.png)
3 months ago
2
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
The KEV catalog is also available in these formats:
CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License
CVE-2025-53770
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability: Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.
Known To Be Used in Ransomware Campaigns? Unknown
Action: CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Date Added: 2025-07-20
- Due Date: 2025-07-21
Additional Notes
CVE-2025-25257
Fortinet FortiWeb SQL Injection Vulnerability: Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-18
- Due Date: 2025-08-08
Additional Notes
Wing FTP Server | Wing FTP Server
CVE-2025-47812
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability: Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-14
- Due Date: 2025-08-04
Additional Notes
Citrix | NetScaler ADC and Gateway
CVE-2025-5777
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability: Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-10
- Due Date: 2025-07-11
Additional Notes
Looking Glass | Multi-Router Looking Glass (MRLG)
CVE-2014-3931
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability: Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-07
- Due Date: 2025-07-28
Additional Notes
CVE-2016-10033
PHPMailer Command Injection Vulnerability: PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-07
- Due Date: 2025-07-28
Additional Notes
CVE-2019-5418
Rails Ruby on Rails Path Traversal Vulnerability: Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-07
- Due Date: 2025-07-28
Additional Notes
Synacor | Zimbra Collaboration Suite (ZCS)
CVE-2019-9621
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-07
- Due Date: 2025-07-28
Additional Notes
CVE-2025-6554
Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-02
- Due Date: 2025-07-23
Additional Notes
CVE-2025-48927
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability: TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-01
- Due Date: 2025-07-22
Additional Notes
It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48927
CVE-2025-48928
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability: TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-07-01
- Due Date: 2025-07-22
Additional Notes
It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48928
Citrix | NetScaler ADC and Gateway
CVE-2025-6543
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability: Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-30
- Due Date: 2025-07-21
Additional Notes
CVE-2024-54085
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability: AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-25
- Due Date: 2025-07-16
Additional Notes
CVE-2024-0769
D-Link DIR-859 Router Path Traversal Vulnerability: D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-25
- Due Date: 2025-07-16
Additional Notes
CVE-2019-6693
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability: Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-25
- Due Date: 2025-07-16
Additional Notes
CVE-2023-0386
Linux Kernel Improper Ownership Management Vulnerability: Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-17
- Due Date: 2025-07-08
Additional Notes
Apple | Multiple Products
CVE-2025-43200
Apple Multiple Products Unspecified Vulnerability: Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-16
- Due Date: 2025-07-07
Additional Notes
TP-Link | Multiple Routers
CVE-2023-33538
TP-Link Multiple Routers Command Injection Vulnerability: TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-16
- Due Date: 2025-07-07
Additional Notes
CVE-2025-24016
Wazuh Server Deserialization of Untrusted Data Vulnerability: Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-10
- Due Date: 2025-07-01
Additional Notes
CVE-2025-33053
Microsoft Windows External Control of File Name or Path Vulnerability: Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Date Added: 2025-06-10
- Due Date: 2025-07-01
Additional Notes
Subscribe to the KEV Catalog Updates
Stay up to date on the latest known exploited vulnerabilities.
