CISA Adds Microsoft and Zyxel Vulnerabilities to KEV Catalog

PravinKarthik

12 months ago

Microsoft Vulnerabilities

CVE-2025-21391: Windows Storage Link Following Vulnerability

Description: This vulnerability allows attackers to elevate their privileges and delete targeted files on a system. The flaw is due to improper handling of symbolic links in Windows Storage, enabling attackers to perform unauthorized actions by manipulating file paths.
CVSS Score: 8.8 (High)
Impact: Successful exploitation can lead to data loss and potential service disruptions as attackers can delete critical files, interfere with system operations, and escalate their privileges on the affected system.

CVE-2025-21418: Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Description: This vulnerability allows threat actors to gain SYSTEM privileges in Windows. It arises from a heap-based buffer overflow in the Ancillary Function Driver for WinSock, which can be exploited by sending specially crafted network packets.
CVSS Score: 8.8 (High)
Impact: Exploitation can result in complete system compromise, as attackers gain the ability to execute arbitrary code, install malicious software, and manipulate system settings with SYSTEM-level privileges.

Zyxel Vulnerabilities

CVE-2024-40891: Zyxel DSL CPE OS Command Injection Vulnerability

Description: This vulnerability allows attackers to execute arbitrary commands on the affected device. The flaw is due to insufficient input validation in the device’s web interface, enabling attackers to inject and execute commands through crafted HTTP requests.
CVSS Score: 9.8 (Critical)
Impact: Attackers can gain unauthorized access and control over the device, potentially leading to the compromise of network security, data exfiltration, and disruption of network services.

CVE-2024-40890: Zyxel DSL CPE OS Command Injection Vulnerability

Description: Similar to CVE-2024-40891, this vulnerability allows attackers to execute arbitrary commands on the affected device due to insufficient input validation in the web interface.
CVSS Score: 9.8 (Critical)
Impact: Attackers can gain unauthorized access and control, leading to similar risks of network compromise, data theft, and service disruption.

Mitigation Measures

To protect against the exploitation of these vulnerabilities, organizations should implement the following mitigation measures:

For Microsoft Vulnerabilities

Apply Security Patches: Ensure that all Windows systems are updated with the latest security patches released by Microsoft. Regularly check for updates and apply them promptly to minimize exposure to known vulnerabilities.
Monitor System Activity: Implement continuous monitoring of system activity to detect and respond to any signs of unauthorized access or suspicious behavior. Use intrusion detection systems (IDS) and intrusion prevention systems (IPS) to enhance security.

For Zyxel Vulnerabilities

Firmware Updates: Update the firmware of all affected Zyxel devices to the latest versions provided by the manufacturer. Ensure that firmware updates are applied regularly to address known vulnerabilities.
Restrict Web Interface Access: Limit access to the device’s web interface to trusted and authorized users only. Implement network segmentation and firewall rules to control access and reduce the attack surface.
Input Validation: Implement strong input validation mechanisms to prevent command injection attacks. Ensure that all user inputs are properly sanitized before being processed by the device.

Final Thoughts

The addition of these vulnerabilities to CISA’s KEV catalog underscores the critical importance of timely remediation to protect against cyber threats. By applying the recommended updates, implementing strong security measures, and maintaining regular monitoring, organizations can mitigate the risks associated with these vulnerabilities and safeguard their systems and data.