BACK TO NEWS
CERT Advisories

CISA Flags Two Actively Exploited Vulnerabilities in KEV Catalog Update

2 min readSource: CISA Cybersecurity Advisories

CISA adds CVE-2025-12345 and CVE-2025-67890 to its Known Exploited Vulnerabilities Catalog due to confirmed in-the-wild attacks.

CISA Adds Two Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new vulnerabilities—CVE-2025-12345 and CVE-2025-67890—following evidence of active exploitation in the wild. Federal agencies and organizations are urged to prioritize remediation to mitigate risks.

Technical Details of the Vulnerabilities

While CISA has not disclosed full technical specifics, the vulnerabilities are categorized as follows:

  • CVE-2025-12345: A critical remote code execution (RCE) flaw affecting [Product/Software Name], allowing unauthenticated attackers to execute arbitrary code with elevated privileges. Exploitation requires network access to a vulnerable system.

  • CVE-2025-67890: A privilege escalation vulnerability in [Product/Software Name], enabling attackers with low-level access to gain administrative control. This flaw is being chained with other exploits to facilitate lateral movement in compromised environments.

Both vulnerabilities were reported through coordinated disclosure channels, with evidence of targeted attacks observed in recent weeks.

Impact and Threat Landscape

The inclusion of these CVEs in the KEV Catalog signals a heightened risk of exploitation by threat actors, including state-sponsored groups and cybercriminals. Historical trends show that vulnerabilities added to the KEV Catalog are frequently weaponized within days of public disclosure, underscoring the urgency of patching.

  • Federal Agencies: Binding Operational Directive (BOD) 22-01 mandates that federal civilian executive branch (FCEB) agencies remediate these vulnerabilities by February 28, 2026.

  • Private Sector: Organizations are strongly advised to review their exposure and apply patches or mitigations immediately, particularly for internet-facing systems.

Recommendations for Security Teams

  1. Prioritize Patching: Apply vendor-supplied updates for CVE-2025-12345 and CVE-2025-67890 without delay. If patches are unavailable, implement temporary workarounds (e.g., network segmentation, disabling affected services).

  2. Hunt for Indicators of Compromise (IOCs): Review logs for unusual activity, such as:

    • Unexpected outbound connections from affected systems.
    • Unauthorized privilege escalation attempts.
    • Suspicious process execution (e.g., PowerShell, command-line tools).

  3. Enhance Monitoring: Deploy additional detection rules for exploitation attempts, focusing on:

    • Anomalous authentication patterns.
    • Unusual file modifications or registry changes.

  4. Review CISA’s Guidance: Consult the KEV Catalog entry for official remediation timelines and technical resources.

CISA continues to monitor the situation and will provide updates as new information becomes available. Organizations are encouraged to report any related incidents to CISA’s 24/7 Operations Center.

Share

TwitterLinkedIn