CISA Adds New CVEs to Known Exploited Vulnerabilities Catalog

CISA KEV catalog cybersecurity vulnerabilities Adminer CVE Cisco IOS CVE Fortra GoAnywhere MFT Libraesva ESG Sudo vulnerabilities
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025
3 min read

U.S. CISA Adds Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included several critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. These include flaws in Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo.

CISA

Adminer Vulnerability

  • CVE-2021-21311: This vulnerability allows server-side request forgery, enabling remote attackers to access potentially sensitive information.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Cisco IOS Vulnerability

  • CVE-2025-20352: A stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem.
  • This flaw can lead to remote code execution or denial of service.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Fortra GoAnywhere MFT Vulnerability

  • CVE-2025-10035: This vulnerability involves deserialization of untrusted data, allowing execution of arbitrary commands on affected systems.
  • Action: Users should upgrade to a patched version (latest release 7.8.4).
  • Additional details can be found in the Fortra Advisory.

Libraesva ESG Vulnerability

  • CVE-2025-59689: A command injection vulnerability exploited by nation-state actors through specially crafted compressed attachments.
  • This flaw allows attackers to execute arbitrary commands as a non-privileged user.
  • Action: Users should upgrade to the latest version of Libraesva ESG.
  • More information can be found in the Libraesva advisory.

Sudo Vulnerabilities

  • CVE-2025-32463: This vulnerability allows local users to escalate privileges to root on affected systems.
  • Action: Users should apply mitigations as per vendor recommendations and follow applicable BOD 22-01 guidance.
  • Additional details are available in the Sudo security advisory.

Libraesva ESG Zero-Day Exploit

The Libraesva Email Security Gateway (ESG) has been targeted by suspected state-sponsored attackers exploiting a zero-day vulnerability.

CVE-2025-59689 Details

  • This command injection vulnerability results from improper sanitization of code in compressed archive files.
  • Attackers can execute arbitrary shell commands using specially crafted emails.
  • The vulnerability affects versions from 4.5 to 5.5.
  • Fixes have been rolled out for the 5.x branches via automatic updates.
  • For 4.x users, a manual upgrade to a fixed 5.x version is required as 4.x is no longer supported.

Response to Exploit

Libraesva has confirmed that their security team is analyzing details of the attack and has rolled out an emergency security update. They emphasize the importance of rapid patch deployment due to the precision of the threat actor believed to be a foreign state.

Threat Actors Chaining Vulnerabilities in Ivanti CSA

CISA and the FBI have issued a joint advisory regarding multiple vulnerabilities in Ivanti Cloud Service Applications (CSA) that were exploited in September 2024.

Vulnerabilities Overview

The vulnerabilities include:

  • CVE-2024-8963: An administrative bypass allowing remote access to restricted features.
  • CVE-2024-9379: SQL injection vulnerability.
  • CVE-2024-8190 and CVE-2024-9380: Remote code execution vulnerabilities.

Exploitation Details

Threat actors exploited these vulnerabilities in chains to gain initial access and conduct remote code execution, leading to credential theft and webshell implantation. The vulnerabilities affect Ivanti CSA version 4.6x and below.

Recommended Actions

  • Upgrade to the latest supported version of Ivanti CSA.
  • Monitor networks for malicious activity related to these vulnerabilities.

For comprehensive details, refer to the advisory on Ivanti CSA vulnerabilities.

Additional Vulnerabilities in Ivanti Cloud Services Application

Multiple vulnerabilities have been reported in Ivanti CSA that could lead to remote code execution, including:

  • CVE-2024-11639: An authentication bypass vulnerability.
  • CVE-2024-11772: Command injection vulnerability.
  • CVE-2024-11773: SQL injection vulnerability.

Risk Assessment

These vulnerabilities pose a high risk for large and medium entities and a medium risk for small businesses and home users.

Recommendations

  • Apply updates provided by Ivanti immediately.
  • Establish a vulnerability management process to address these risks.

For further information, please consult the Ivanti Security Advisory.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments
NIST AI Risk Management Framework

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments

Prepare for 2026 NIST AI mandates. Learn how to secure autonomous agents and Model Context Protocol (MCP) deployments against evolving enterprise security threats.

By Alan V Gutnov June 11, 2026 6 min read
common.read_full_article
Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments
Post-Quantum Cryptography AD CS

Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments

Microsoft adds Post-Quantum Cryptography (PQC) to AD CS. Learn how ML-DSA and hybrid key exchanges protect Windows environments against Harvest Now, Decrypt Later.

By Edward Zhou June 12, 2026 4 min read
common.read_full_article
Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness
NIST post-quantum cryptography standards 2026

Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness

Is your enterprise ready for the 2026 NIST PQC deadline? Learn how to mitigate Harvest Now, Decrypt Later threats and update your infrastructure to quantum-resistant standards.

By Brandon Woo June 10, 2026 7 min read
common.read_full_article
Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security
industrial control systems zero trust

Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security

Explore how Zero Trust Architecture and cloud adoption are transforming Industrial Control Systems (ICS) security to mitigate modern cyber threats.

By Alan V Gutnov June 9, 2026 4 min read
common.read_full_article