CISA Adds New CVEs to Known Exploited Vulnerabilities Catalog

CISA KEV catalog cybersecurity vulnerabilities Adminer CVE Cisco IOS CVE Fortra GoAnywhere MFT Libraesva ESG Sudo vulnerabilities
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025 3 min read

U.S. CISA Adds Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included several critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. These include flaws in Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo.

CISA

Adminer Vulnerability

  • CVE-2021-21311: This vulnerability allows server-side request forgery, enabling remote attackers to access potentially sensitive information.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Cisco IOS Vulnerability

  • CVE-2025-20352: A stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem.
  • This flaw can lead to remote code execution or denial of service.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Fortra GoAnywhere MFT Vulnerability

  • CVE-2025-10035: This vulnerability involves deserialization of untrusted data, allowing execution of arbitrary commands on affected systems.
  • Action: Users should upgrade to a patched version (latest release 7.8.4).
  • Additional details can be found in the Fortra Advisory.

Libraesva ESG Vulnerability

  • CVE-2025-59689: A command injection vulnerability exploited by nation-state actors through specially crafted compressed attachments.
  • This flaw allows attackers to execute arbitrary commands as a non-privileged user.
  • Action: Users should upgrade to the latest version of Libraesva ESG.
  • More information can be found in the Libraesva advisory.

Sudo Vulnerabilities

  • CVE-2025-32463: This vulnerability allows local users to escalate privileges to root on affected systems.
  • Action: Users should apply mitigations as per vendor recommendations and follow applicable BOD 22-01 guidance.
  • Additional details are available in the Sudo security advisory.

Libraesva ESG Zero-Day Exploit

The Libraesva Email Security Gateway (ESG) has been targeted by suspected state-sponsored attackers exploiting a zero-day vulnerability.

CVE-2025-59689 Details

  • This command injection vulnerability results from improper sanitization of code in compressed archive files.
  • Attackers can execute arbitrary shell commands using specially crafted emails.
  • The vulnerability affects versions from 4.5 to 5.5.
  • Fixes have been rolled out for the 5.x branches via automatic updates.
  • For 4.x users, a manual upgrade to a fixed 5.x version is required as 4.x is no longer supported.

Response to Exploit

Libraesva has confirmed that their security team is analyzing details of the attack and has rolled out an emergency security update. They emphasize the importance of rapid patch deployment due to the precision of the threat actor believed to be a foreign state.

Threat Actors Chaining Vulnerabilities in Ivanti CSA

CISA and the FBI have issued a joint advisory regarding multiple vulnerabilities in Ivanti Cloud Service Applications (CSA) that were exploited in September 2024.

Vulnerabilities Overview

The vulnerabilities include:

  • CVE-2024-8963: An administrative bypass allowing remote access to restricted features.
  • CVE-2024-9379: SQL injection vulnerability.
  • CVE-2024-8190 and CVE-2024-9380: Remote code execution vulnerabilities.

Exploitation Details

Threat actors exploited these vulnerabilities in chains to gain initial access and conduct remote code execution, leading to credential theft and webshell implantation. The vulnerabilities affect Ivanti CSA version 4.6x and below.

Recommended Actions

  • Upgrade to the latest supported version of Ivanti CSA.
  • Monitor networks for malicious activity related to these vulnerabilities.

For comprehensive details, refer to the advisory on Ivanti CSA vulnerabilities.

Additional Vulnerabilities in Ivanti Cloud Services Application

Multiple vulnerabilities have been reported in Ivanti CSA that could lead to remote code execution, including:

  • CVE-2024-11639: An authentication bypass vulnerability.
  • CVE-2024-11772: Command injection vulnerability.
  • CVE-2024-11773: SQL injection vulnerability.

Risk Assessment

These vulnerabilities pose a high risk for large and medium entities and a medium risk for small businesses and home users.

Recommendations

  • Apply updates provided by Ivanti immediately.
  • Establish a vulnerability management process to address these risks.

For further information, please consult the Ivanti Security Advisory.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview
OpenSSL vulnerability

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview

Urgent: OpenSSL 3.x vulnerable to CVE-2025-15467, enabling pre-auth RCE. Learn affected versions, impact, and immediate mitigation steps. Protect your systems now!

By Divyansh Ingle March 10, 2026 4 min read
common.read_full_article
SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now
SolarWinds Web Help Desk

SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now

Critical RCE & Auth Bypass flaws in SolarWinds Web Help Desk are fixed! Don't risk it. Update to v2026.1 now to protect your systems. Learn more.

By Edward Zhou March 9, 2026 4 min read
common.read_full_article
AI vs Human Hackers: Who Prevails in 2026 Pen Testing?
AI hacking

AI vs Human Hackers: Who Prevails in 2026 Pen Testing?

Discover the results of a groundbreaking study comparing AI agents and human hackers in web vulnerability exploitation. See who prevails and what it means for your security. Read now!

By Jim Gagnard March 6, 2026 6 min read
common.read_full_article
Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends

Exploits are now the top intrusion method, outpacing phishing. Discover why rapid vulnerability patching is critical and how to bolster your defenses. Read more!

By Edward Zhou March 4, 2026 4 min read
common.read_full_article