CISA adds CVE-2025-57819 to Known Exploited Vulnerabilities Catalog

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog by adding a new entry based on reports of active exploitation. This addition is relevant for IT decision-makers as it underscores the ongoing risks posed by identified vulnerabilities.

Vulnerability Details

The new vulnerability, identified as CVE-2025-57819, affects Sangoma FreePBX and is characterized as an authentication bypass vulnerability. Such vulnerabilities frequently serve as entry points for cyber threats.

Implications for Federal Agencies

According to Binding Operational Directive (BOD) 22-01, federal agencies are required to remediate vulnerabilities listed in the KEV Catalog by designated deadlines. This directive aims to secure networks from potential threats posed by these vulnerabilities.

While the directive specifically targets Federal Civilian Executive Branch agencies, CISA encourages all organizations to prioritize the remediation of vulnerabilities outlined in the KEV Catalog to mitigate risks from cyberattacks.

Future Updates

CISA will continue to expand the KEV Catalog with new vulnerabilities that fit established criteria, emphasizing the need for organizations to remain vigilant in their vulnerability management efforts.

This update regarding the inclusion of CVE-2025-57819 in the KEV Catalog highlights ongoing cybersecurity challenges faced by organizations and reinforces the necessity for proactive remediation strategies. This summary reflects a timely, fact-based overview of CISA's latest blog post.