The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding six newly identified vulnerabilities that pose significant threats to organizations and government agencies. These security flaws are confirmed to be actively exploited by cybercriminals, making immediate patching and risk mitigation essential.
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities before their assigned deadlines. Organizations worldwide should also prioritize security updates to prevent breaches, malware infections, and unauthorized access attempts.
1. Breakdown of Newly Added KEV Vulnerabilities
🔴 Critical & High-Severity Exploited Vulnerabilities
1️⃣ CVE-2025-4427 – Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass
- Impact: Allows unauthenticated attackers to bypass authentication mechanisms, gaining unauthorized administrative control over Ivanti’s mobile device management (MDM) platform.
- Risk: Exploited in mobile device takeover attacks targeting enterprises and federal agencies.
2️⃣ CVE-2025-4428 – Ivanti Endpoint Manager Mobile (EPMM) Code Injection
- Impact: Enables remote code execution (RCE) through manipulated system requests, allowing attackers to run malicious commands on compromised devices.
- Risk: Attackers can deploy malware, steal credentials, and disable security protections remotely.
3️⃣ CVE-2024-11182 – MDaemon Email Server Cross-Site Scripting (XSS)
- Impact: Attackers inject malicious JavaScript payloads into MDaemon webmail, leading to session hijacking and unauthorized email access.
- Risk: Exploited in phishing campaigns targeting corporate email accounts, potentially enabling business email compromise (BEC) attacks.
4️⃣ CVE-2025-27920 – Srimax Output Messenger Directory Traversal
- Impact: Attackers can exploit path traversal flaws to gain unauthorized access to sensitive files stored on Srimax Output Messenger servers.
- Risk: Could be used for corporate espionage, data theft, or to deliver ransomware payloads.
5️⃣ CVE-2024-27443 – Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
- Impact: Unpatched Zimbra installations are vulnerable to malicious script injections, allowing attackers to steal login credentials, manipulate inbox contents, or intercept emails.
- Risk: Actively used in email account hijacking and credential phishing campaigns.
6️⃣ CVE-2023-38950 – ZKTeco BioTime Path Traversal
- Impact: Attackers bypass file system protections via path traversal vulnerabilities, exposing confidential user data stored in ZKTeco’s biometric access systems.
- Risk: Can lead to unauthorized biometric authentication manipulations, potentially allowing physical security breaches in affected organizations.
2. Why These Vulnerabilities Matter
🚨 Confirmed Active Exploitation – These vulnerabilities are already being leveraged by cybercriminals, putting unpatched systems at high risk.
🚨 Government & Enterprise Impact – Many affected products are widely used in federal agencies and large organizations, increasing potential damage from targeted attacks.
🚨 Persistent Threat Actors – Cybersecurity researchers have attributed some of these exploits to state-sponsored hacking groups focused on data theft and disruption.
3. Required Actions & Recommended Mitigation Strategies
✅ Immediate Security Patching
🔹 Ivanti Endpoint Manager Mobile (EPMM) – Install the latest security updates to prevent authentication bypass and code injection attacks.
🔹 MDaemon & Zimbra Email Servers – Apply patches for XSS vulnerabilities, ensuring secure email communications.
🔹 Srimax Output Messenger & ZKTeco BioTime – Restrict unauthorized file access by enforcing access control policies.
🔒 Strengthen System Protections
🔸 Enable Web Application Firewalls (WAFs) to block XSS exploitation attempts.
🔸 Implement multi-factor authentication (MFA) for sensitive platforms to reduce unauthorized access risks.
🔸 Deploy Intrusion Detection Systems (IDS) to monitor for suspicious activity.
⚠️ Federal Compliance Requirements
📌 Under Binding Operational Directive (BOD) 22-01, Federal agencies MUST remediate these vulnerabilities by their assigned deadlines to remain compliant.
📌 Failure to patch could result in regulatory penalties and increased security risks.
4. Conclusion & Next Steps
🚨 CISA’s addition of these six vulnerabilities to the KEV Catalog highlights their immediate danger and the necessity for rapid response measures. Organizations must apply patches, enhance cybersecurity defenses, and monitor for exploitation attempts to ensure robust protection.
