CISA Weekly Intelligence Brief on Security Alerts and Vulnerabilities - Week of August 18, 2025

Key Takeaways

CISA and U.S. agencies released guidance on asset inventories.
New vulnerability CVE-2025-54948 added to the Known Exploited Vulnerabilities (KEV) Catalog.
Guidance aims to enhance cybersecurity practices in Operational technology (OT) environments.
Timely remediation of vulnerabilities is emphasized for all organizations.

CISA, in collaboration with the National Security Agency, the FBI, and other partners, released guidance intended for OT owners to aid in the creation of asset inventories and taxonomies. This guidance targets all critical infrastructure sectors, emphasizing the importance of consistently managing OT assets.

An asset inventory comprises a structured and updated list of an organization's hardware, software, and systems. It categorizes assets according to their significance and utility. By following the guidelines, OT owners can better safeguard vital resources and optimize their cybersecurity measures.

In other updates, CISA added CVE-2025-54948 to its KEV Catalog due to active exploitation risks. This vulnerability is linked to Trend Micro’s Apex One Operating System (OS) Command Injection. CISA encourages organizations to prioritize the remediation of vulnerabilities from the KEV Catalog to mitigate potential cyber threats.

CISA and U.S. agencies release asset inventory guidance
CISA and U.S. agencies issued guidance for OT owners on creating asset inventories and taxonomies.
CISA adds CVE-2025-54948 to KEV Catalog
CISA adds CVE-2025-54948 to its KEV Catalog due to active exploitation concerns.

Key Takeaways

Avast recognized for safeguarding against online threats in 2025

VU#516608: Multiple Password Managers Vulnerable to Clickjacking Attacks

CISA halts updates on Siemens ICS vulnerabilities, Cognizant advances AI initiatives - October 17, 2025