US CERT Current Activity
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Oct 20, 2025
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability CVE-2025-2746 Kentico Xperience Staging Sync Server Digest Password Authentication Bypass Vulnerability CVE-2025-2747 Kentico Xperience Staging Sync Server None Password Type Authentication Bypass Vulnerability CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Thirteen Industrial Control Systems Advisories
Oct 16, 2025
CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-289-01 Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 ICSA-25-289-02 Rockwell Automation FactoryTalk Linx ICSA-25-289-03 Rockwell Automation FactoryTalk ViewPoint ICSA-25-289-04 Rockwell Automation ArmorStart AOP ICSA-25-289-05 Siemens Solid Edge ICSA-25-289-06 Siemens SiPass Integrated ICSA-25-289-07 Siemens SIMATIC ET 200SP Communication Processors ICSA-25-289-08 Siemens SINEC NMS ICSA-25-289-09 Siemens TeleControl Server Basic ICSA-25-289-10 Siemens HyperLynx and Industrial Edge App Publisher ICSA-25-289-11 Hitachi Energy MACH GWS ICSA-25-224-03 Schneider Electric EcoStruxure (Update A) ICSA-24-121-01 Delta Electronics CNCSoft-G2 DOPSoft (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices
Oct 15, 2025
Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage to exploit F5 devices and software. This poses an imminent threat to federal networks using F5 devices and software. Key Actions Required: Inventory: Identify all instances of F5 BIG-IP hardware devices and F5OS, BIG-IP TMOS, Virtual Edition, BIG-IP Next, BIG-IP IQ software, and BNK / CNF. Harden Public-Facing Hardware and Software Appliances: Identify if physical or virtual BIG-IP devices exposed to the public internet provide public access to the networked management interface. Update Instances of BIG-IP Hardware and Software Applications: Apply the latest vendor updates by Oct. 22, 2025, for the following products: F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF— validate the F5 published MD5 checksums for its software image files and other F5 downloaded software. For other devices, update with the latest software release by Oct. 31, 2025, and apply the latest F5-provided asset hardening guidance. Disconnect End of Support Devices: Disconnect all public-facing F5 devices that have reached their end-of-support date. Report mission-critical exceptions to CISA. Mitigate Against Cookie Leakage: If CISA notifies an agency of a BIG-IP cookie leakage vulnerability, the agency shall follow CISA’s accompanying mitigation instructions. Report: Submit a complete inventory of F5 products and actions taken to CISA by 11:59 p.m. EDT, Oct. 29, 2025. For detailed guidance, refer to the full Emergency Directive ED 26-01.
CISA Adds One Known Exploited Vulnerability to Catalog
Oct 15, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Oct 14, 2025
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases One Industrial Control Systems Advisory
Oct 14, 2025
CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-287-01 Rockwell Automation 1715 EtherNet/IP Comms Module CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases Four Industrial Control Systems Advisories
Oct 9, 2025
CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-282-01 Hitachi Energy Asset Suite ICSA-25-282-02 Rockwell Automation Lifecycle Services with Cisco ICSA-25-282-03 Rockwell Automation Stratix ICSA-25-128-03 Mitsubishi Electric Multiple FA Products (Update A) CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Oct 9, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-43798 Grafana Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds One Known Exploited Vulnerability to Catalog
Oct 7, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Two Industrial Control Systems Advisories
Oct 7, 2025
CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-280-01 Delta Electronics DIAScreen ICSA-25-226-31 Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Oct 6, 2025
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability CVE-2010-3962 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability CVE-2021-22555 Linux Kernel Heap Out-of-Bounds Write Vulnerability CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Two Industrial Control Systems Advisories
Oct 2, 2025
CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-275-01 Raise3D Pro2 Series 3D Printers ICSA-25-275-02 Hitachi Energy MSM Product CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Oct 2, 2025
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2014-6278 GNU Bash OS Command Injection Vulnerability CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Ten Industrial Control Systems Advisories
Sep 30, 2025
CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo SBRD-Q/SBOC-Q/SBOI-Q ICSA-25-273-03 Festo CPX-CEC-C1 and CPX-CMXX ICSA-25-273-04 Festo Controller CECC-S,-LK,-D Family Firmware ICSA-25-273-05 OpenPLC_V3 ICSA-25-273-06 National Instruments Circuit Design Suite ICSA-25-273-07 LG Innotek Camera Multiple Models ICSA-25-063-02 Keysight Ixia Vision Product Family (Update A) ICSA-22-298-02 HEIDENHAIN Controller TNC (Update A) ICSA-25-226-26 Rockwell Automation FLEX 5000 I/O (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Strengthens Commitment to SLTT Governments
Sep 29, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has transitioned to a new model to better equip state, local, tribal, and territorial (SLTT) governments to strengthen shared responsibility nationwide. CISA is supporting our SLTT partners with access to grant funding, no-cost tools, and cybersecurity expertise to be resilient and lead at the local level. CISA’s cooperative agreement with the Center for Internet Security (CIS) will reach its planned end on September 30, 2025. This transition reflects CISA’s mission to strengthen accountability, maximize impact, and empower SLTT partners to defend today and secure tomorrow. Support for SLTTs includes: Access to Grant Funding from the Department of Homeland Security (DHS), available through CISA in coordination with the Federal Emergency Management Agency (FEMA). This funding is provided via the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP). No-cost services and tools such as Cyber Hygiene scanning, phishing assessments, and vulnerability management Cybersecurity Performance Goals and the Cyber Security Evaluation Tool to prioritize and measure progress Regional Cybersecurity Advisors and Cybersecurity Coordinators delivering hands-on, local and virtual expertise Professional services including vulnerability assessments and incident response coordination Bi-monthly SLTT Security Operations Center calls providing timely cyber defense updates This initiative reinforces CISA’s role as the nation’s leading cyber defense agency, protecting critical infrastructure, enabling secure communications, and empowering partners on the front lines of America’s cybersecurity. For more information about CISA’s Cybersecurity Services for SLTT partners, visit: CISA Cybersecurity Resources for State, Local, Tribal, and Territorial
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Sep 29, 2025
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352 Cisco IOS and IOS XE Stack-based Buffer Overflow Vulnerability CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability These types of vulnerabilities are frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and UK NCSC Release Joint Guidance for Securing OT Systems
Sep 29, 2025
CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture. Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems. A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls. Key recommendations include: Collaborating Across Teams: Foster coordination between OT and IT teams; Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001. Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture
CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices
Sep 25, 2025
Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must: Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions). Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26. For detailed guidance, including additional actions tailored to each agency’s status, refer to the full Emergency Directive ED 25-03. The following associated resources are available to assist agencies. Supplemental Direction ED 25-03: Core Dump and Hunt Instructions Eviction Strategies Tool with a Cisco ASA Compromise template to assemble a comprehensive eviction plan with distinct countermeasures for containment and eviction which can be tailored to individual network owners’ specific needs. Known Exploited Vulnerabilities Catalog Cisco Security Advisories: Cisco Event Response: Continued Attacks Against Cisco Firewalls CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability United Kingdom National Cyber Security Centre (NCSC): NCSC warns of persistent malware campaign targeting Cisco devices Malware Analysis Report: RayInitiator & LINE VIPER Although ED 25-03 and the associated supplemental guidance are directed to federal agencies, CISA urges all public and private sector organizations to review the Emergency Directive and associated resources and take steps to mitigate these vulnerabilities.
CISA Releases One Industrial Control Systems Advisory
Sep 25, 2025
CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-268-01 Dingtian DT-R002 CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases Six Industrial Control Systems Advisories
Sep 23, 2025
CISA released six Industrial Control Systems (ICS) advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Series CPU Module ICSA-25-266-03 Schneider Electric SESU ICSA-25-266-04 Viessmann Vitogate 300 ICSA-25-023-02 Hitachi Energy RTU500 Series Product (Update A) ICSA-25-093-01 Hitachi Energy RTU500 Series (Update B) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.