US-CERT Feed

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms, email, and RSS feeds and will no longer be listed on our Cybersecurity Alerts & Advisories webpage.  

The focus of our Cybersecurity Alerts & Advisories webpage will now be on urgent information tied to emerging threats or major cyber activity. CISA wants this critical information to get the attention it deserves and ensure it is easier to find. We’ll continue to communicate releases and updates to our stakeholders. To stay informed, subscribe to receive our email notifications on CISA.gov. You can also follow us on X @CISACyber for timely cybersecurity updates. 

Note: If you’ve previously used RSS feeds to track Known Exploited Vulnerabilities Catalog updates, please subscribe to the KEV subscription topic through GovDelivery to continue receiving notifications.   

We greatly appreciate stakeholder feedback which played a part in this change and thank you for staying connected with CISA. 

CISA released five Industrial Control Systems (ICS) advisories on May 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-128-01 Horner Automation Cscape
• ICSA-25-128-02 Hitachi Energy RTU500 series
• ICSA-25-128-03 Mitsubishi Electric CC-Link IE TSN
   
• ICSA-25-093-01 Hitachi Energy RTU500 Series (Update A)
   
• ICSMA-25-128-01 Pixmeo OsiriX MD

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability
• CVE-2024-11120 GeoVision Devices OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. CISA strongly urges Critical Infrastructure Asset Owners and Operators to review the following fact sheet for detailed guidance on reducing the risk of potential intrusions:

• Primary Mitigations to Reduce Cyber Threats to Operational Technology

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released three Industrial Control Systems (ICS) advisories on May 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-126-01 Optigo Networks ONS NC600
• ICSA-25-126-02 Milesight UG65-868M-EA
• ICSA-25-126-03 BrightSign Players

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-3248 Langflow Missing Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
• CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerability
• CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-121-01 KUNBUS GmbH Revolution Pi
   
• ICSMA-25-121-01 MicroDicom DICOM Viewer

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released three Industrial Control Systems (ICS) advisories on April 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-119-01 Rockwell Automation ThinManager
• ICSA-25-119-02 Delta Electronics ISPSoft
   
• ICSA-25-105-05 Lantronix XPort (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability
• CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
• CVE-2025-3928 Commvault Web Server Unspecified Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released seven Industrial Control Systems (ICS) advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-114-01 Schneider Electric Modicon Controllers
• ICSA-25-114-02 ALBEDO Telecom Net.Time - PTP/NTP Clock
• ICSA-25-114-03 Vestel AC Charger
• ICSA-25-114-04 Nice Linear eMerge E3
• ICSA-25-114-05 Johnson Controls ICU
• ICSA-25-114-06 Planet Technology Network Products
   
• ICSA-24-338-05 Fuji Electric Monitouch V-SFT (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-112-01 Siemens TeleControl Server Basic SQL
• ICSA-25-112-02 Siemens TeleControl Server Basic
• ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A
• ICSA-25-112-04 ABB MV Drives
   
• ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released six Industrial Control Systems (ICS) advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio
• ICSA-25-107-02 Schneider Electric Sage Series
• ICSA-25-107-03 Schneider Electric ConneXium Network Manager
• ICSA-25-107-04 Yokogawa Recorder Products
• ICSA-24-326-04 Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update A)
• ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers (Update A)
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-31200 Apple Multiple Products Memory Corruption Vulnerability
• CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability
• CVE-2025-24054 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools). When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed.

The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risk to enterprise environments. Threat actors routinely harvest and weaponize such credentials to: 

• Escalate privileges and move laterally within networks.
• Access cloud and identity management systems.
• Conduct phishing, credential-based, or business email compromise (BEC) campaigns.  
• Resell or exchange access to stolen credentials on criminal marketplaces.
• Enrich stolen data with prior breach information for resale and/or targeted intrusion. 

CISA recommends the following actions to reduce the risks associated with potential credential compromise: 

• For Organizations:
  • Reset passwords for any known affected users across enterprise services, particularly where local credentials may not be federated through enterprise identity solutions.  
  • Review source code, infrastructure-as-code templates, automation scripts, and configuration files for hardcoded or embedded credentials and replace them with secure authentication methods supported by centralized secret management.
  • Monitor authentication logs for anomalous activity, especially involving privileged, service, or federated identity accounts, and assess whether additional credentials (such as API keys and shared accounts) may be associated with any known impacted identities.
  • Enforce phishing-resistant multi-factor authentication (MFA) for all user and administrator accounts wherever technically feasible.
  • For additional information for or on Cloud security best practices please review the following Cybersecurity Information Sheets: CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices.
• For Users:
  • Immediately update any potentially affected passwords that may have been reused across other platforms or services.
  • Use strong, unique passwords for each account and enable phishing-resistant multifactor authentication (MFA) on services and applications that support it. For more information on using strong passwords, see CISA’s Use Strong Passwords web page. For more information on phishing-resistant MFA see CISA’s Implementing Phishing-Resistant MFA Fact Sheet.
  • Remain alert against phishing attempts (e.g., referencing login issues, password resets, or suspicious activity notifications) and reference Phishing Guidance: Stopping the Attack Cycle at Phase One.

Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.  

 Disclaimer:  

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.