CISA adds Microsoft and Apple vulnerabilities to KEV Catalog

---

The Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild. These vulnerabilities affect Microsoft Windows and Apple products, posing significant security risks to organizations.

Newly Added Vulnerabilities

1. CVE-2025-24054 – Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

• Affected Product: Microsoft Windows
• Description:
• This vulnerability allows attackers to leak NTLMv2-SSP hashes via spoofing techniques.
• Exploited using maliciously crafted .library-ms files, which trigger SMB authentication requests to attacker-controlled servers.
• Impact:
• Credential theft via NTLM hash exposure.
• Privilege escalation if administrator credentials are compromised.
• Lateral movement within enterprise networks.
• Mitigation:
• Apply Microsoft’s March 11, 2025 patch.
• Disable NTLM authentication for SMB connections.
• Monitor network traffic for unusual NTLM requests.

2. CVE-2025-31200 – Apple Multiple Products Memory Corruption Vulnerability

• Affected Products: Apple macOS, iOS, iPadOS
• Description:
• A memory corruption flaw that allows attackers to execute arbitrary code.
• Exploited via malicious web content, leading to system compromise.
• Impact:
• Remote code execution (RCE).
• Potential malware deployment.
• Data exposure if exploited on vulnerable devices.
• Mitigation:
• Update to the latest Apple security patches.
• Enable WebKit security protections.
• Restrict execution of untrusted web content.

3. CVE-2025-31201 – Apple Multiple Products Arbitrary Read and Write Vulnerability

• Affected Products: Apple macOS, iOS, iPadOS
• Description:
• Allows attackers to read and write arbitrary memory locations, potentially leading to privilege escalation.
• Exploited via malicious applications or crafted web exploits.
• Impact:
• System compromise through unauthorized memory manipulation.
• Privilege escalation, allowing attackers to bypass security restrictions.
• Mitigation:
• Apply Apple’s latest security updates.
• Restrict execution of untrusted applications.
• Monitor system logs for abnormal memory access attempts.

Why This Matters

• These vulnerabilities are actively exploited, meaning attackers are using them in real-world cyberattacks.
• CISA’s Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by the due date to protect against active threats.
• Organizations outside the federal sector are strongly encouraged to prioritize patching these vulnerabilities to reduce their exposure to cyberattacks.