CISA adds Samsung mobile device vulnerability to Known Exploited Vulnerabilities catalog

The Cybersecurity and Infrastructure Security Agency has incorporated a new vulnerability affecting Samsung mobile devices into its Known Exploited Vulnerabilities (KEV) Catalog. This security flaw involves an out-of-bounds write condition that can be leveraged to compromise device integrity.

The identified vulnerability, tracked as CVE-2025-21042, impacts Samsung mobile device firmware. It specifically relates to an out-of-bounds write scenario present within certain components of the affected devices. The advisory specifies that evidence exists of active exploitation against this vulnerability.

The consequences of this vulnerability include potential unauthorized modification of memory, which may lead to arbitrary code execution or device instability. Such exploitation poses a cybersecurity threat through manipulation of device operations.

Addressing this vulnerability is mandated for Federal Civilian Executive Branch agencies as per Binding Operational Directive (BOD) 22-01, which requires remediation of KEV. The directive defines the KEV Catalog as a curated list of Common Vulnerabilities and Exposures (CVE) carrying substantial risk, and it sets remediation deadlines for affected federal entities.

While the directive applies specifically to federal civilian agencies, the advisory encourages all organizations to prioritize remediation of vulnerabilities listed in the KEV Catalog. The Cybersecurity and Infrastructure Security Agency continues to update the catalog by including vulnerabilities meeting established criteria to reduce exposure to active threats.

iboss launches SSPM in its Zero Trust SASE platform

Salt Security releases Databricks connector and Netlify collector

Darling Ingredients selects Cato Networks for SASE