CISA Adds New CVEs to Known Exploited Vulnerabilities Catalog

CISA KEV catalog cybersecurity vulnerabilities Adminer CVE Cisco IOS CVE Fortra GoAnywhere MFT Libraesva ESG Sudo vulnerabilities
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025
3 min read

U.S. CISA Adds Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included several critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. These include flaws in Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo.

CISA

Adminer Vulnerability

  • CVE-2021-21311: This vulnerability allows server-side request forgery, enabling remote attackers to access potentially sensitive information.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Cisco IOS Vulnerability

  • CVE-2025-20352: A stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem.
  • This flaw can lead to remote code execution or denial of service.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Fortra GoAnywhere MFT Vulnerability

  • CVE-2025-10035: This vulnerability involves deserialization of untrusted data, allowing execution of arbitrary commands on affected systems.
  • Action: Users should upgrade to a patched version (latest release 7.8.4).
  • Additional details can be found in the Fortra Advisory.

Libraesva ESG Vulnerability

  • CVE-2025-59689: A command injection vulnerability exploited by nation-state actors through specially crafted compressed attachments.
  • This flaw allows attackers to execute arbitrary commands as a non-privileged user.
  • Action: Users should upgrade to the latest version of Libraesva ESG.
  • More information can be found in the Libraesva advisory.

Sudo Vulnerabilities

  • CVE-2025-32463: This vulnerability allows local users to escalate privileges to root on affected systems.
  • Action: Users should apply mitigations as per vendor recommendations and follow applicable BOD 22-01 guidance.
  • Additional details are available in the Sudo security advisory.

Libraesva ESG Zero-Day Exploit

The Libraesva Email Security Gateway (ESG) has been targeted by suspected state-sponsored attackers exploiting a zero-day vulnerability.

CVE-2025-59689 Details

  • This command injection vulnerability results from improper sanitization of code in compressed archive files.
  • Attackers can execute arbitrary shell commands using specially crafted emails.
  • The vulnerability affects versions from 4.5 to 5.5.
  • Fixes have been rolled out for the 5.x branches via automatic updates.
  • For 4.x users, a manual upgrade to a fixed 5.x version is required as 4.x is no longer supported.

Response to Exploit

Libraesva has confirmed that their security team is analyzing details of the attack and has rolled out an emergency security update. They emphasize the importance of rapid patch deployment due to the precision of the threat actor believed to be a foreign state.

Threat Actors Chaining Vulnerabilities in Ivanti CSA

CISA and the FBI have issued a joint advisory regarding multiple vulnerabilities in Ivanti Cloud Service Applications (CSA) that were exploited in September 2024.

Vulnerabilities Overview

The vulnerabilities include:

  • CVE-2024-8963: An administrative bypass allowing remote access to restricted features.
  • CVE-2024-9379: SQL injection vulnerability.
  • CVE-2024-8190 and CVE-2024-9380: Remote code execution vulnerabilities.

Exploitation Details

Threat actors exploited these vulnerabilities in chains to gain initial access and conduct remote code execution, leading to credential theft and webshell implantation. The vulnerabilities affect Ivanti CSA version 4.6x and below.

Recommended Actions

  • Upgrade to the latest supported version of Ivanti CSA.
  • Monitor networks for malicious activity related to these vulnerabilities.

For comprehensive details, refer to the advisory on Ivanti CSA vulnerabilities.

Additional Vulnerabilities in Ivanti Cloud Services Application

Multiple vulnerabilities have been reported in Ivanti CSA that could lead to remote code execution, including:

  • CVE-2024-11639: An authentication bypass vulnerability.
  • CVE-2024-11772: Command injection vulnerability.
  • CVE-2024-11773: SQL injection vulnerability.

Risk Assessment

These vulnerabilities pose a high risk for large and medium entities and a medium risk for small businesses and home users.

Recommendations

  • Apply updates provided by Ivanti immediately.
  • Establish a vulnerability management process to address these risks.

For further information, please consult the Ivanti Security Advisory.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits
vulnerability exploits

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits

Vulnerability exploits now account for 40% of cyber intrusions, surpassing phishing. Learn how shrinking patch windows and edge device targets are changing security.

By Brandon Woo April 6, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026
cybersecurity trends 2026

Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026

Vulnerability exploits now drive 40% of cyberattacks as hackers weaponize flaws within hours. Learn why traditional patching is failing and how to adapt. Read more.

By Divyansh Ingle March 30, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions
Vulnerability Exploitation

Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions

Hackers are weaponizing zero-days within hours of disclosure, leaving traditional patch cycles in the dust. Learn how to bridge the security gap with MFA and Zero-Trust.

By Alan V Gutnov March 23, 2026 4 min read
common.read_full_article
Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends

Exploits are the leading cause of cyber intrusions, outpacing phishing. Discover the latest trends and essential strategies to protect your organization. Read now!

By Brandon Woo March 16, 2026 3 min read
common.read_full_article