CISA Adds Five New Vulnerabilities to  KEV Catalog

CISA Adds Five New Vulnerabilities to  KEV Catalog

1

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five new vulnerabilities that pose a high risk to federal agencies and private enterprises. These newly listed vulnerabilities are being actively exploited by cybercriminals, making immediate patching and risk mitigation critical.

1. Breakdown of Newly Added KEV Vulnerabilities

🔴 Critical & Actively Exploited Security Flaws

1️⃣ CVE-2021-32030 – ASUS Router Authentication Bypass

  • Affected Devices: ASUS routers, including consumer and enterprise models.
  • Impact: Attackers bypass authentication mechanisms, gaining unauthorized administrative control, potentially modifying device settings or injecting malicious firmware.
  • Threat Scenario: Cybercriminals could exploit this flaw to remotely hijack network traffic, enabling man-in-the-middle (MITM) attacks.

2️⃣ CVE-2023-39780 – ASUS RT-AX55 OS Command Injection

  • Affected Devices: ASUS RT-AX55 routers and related models.
  • Impact: Enables remote code execution (RCE) via crafted payloads, allowing attackers to run unauthorized commands on compromised routers.
  • Threat Scenario: This vulnerability opens pathways for botnet recruitment, where affected routers could be integrated into large-scale DDoS campaigns.

3️⃣ CVE-2024-56145 – Craft CMS Code Injection

  • Affected Software: Craft CMS versions prior to latest security patches.
  • Impact: Attackers exploit a code injection flaw to manipulate website content, execute arbitrary PHP code, or gain administrator privileges.
  • Threat Scenario: Exploited Craft CMS instances could be used for malware distribution or credential harvesting through compromised login portals.

4️⃣ CVE-2025-3935 – ConnectWise ScreenConnect Authentication Bypass

  • Affected Software: ConnectWise ScreenConnect remote access software.
  • Impact: Attackers can bypass authentication mechanisms, gaining unauthorized remote access to IT management consoles.
  • Threat Scenario: This vulnerability could be leveraged to deploy ransomware, disrupt IT operations, or steal sensitive enterprise data.

5️⃣ CVE-2025-35939 – Craft CMS External Control of Web Parameters

  • Affected Software: Craft CMS versions with unpatched security flaws.
  • Impact: Allows unauthenticated users to manipulate web parameters, potentially leading to arbitrary file modifications or database compromises.
  • Threat Scenario: Attackers may use this vulnerability to inject malicious scripts, facilitating website defacement and unauthorized data exfiltration.

2. Why These Vulnerabilities Are Urgent Concerns

  • Confirmed Active Exploitation – These vulnerabilities are actively targeted by cybercriminals, putting unpatched systems at high risk.
  • Enterprise-Wide Impact – Affected products are commonly used in IT management, web development, and network infrastructure, making them attractive targets for attackers.
  • Persistent Threat Actors – Security research suggests that some of these vulnerabilities are being leveraged by nation-state hacking groups, increasing the likelihood of targeted cyber espionage campaigns.

Failure to patch these vulnerabilities may lead to ransomware infections, business disruptions, unauthorized data exposure, and potential regulatory fines for non-compliance with security policies.

3. Mitigation Strategies & Required Actions

✅ Immediate Security Patching

🔹 ASUS Routers – Apply firmware updates to secure authentication mechanisms and mitigate OS command injection risks.
🔹 Craft CMS – Deploy patches to address code injection vulnerabilities and web parameter manipulation flaws.
🔹 ConnectWise ScreenConnect – Implement security updates to strengthen authentication protocols and prevent unauthorized system access.

🔒 Strengthen System Protections

🔸 Enable Web Application Firewalls (WAFs) to filter malicious payload attempts.
🔸 Implement multi-factor authentication (MFA) for administrative and remote access accounts.
🔸 Deploy Intrusion Detection Systems (IDS) to monitor exploit attempts and suspicious activity.

⚠️ Federal Compliance Requirements

📌 Under Binding Operational Directive (BOD) 22-01, U.S. government agencies must remediate these vulnerabilities by the assigned deadline to remain compliant.
📌 Non-compliance may result in restricted access to federal systems, reputational damage, and heightened cybersecurity risks.

4. Conclusion & Next Steps

The addition of these five vulnerabilities to the KEV Catalog underscores their immediate danger, necessitating rapid response measures across affected sectors. Organizations must apply patches, enhance cybersecurity defenses, and monitor exploit attempts to prevent unauthorized intrusions.

Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.