CISA adds two known exploited vulnerabilities to catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has incorporated two vulnerabilities into its Known Exploited Vulnerabilities (KEV) Catalog following confirmation of active exploitation. The affected products include the XWiki Platform and VMware Aria Operations alongside VMware Tools by Broadcom. The reported weaknesses involve an eval injection and privilege definition with unsafe actions, respectively, which threaten system security.

The first vulnerability, identified as CVE-2025-24893, affects the XWiki Platform through an eval injection flaw. The second, CVE-2025-41244, pertains to Broadcom's VMware Aria Operations and VMware Tools, where privilege definitions include unsafe actions. Specific affected versions or component details were not provided beyond these designations. Both vulnerabilities have been verified as actively exploited and are cataloged accordingly.

The presence of these vulnerabilities creates opportunities for malicious actors to compromise federal enterprise systems and networks. The consequences underscore the importance of addressing these security weaknesses to maintain operational integrity.

Under Binding Operational Directive (BOD) 22-01 (BOD 22-01), Federal Civilian Executive Branch agencies are required to remediate such vulnerabilities by designated deadlines to safeguard their networks. This directive established the KEV Catalog as a resource listing CVEs that pose substantial risks. While the directive mandates remediation within federal agencies, CISA suggests all organizations prioritize these vulnerabilities within their security management strategies.

CISA's guidance recommends organizations focus on timely remediation of vulnerabilities listed in the KEV Catalog to reduce exposure to cyberattacks. The agency will continue updating the catalog with vulnerabilities meeting set criteria to support vulnerability management efforts across sectors.