The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, identified as CVE-2025-32433 and CVE-2024-42009, are related to Erlang Erlang/OTP SSH Server and RoundCube Webmail, respectively. The addition of these vulnerabilities is based on evidence of active exploitation, posing significant risks to the federal enterprise. These types of vulnerabilities are often targeted by malicious cyber actors, making them a frequent attack vector. The KEV Catalog was established by the Binding Operational Directive (BOD) 22-01 to provide a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect their networks against active threats. CISA strongly urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. Although BOD 22-01 only applies to FCEB agencies, CISA encourages all organizations to take proactive measures to reduce their exposure to cyberattacks. The KEV Catalog will continue to be updated with vulnerabilities that meet the specified criteria, helping organizations stay informed about potential threats. By prioritizing the remediation of KEV Catalog vulnerabilities, organizations can protect themselves against active threats and reduce the risk of cyberattacks.
www.cisa.gov
www.cisa.gov
Create attached notes ...