CISA adds three vulnerabilities to KEV Catalog

CISA has included three additional vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. This update is relevant for IT leaders aiming to strengthen their cybersecurity measures.

New Vulnerabilities Added

The recent additions to the catalog are as follows: CVE-2025-20281, relating to Cisco Identity Services Engine; CVE-2025-20337, another issue linked to Cisco's Identity Services Engine; and CVE-2023-2533, which involves a Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF.

Implications for Cybersecurity

These vulnerabilities are known to be exploited by cybercriminals and present considerable risks to federal systems. CISA emphasizes the importance of addressing these vulnerabilities promptly to mitigate cyber threats.

The Binding Operational Directive (BOD) 22-01 mandates that federal agencies address these vulnerabilities by predetermined deadlines. This directive is part of an ongoing effort to protect federal networks from active threats.

Recommendations for Organizations

CISA advises all organizations, not just those in the Federal Civilian Executive Branch, to prioritize the remediation of vulnerabilities listed in the KEV Catalog. This highlights the importance of making cybersecurity a priority across all sectors.

This summary reflects timely and relevant information for IT decision-makers focusing on cybersecurity. The website will continue to update the catalog with new vulnerabilities that meet established criteria.

New Vulnerabilities Added

Implications for Cybersecurity

Recommendations for Organizations

Avast recognized for safeguarding against online threats in 2025

VU#516608: Multiple Password Managers Vulnerable to Clickjacking Attacks

CISA halts updates on Siemens ICS vulnerabilities, Cognizant advances AI initiatives - October 17, 2025