CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek.

CISA KEV

The US cybersecurity agency CISA is now aware of 1,484 software and hardware vulnerabilities that have been exploited in the wild.

Throughout 2025, the agency added 245 security defects to its Known Exploited Vulnerabilities (KEV) list, including 24 bugs that have been exploited in ransomware attacks.

CISA’s KEV list has been growing steadily since its public release in November 2021, and last year marked its largest expansion rate over a three-year period, at 20%.

“After an initial surge of added vulnerabilities after the database first launched, growth stabilized in 2023 and 2024, with 187 vulnerabilities added in 2023 and 185 in 2024,” cybersecurity firm Cyble explains.

Most of the weaknesses added to the KEV catalog in 2025 were new vulnerabilities, but CISA did not ignore older bugs either. Last year, 94 flaws disclosed in 2024 and prior were added to the list.

The oldest vulnerability added to the CISA KEV in 2025 was CVE-2007-0671, a remote code execution (RCE) issue in Microsoft Office.

As Cyble notes, “the oldest vulnerability in the catalog remains one from 2002 – CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 smss.exe debugging subsystem that has been known to be used in ransomware attacks.”

Of the 24 security defects exploited by ransomware groups, the widely exploited CitrixBleed 2 (CVE-2025-5777) and Oracle E-Business Suite (CVE-2025-61882 and CVE-2025-61884) flaws stand out, mainly due to their broad impact.

New vulnerabilities in Fortinet, Ivanti, Microsoft, Mitel, SAP, and SonicWall products have been targeted in ransomware attacks as well.

Cyble’s analysis of the 2025 additions to the CISA KEV list shows that OS command injection, deserialization of untrusted data, path traversal, use-after-free, out-of-bounds write, XSS, code injection, and improper authentication were the most prominent types of bugs.

Federal agencies, organizations of all sizes, and software developers should monitor the KEV list to better protect their environments and increase awareness of the most common weaknesses that threat actors are targeting in attacks.

Related: CISA Warns of Exploited Flaw in Asus Update Tool

Related: CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

Related: CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

Related: CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks

Latest News

CYBERNEWSMEDIAPublisher