendor : Palo Alto Networks

    Description : Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111

    Alert Date: Feb 20, 2025 | 197 days ago
Showing 20 of 1416 Results

Filters