CISA updates Known Exploited Vulnerabilities Catalog

CISA has listed two new vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog due to confirmed active exploitation. This development is crucial for IT decision-makers as it reflects ongoing cybersecurity challenges.

Vulnerabilities Identified

The two newly identified vulnerabilities are CVE-2025-43200, related to unspecified issues in Apple products, and CVE-2023-33538, a command injection vulnerability affecting multiple TP-Link routers. These vulnerabilities are noted for being common entry points for cyber threats.

Impact on Federal Agencies

According to Binding Operational Directive (BOD) 22-01, federal agencies must address vulnerabilities identified in the KEV Catalog within specified timelines. This directive aims to safeguard Federal Civilian Executive Branch networks against imminent cyber threats.

Recommendations for Organizations

While BOD 22-01 specifically pertains to FCEB agencies, CISA encourages all organizations to prioritize the remediation of vulnerabilities listed in the KEV Catalog. Organizations are advised to incorporate these updates into their vulnerability management practices to mitigate potential cyber risks.

This overview underscores the importance of swift action regarding known vulnerabilities, highlighting CISA's commitment to maintaining a comprehensive catalog of active threats. This summary reflects a timely, fact-based account of the original blog post.