Feed aggregator
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 28, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Seven Industrial Control Systems Advisories
Nov 25, 2025
CISA released seven Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-329-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-329-02 Rockwell Automation Arena Simulation ICSA-25-329-03 Zenitel TCIV-3+ ICSA-25-329-04 Opto 22 groov View ICSA-25-329-05 Festo Compact Vision System, Control Block, Controller, and Operator Unit products ICSA-25-329-06 SiRcom SMART Alert (SiSA) ICSA-22-333-05 Mitsubishi Electric FA Engineering Software (Update C) CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Nov 24, 2025
CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps).1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device. These cyber actors use tactics such as: Phishing and malicious device-linking QR codes to compromise victim accounts and link them to actor-controlled devices. Zero-click exploits,2 which require no direct action from the device user. Impersonation3 of messaging app platforms, such as Signal and WhatsApp. While current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials,4 as well as civil society organizations (CSOs) and individuals across the United States,5 Middle East,6 and Europe.7 CISA strongly encourages messaging app users to review the updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society for steps to protect mobile communications and messaging apps, as well as mitigations against spyware. Notes 1 Dan Black, “Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger,” Google Threat Intelligence (blog), Google, last updated February 19, 2025, https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/. 2 Unit 42, “LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices,” Threat Research (blog), Unit 42, Palo Alto Networks, last updated November 7, 2025, https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/; and Ravie Lakshmanan, “WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices,” The Hacker News, August 30, 2025, https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html. 3 Vishnu Pratapagiri, “ClayRat: A New Android Spyware Targeting Russia,” Zimperium (blog), Zimperium, October 9, 2025, https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia; Bill Toulas, “Android Spyware Campaigns Impersonate Signal and ToTok Messengers,” Bleeping Computer, October 2, 2025, https://www.bleepingcomputer.com/news/security/android-spyware-campaigns-impersonate-signal-and-totok-messengers/; and Pierluigi Paganini, “ClayRat Campaign Uses Telegram and Phishing Sites to Distribute Android Spyware,” Security Affairs, October 9, 2025, https://securityaffairs.com/183169/malware/clayrat-campaign-uses-telegram-and-phishing-sites-to-distribute-android-spyware.html. 4 Courtney Rozen, “WhatsApp Banned on US House of Representatives Devices, Memo Shows,” Reuters, June 23, 2025, https://www.reuters.com/world/us/whatsapp-banned-us-house-representatives-devices-memo-2025-06-23/; and Andrew Solender, “WhatsApp Banned on House Staffers' Devices,” Axios, June 23, 2025, https://www.axios.com/2025/06/23/whatsapp-house-congress-staffers-messaging-app. 5 Suzanne Smalley, “Judge Bars NSO from Targeting WhatsApp Users with Spyware, Reduces Damages in Landmark Case.” The Record, October 20, 2025, https://therecord.media/judge-bars-nso-from-targeting-whatsapp-users-lowers-damages. 6 Suzanne Smalley, “Researchers Uncover Spyware Targeting Messaging App Users in the UAE,” The Record, October 2, 2025, https://therecord.media/researchers-spyware-uae-infections. 7 Paganini, “ClayRat Campaign Uses Telegram and Phishing Sites to Distribute Android Spyware.”
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 21, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Six Industrial Control Systems Advisories
Nov 20, 2025
CISA released six Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models ICSA-25-324-03 Opto 22 GRV-EPIC and GRV-RIO ICSA-25-324-04 Festo MSE6-C2M/D2M/E2M ICSA-25-324-05 Festo Didactic products ICSA-25-324-06 Emerson Appleton UPSMON-PRO CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 19, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers
Nov 19, 2025
Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers. A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers enable malicious activities such as ransomware, phishing, malware delivery, and denial-of-service (DoS) attacks, posing an imminent and significant risk to the resilience and safety of critical systems and services. The guide provides recommendations to reduce the effectiveness of BPH infrastructure while minimizing disruptions to legitimate activity. Key Recommendations for ISPs and Network Defenders: Curate malicious resource lists: Use threat intelligence feeds and sharing channels to build lists of malicious resources. Implement filters: Apply filters to block malicious traffic while avoiding disruptions to legitimate activity. Analyze traffic: Monitor network traffic to identify anomalies and supplement malicious resource lists. Use logging systems: Record Autonomous System Numbers (ASNs) and IP addresses, issue alerts for malicious activity, and keep logs updated. Share intelligence: Collaborate with public and private entities to strengthen cybersecurity defenses. Additional Recommendations for ISPs: Notify customers: Inform customers about malicious resource lists and filters, with opt-out options. Provide filters: Offer premade filters for customers to apply in their networks. Set accountability standards: Work with other ISPs to create codes of conduct for BPH abuse prevention. Vet customers: Collect and verify customer information to prevent BPH providers from leasing ISP infrastructure. CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers. By reducing the effectiveness of BPH infrastructure, defenders can force cybercriminals to rely on legitimate providers that comply with legal processes. For more information, visit the full guide.
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 18, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-58034 Fortinet FortiWeb OS Command Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. With recent and ongoing exploitation events Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products, a reduced remediation timeframe of one week is recommended. See BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces for steps to reduce the attack surface created by devices accessible to the public internet. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Six Industrial Control Systems Advisories
Nov 18, 2025
CISA released six Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shelly Pro 4PM ICSA-25-322-03 Shelly Pro 3EM ICSA-25-322-04 Schneider Electric PowerChute Serial Shutdown ICSA-25-322-05 METZ CONNECT EWIO2 ICSA-25-224-03 Schneider Electric EcoStruxure (Update B) CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
Nov 14, 2025
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests. Fortinet recommends affected organizations: Apply the necessary upgrades listed in the table below and Fortinet’s guidance. Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.1 Upgrade to 8.0.2 or above FortiWeb 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiWeb 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiWeb 7.2 7.2.0 through 7.2.11 Upgrade to 7.2.12 or above FortiWeb 7.0 7.0.0 through 7.0.11 Upgrade to 7.0.12 or above If you cannot immediately upgrade the affected systems, disable HTTP or HTTPS for internet-facing interfaces. Note: Limiting access to HTTP/HTTPS management interfaces to internal networks is a best practice that reduces, but does not eliminate, risk; upgrading the affected systems remains essential and is the only way to fully remediate this vulnerability. After upgrading, review configuration and review logs for unexpected modifications or the addition of unauthorized administrator accounts. CISA added CVE-2025-64446 to its Known Exploited Vulnerabilities (KEV) Catalog on Nov. 14, 2025. Disclaimer Note: This Alert may be updated to reflect new guidance issued by CISA or other parties. Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at contact@cisa.dhs.gov or (888) 282-0870. The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA Notes 1 FortiGuard Labs, Path confusion vulnerability in GUI (November 14, 2025), https://fortiguard.fortinet.com/psirt/FG-IR-25-910.
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 14, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-64446 Fortinet FortiWeb Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases 18 Industrial Control Systems Advisories
Nov 13, 2025
CISA released 18 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03 AVEVA Edge ICSA-25-317-04 Brightpick Mission Control / Internal Logic Control ICSA-25-317-05 Rockwell Automation Verve Asset Manager ICSA-25-317-06 Rockwell Automation Studio 5000 Simulation Interface ICSA-25-317-07 Rockwell Automation FactoryTalk DataMosaix Private Cloud ICSA-25-317-08 General Industrial Controls Lynx+ Gateway ICSA-25-317-09 Rockwell Automation FactoryTalk Policy Manager ICSA-25-317-10 Rockwell Automation AADvance-Trusted SIS Workstation ICSA-25-317-11 Siemens SICAM P850 family and SICAM P855 family ICSA-25-317-12 Siemens Spectrum Power 4 ICSA-25-317-13 Siemens LOGO! 8 BM Devices ICSA-25-317-14 Siemens Solid Edge ICSA-25-317-15 Siemens COMOS ICSA-25-317-16 Siemens Altair Grid Engine ICSA-25-317-17 Siemens Software Center and Solid Edge ICSA-25-273-04 Festo Controller CECC-S,-LK,-D Family Firmware (Update A) CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
CISA and Partners Release Advisory Update on Akira Ransomware
Nov 13, 2025
Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity. This advisory reflects new findings as of Nov. 13, 2025, highlighting Akira ransomware’s evolution and continued threat to critical infrastructure sectors. Akira ransomware threat actors, associated with groups such as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, have expanded their capabilities, targeting small and medium-sized businesses as well as larger organizations across sectors including Manufacturing, Educational Institutions, Information Technology, Healthcare, Financial, and Food and Agriculture. Key Updates: Initial Access: Threat actors exploit vulnerabilities in edge devices and backup servers, such as authentication bypass, cross-site scripting, buffer overflow, and compromise credentials through brute-force techniques. Discovery: Threat actors use command line techniques to accomplish network and domain discovery. Defense Evasion: Threat actors use remote management and monitoring tools such as Anydesk and LogMeIn to mimic administrator activity, and modify firewall settings, terminate antivirus processes and uninstall EDR systems. Privilege Escalation: Threat actors deploy POORTRY malware to modify BYOVD configurations on vulnerable drivers, create administrator accounts, steal administrator login credentials, and bypass VMDK protections, as well as exploit Veeam vulnerabilities. Lateral Movement: Threat actors use remote access tools and protocols like RDP, SSH, and steal Kerberos authentication tickets to move within networks. Command and Control: Threat actors use Ngrok to establish encrypted sessions, SystemBC malware as a remote access trojan, and STONETOP malware to deploy Akira payloads. Exfiltration and Impact: Threat actors use protocols such as FTP, SFTP, and cloud services to exfiltrate data. Encryption: Threat actors use a new Akira_v2 ransomware variant that enables faster encryption speeds and further inhibits system recovery. CISA and its partners strongly encourage organizations to apply patches for known vulnerabilities, especially those affecting VPN products and backup servers, and enforce multifactor authentication for all remote access services. Organizations should monitor unauthorized domain account creation and unusual network activity while deploying endpoint detection and response solutions to enhance security. For more information, see CISA’s updated #StopRansomware Guide.
Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities
Nov 12, 2025
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements. CISA is aware of multiple organizations that believed they had applied the necessary updates but had not in fact updated to the minimum software version. CISA recommends all organizations verify the correct updates are applied. For agencies with ASA or Firepower devices not yet updated to the necessary software versions or devices that were updated after September 26, 2025, CISA recommends additional actions to mitigate against ongoing and new threat activity. CISA urges all agencies with ASAs and Firepower devices to follow this guidance. See Emergency Directive 25-03 Implementation Guidance and Temporary Risk Mitigation Guidance for Agencies in the Process of ED 25-03 Compliance for detailed recommendations and CISA’s RayDetect scanner to examine ASA core dumps for evidence of RayInitiator compromise.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Nov 12, 2025
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-9242 WatchGuard Firebox Out-of-Bounds Write Vulnerability CVE-2025-12480 Gladinet Triofox Improper Access Control Vulnerability CVE-2025-62215 Microsoft Windows Race Condition Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds One Known Exploited Vulnerability to Catalog
Nov 10, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-21042 Samsung Mobile Devices Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Four Industrial Control Systems Advisories
Nov 6, 2025
CISA released four Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-310-01 Advantech DeviceOn iEdge ICSA-25-310-02 Ubia Ubox ICSA-25-310-03 ABB FLXeon Controllers ICSA-25-282-01 Hitachi Energy Asset Suite (Update A) CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
CISA Releases Five Industrial Control Systems Advisories
Nov 4, 2025
CISA released five Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-308-01 Fuji Electric Monitouch V-SFT-6 ICSA-25-308-02 Survision License Plate Recognition Camera ICSA-25-308-03 Delta Electronics CNCSoft-G2 ICSA-25-308-04 Radiometrics VizAir ICSA-25-308-05 IDIS ICM Viewer CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Nov 4, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703 CWP Control Web Panel OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Two Industrial Control Systems Advisories
Oct 30, 2025
CISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.