BACK TO NEWS
Breaking NewsLow

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

2 min readSource: The Hacker News
CVE-2025-68645

CISA updates Known Exploited Vulnerabilities catalog with four new flaws, including critical Zimbra RCE bug (CVE-2025-68645), amid active exploitation.

CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four new security flaws, citing confirmed evidence of active exploitation in the wild. The additions, announced on Thursday, underscore ongoing threats to enterprise and government systems.

Technical Details of the Vulnerabilities

The newly added vulnerabilities include:

  1. CVE-2025-68645 (CVSS: 8.8) – A remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS), enabling unauthenticated attackers to execute arbitrary code on vulnerable servers. Zimbra, a widely used email and collaboration platform, has been a frequent target for threat actors due to its enterprise adoption.

  2. Three additional flaws (details pending CISA’s public disclosure) are also listed, with exploitation observed across various software environments. CISA’s KEV catalog serves as a critical resource for federal agencies and private-sector organizations to prioritize patching efforts.

Impact and Exploitation Context

The inclusion of these vulnerabilities in the KEV catalog signals imminent risk to unpatched systems. CISA’s Binding Operational Directive (BOD) 22-01 mandates federal civilian agencies to remediate KEV-listed flaws within specified timeframes—typically two weeks for critical vulnerabilities like CVE-2025-68645.

  • Zimbra vulnerabilities have historically been exploited by APT groups and ransomware operators to gain initial access to corporate networks. The remote code execution (RCE) capability of CVE-2025-68645 heightens risks of data exfiltration, lateral movement, or malware deployment.
  • Organizations running outdated ZCS versions are particularly vulnerable, as threat actors actively scan for exposed instances.

Recommendations for Security Teams

CISA urges all organizations to:

  • Immediately patch CVE-2025-68645 and other KEV-listed vulnerabilities using vendor-provided updates.
  • Review CISA’s KEV catalog for additional guidance and remediation deadlines: https://www.cisa.gov/kev.
  • Monitor network traffic for signs of exploitation, such as unusual outbound connections or unauthorized access attempts.
  • Segment critical systems to limit lateral movement if a breach occurs.

Federal agencies must comply with BOD 22-01 requirements, while private-sector entities are strongly encouraged to align with CISA’s prioritization framework to mitigate risks.

For ongoing updates, refer to CISA’s official advisories and vendor patches.

Share

TwitterLinkedIn