US CERT Current Activity
CISA Releases Six Industrial Control Systems Advisories
Jul 24, 2025
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-205-01 Mitsubishi Electric CNC Series ICSA-25-205-02 Network Thermostat X-Series WiFi Thermostats ICSA-25-205-03 Honeywell Experion PKS ICSA-25-205-04 LG Innotek Camera Model LNV5110R ICSMA-25-205-01 Medtronic MyCareLink Patient Monitor ICSA-22-202-04 ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jul 22, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-49704 Microsoft SharePoint Code Injection Vulnerability CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Nine Industrial Control Systems Advisories
Jul 22, 2025
CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-203-01 DuraComm DP-10iN-100-MU ICSA-25-203-02 Lantronix Provisioning Manager ICSA-25-203-03 Schneider Electric EcoStruxure ICSA-25-203-04 Schneider Electric EcoStruxure Power Operation ICSA-25-203-05 Schneider Electric System Monitor Application ICSA-25-203-06 Schneider Electric EcoStruxture IT Data Center Expert ICSA-25-175-03 Schneider Electric Modicon Controllers (Update A) ICSA-25-175-04 Schneider Electric EVLink WallBox (Update A) ICSA-25-014-02 Schneider Electric Vijeo Designer (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Jul 22, 2025
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability CVE-2025-2776 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability CVE-2025-2775 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Joint Advisory Issued on Protecting Against Interlock Ransomware
Jul 22, 2025
CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America and Europe against Interlock ransomware. This advisory highlights known Interlock ransomware indicators of compromise and tactics, techniques, and procedures identified through recent FBI investigations. Actions organizations can take today to mitigate Interlock ransomware threat activity include: Preventing initial access by implementing domain name system filtering and web access firewalls and training users to spot social engineering attempts. Mitigating known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date. Segmenting networks to restrict lateral movement from initial infected devices and other devices in the same organization. Implementing identity, credential, and access management policies across the organization and then requiring multifactor authentication for all services to the extent possible. The #StopRansomware Interlock joint Cybersecurity Advisory is part of an ongoing effort to publish guidance for network defenders that detail various ransomware variants and ransomware threat actors. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog
Jul 20, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. See CISA’s Alert Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) for more information and to apply the recommended mitigations. CVE-2025-53770: Microsoft SharePoint Server Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)
Jul 20, 2025
CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network. CISA recommends the following actions to reduce the risks associated with the RCE compromise: For information on detection, prevention, and advanced threat hunting measures, see Microsoft’s Customer Guidance for SharePoint Vulnerability and advisory for CVE-2025-49706. Organizations are encouraged to review all articles and security updates published by Microsoft on July 8, 2025, relevant to the SharePoint platform deployed in their environment. Monitor for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit Conduct scanning for IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly between July 18-19, 2025. Update intrusion prevention system and web-application firewall rules to block exploit patterns and anomalous behavior. For more information, see CISA’s Guidance on SIEM and SOAR Implementation. Implement comprehensive logging to identify exploitation activity. For more information, see CISA’s Best Practices for Event Logging and Threat Detection. Audit and minimize layout and admin privileges. For more information on this vulnerability, please see Eye Security’s reporting and Palo Alto Unit42’s post. Note: This Alert may be updated to reflect new guidance issued by CISA or other parties. Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870. Disclaimer: The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.
CISA Adds One Known Exploited Vulnerability to Catalog
Jul 18, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Jul 17, 2025
CISA released three Industrial Control Systems (ICS) advisories on July 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-198-01 Leviton AcquiSuite and Energy Monitoring Hub ICSMA-25-198-01 Panoramic Corporation Digital Imaging Software ICSA-24-191-05 Johnson Controls Inc. Software House C●CURE 9000 (Update B) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases Six Industrial Control Systems Advisories
Jul 15, 2025
CISA released six Industrial Control Systems (ICS) advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-196-03 LITEON IC48A and IC80A EV Chargers ICSA-25-037-02 Schneider Electric EcoStruxure (Update B) ICSA-25-140-08 Schneider Electric Modicon Controllers (Update A) ICSA-25-070-01 Schneider Electric Uni-Telway Driver (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Jul 14, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds One Known Exploited Vulnerability to Catalog
Jul 10, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Thirteen Industrial Control Systems Advisories
Jul 10, 2025
CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TIA Administrator ICSA-25-191-04 Siemens SIMATIC CN 4100 ICSA-25-191-05 Siemens TIA Project-Server and TIA Portal ICSA-25-191-06 Siemens SIPROTEC 5 ICSA-25-191-07 Delta Electronics DTM Soft ICSA-25-191-08 Advantech iView ICSA-25-191-09 KUNBUS RevPi Webstatus ICSA-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol ICSA-25-121-01 KUNBUS GmbH Revolution Pi (Update A) ICSA-25-135-19 ECOVACS DEEBOT Vacuum and Base Station (Update A) ICSA-24-263-02 IDEC Products (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases One Industrial Control Systems Advisory
Jul 8, 2025
CISA released one Industrial Control Systems (ICS) advisory on July 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-189-01 Emerson ValveLink Products CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Jul 7, 2025
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability CVE-2016-10033 PHPMailer Command Injection Vulnerability CVE-2019-5418 Rails Ruby on Rails Path Traversal Vulnerability CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Four Industrial Control Systems Advisories
Jul 3, 2025
CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO Series ICSA-25-184-02 Hitachi Energy MicroSCADA X SYS600 ICSA-25-184-03 Mitsubishi Electric MELSOFT Update Manager ICSA-25-184-04 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Jul 2, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jul 1, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Seven Industrial Control Systems Advisories
Jul 1, 2025
CISA released seven Industrial Control Systems (ICS) advisories on July 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-182-01 FESTO Didactic CP, MPS 200, and MPS 400 Firmware ICSA-25-182-02 FESTO Automation Suite, FluidDraw, and Festo Didactic Products ICSA-25-182-03 FESTO CODESYS ICSA-25-182-04 FESTO Hardware Controller, Hardware Servo Press Kit ICSA-25-182-05 Voltronic Power and PowerShield UPS Monitoring Software ICSA-25-182-06 Hitachi Energy Relion 670/650 and SAM600-IO Series ICSA-25-182-07 Hitachi Energy MSM CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Jun 30, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6543 Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.