CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV

To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.

Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.

    7.8

    HIGH
    CVE-2025-32709 - Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability -

    Action Due Jun 03, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32709

    Alert Date: May 13, 2025 | 185 days ago

    7.5

    HIGH
    CVE-2025-30397 - Microsoft Windows Scripting Engine Type Confusion Vulnerability -

    Action Due Jun 03, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30397

    Alert Date: May 13, 2025 | 185 days ago

    7.8

    HIGH
    CVE-2025-32706 - Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability -

    Action Due Jun 03, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32706

    Alert Date: May 13, 2025 | 185 days ago

    7.8

    HIGH
    CVE-2025-32701 - Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability -

    Action Due Jun 03, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32701

    Alert Date: May 13, 2025 | 185 days ago

    7.8

    HIGH
    CVE-2025-30400 - Microsoft Windows DWM Core Library Use-After-Free Vulnerability -

    Action Due Jun 03, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30400

    Alert Date: May 13, 2025 | 185 days ago

    4.9

    MEDIUM
    CVE-2025-47729 - TeleMessage TM SGNL Hidden Functionality Vulnerability -

    Action Due Jun 02, 2025 Target Vendor : TeleMessage

    Description : TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-47729

    Alert Date: May 12, 2025 | 186 days ago

    9.8

    CRITICAL
    CVE-2024-11120 - GeoVision Devices OS Command Injection Vulnerability -

    Action Due May 28, 2025 Target Vendor : GeoVision

    Description : Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-11120

    Alert Date: May 07, 2025 | 191 days ago

    9.8

    CRITICAL
    CVE-2024-6047 - GeoVision Devices OS Command Injection Vulnerability -

    Action Due May 28, 2025 Target Vendor : GeoVision

    Description : Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-6047

    Alert Date: May 07, 2025 | 191 days ago

    8.1

    HIGH
    CVE-2025-27363 - FreeType Out-of-Bounds Write Vulnerability -

    Action Due May 27, 2025 Target Vendor : FreeType

    Description : FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see https://source.android.com/docs/security/bulletin/2025-05-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-27363

    Alert Date: May 06, 2025 | 192 days ago

    9.8

    CRITICAL
    CVE-2025-3248 - Langflow Missing Authentication Vulnerability -

    Action Due May 26, 2025 Target Vendor : Langflow

    Description : Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/advisories/GHSA-c995-4fw3-j39m ; https://nvd.nist.gov/vuln/detail/CVE-2025-3248

    Alert Date: May 05, 2025 | 193 days ago

    10.0

    CRITICAL
    CVE-2025-34028 - Commvault Command Center Path Traversal Vulnerability -

    Action Due May 23, 2025 Target Vendor : Commvault

    Description : Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-34028

    Alert Date: May 02, 2025 | 196 days ago

    9.8

    CRITICAL
    CVE-2024-58136 - Yiiframework Yii Improper Protection of Alternate Path Vulnerability -

    Action Due May 23, 2025 Target Vendor : Yiiframework

    Description : Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52 ; https://nvd.nist.gov/vuln/detail/CVE-2024-58136

    Alert Date: May 02, 2025 | 196 days ago

    9.1

    CRITICAL
    CVE-2024-38475 - Apache HTTP Server Improper Escaping of Output Vulnerability -

    Action Due May 22, 2025 Target Vendor : Apache

    Description : Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://httpd.apache.org/security/vulnerabilities_24.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-38475

    Alert Date: May 01, 2025 | 197 days ago

    7.2

    HIGH
    CVE-2023-44221 - SonicWall SMA100 Appliances OS Command Injection Vulnerability -

    Action Due May 22, 2025 Target Vendor : SonicWall

    Description : SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 ; https://nvd.nist.gov/vuln/detail/CVE-2023-44221

    Alert Date: May 01, 2025 | 197 days ago

    10.0

    CRITICAL
    CVE-2025-31324 - SAP NetWeaver Unrestricted File Upload Vulnerability -

    Action Due May 20, 2025 Target Vendor : SAP

    Description : SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324

    Alert Date: Apr 29, 2025 | 199 days ago

    8.6

    HIGH
    CVE-2025-1976 - Broadcom Brocade Fabric OS Code Injection Vulnerability -

    Action Due May 19, 2025 Target Vendor : Broadcom

    Description : Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 ; https://nvd.nist.gov/vuln/detail/CVE-2025-1976

    Alert Date: Apr 28, 2025 | 200 days ago

    9.8

    CRITICAL
    CVE-2025-42599 - Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability -

    Action Due May 19, 2025 Target Vendor : Qualitia

    Description : Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.qualitia.com/jp/news/2025/04/18_1030.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-42599

    Alert Date: Apr 28, 2025 | 200 days ago

    8.8

    HIGH
    CVE-2025-3928 - Commvault Web Server Unspecified Vulnerability -

    Action Due May 17, 2025 Target Vendor : Commvault

    Description : Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-3928

    Alert Date: Apr 28, 2025 | 200 days ago

    6.5

    MEDIUM
    CVE-2025-24054 - Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability -

    Action Due May 08, 2025 Target Vendor : Microsoft

    Description : Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24054

    Alert Date: Apr 17, 2025 | 211 days ago

    7.5

    HIGH
    CVE-2025-31201 - Apple Multiple Products Arbitrary Read and Write Vulnerability -

    Action Due May 08, 2025 Target Vendor : Apple

    Description : Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

    Action : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31201

    Alert Date: Apr 17, 2025 | 211 days ago
Showing 20 of 1463 Results

Filters