CISA adds vulnerability CVE-2025-13223 to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a recently identified vulnerability in Google Chromium's V8 JavaScript engine involving type confusion, which has been actively exploited.

This vulnerability is identified as CVE-2025-13223 and affects the Google Chromium V8 component. The issue arises from a type confusion flaw, which malicious actors can trigger. The advisory specifically notes active exploitation of this vulnerability, leading to its inclusion in CISA's Known Exploited Vulnerabilities (KEV) Catalog.

The exploitation of this vulnerability poses risks that necessitate attention within federal systems and other affected networks, as it enables potential compromise through the flaw in the V8 engine.

To address these risks, remediation efforts aligned with Binding Operational Directive (BOD) 22-01 are mandated for Federal Civilian Executive Branch (FCEB) agencies, requiring vulnerabilities listed in the KEV Catalog to be mitigated within specified timelines to protect federal infrastructure.

While BOD 22-01 applies specifically to FCEB agencies, CISA recommends that all organizations incorporate prompt remediation of vulnerabilities from the KEV Catalog, including CVE-2025-13223, into their cybersecurity strategies to reduce exposure to active threats. CISA continues to update the catalog with vulnerabilities meeting established criteria for known exploitation.

iboss launches SSPM in its Zero Trust SASE platform

Salt Security releases Databricks connector and Netlify collector

Darling Ingredients selects Cato Networks for SASE