BACK TO NEWS
CERT Advisories

CISA Flags Three Actively Exploited Vulnerabilities in Latest KEV Update

2 min readSource: CISA Cybersecurity Advisories
CVE-2025-20393

CISA adds CVE-2025-20393, CVE-2025-20394, and CVE-2025-22556 to its KEV catalog due to confirmed in-the-wild exploitation, urging immediate patching.

CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog with three new entries, citing evidence of active exploitation in the wild. The additions, announced on December 17, 2025, include vulnerabilities affecting Cisco, Adobe, and D-Link products.

Technical Details

The newly listed vulnerabilities are:

  1. CVE-2025-20393 (Cisco)

    • Affected Product: Cisco NX-OS Software
    • Impact: Command injection vulnerability in the CLI, allowing authenticated attackers with admin privileges to execute arbitrary commands as root.
    • CVSS Score: 7.2 (High)

  2. CVE-2025-20394 (Adobe)

    • Affected Product: Adobe ColdFusion
    • Impact: Improper access control flaw enabling arbitrary file system read/write operations, potentially leading to remote code execution (RCE).
    • CVSS Score: 9.8 (Critical)

  3. CVE-2025-22556 (D-Link)

    • Affected Product: D-Link DIR-846W Routers (end-of-life models)
    • Impact: Authentication bypass vulnerability allowing unauthenticated attackers to gain administrative access.
    • CVSS Score: 8.8 (High)

Impact Analysis

The inclusion of these vulnerabilities in the KEV catalog signals confirmed exploitation by threat actors, posing significant risks to organizations:

  • CVE-2025-20393: Exploitation could lead to complete system compromise in Cisco data center environments.
  • CVE-2025-20394: Adobe ColdFusion servers are frequent targets for ransomware groups; this flaw could facilitate initial access.
  • CVE-2025-22556: Unpatched D-Link routers may be hijacked for botnet recruitment or lateral movement in SOHO networks.

Recommendations

CISA has mandated federal civilian agencies to remediate these vulnerabilities by January 7, 2026, per Binding Operational Directive (BOD) 22-01. All organizations are urged to:

  • Prioritize patching for affected systems, especially Adobe ColdFusion (CVE-2025-20394) due to its critical severity.
  • Isolate or decommission end-of-life D-Link devices (CVE-2025-22556) if patches are unavailable.
  • Monitor network traffic for indicators of compromise (IoCs) associated with these CVEs.
  • Review CISA’s KEV catalog regularly for updates on actively exploited vulnerabilities.

For technical details and mitigation guidance, refer to the official advisories linked in the KEV catalog.

Share

TwitterLinkedIn