|
1 | 1 | { |
2 | 2 | "title": "CISA Catalog of Known Exploited Vulnerabilities", |
3 | | - "catalogVersion": "2025.06.03", |
4 | | - "dateReleased": "2025-06-03T16:48:39.9414Z", |
| 3 | + "catalogVersion": "2025.06.05", |
| 4 | + "dateReleased": "2025-06-05T18:02:07.1325Z", |
5 | 5 | "count": 1360, |
6 | 6 | "vulnerabilities": [ |
| 7 | + { |
| 8 | + "cveID": "CVE-2025-5419", |
| 9 | + "vendorProject": "Google", |
| 10 | + "product": "Chromium V8", |
| 11 | + "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability", |
| 12 | + "dateAdded": "2025-06-05", |
| 13 | + "shortDescription": "Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", |
| 14 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 15 | + "dueDate": "2025-06-26", |
| 16 | + "knownRansomwareCampaignUse": "Unknown", |
| 17 | + "notes": "https:\/\/chromereleases.googleblog.com\/2025\/06\/stable-channel-update-for-desktop.html; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5419\",", |
| 18 | + "cwes": [ |
| 19 | + "CWE-125", |
| 20 | + "CWE-787" |
| 21 | + ] |
| 22 | + }, |
7 | 23 | { |
8 | 24 | "cveID": "CVE-2025-21479", |
9 | 25 | "vendorProject": "Qualcomm", |
|
205 | 221 | "product": "Endpoint Manager Mobile (EPMM)", |
206 | 222 | "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", |
207 | 223 | "dateAdded": "2025-05-19", |
208 | | - "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.", |
| 224 | + "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.", |
209 | 225 | "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
210 | 226 | "dueDate": "2025-06-09", |
211 | 227 | "knownRansomwareCampaignUse": "Unknown", |
|
259 | 275 | "CWE-78" |
260 | 276 | ] |
261 | 277 | }, |
262 | | - { |
263 | | - "cveID": "CVE-2025-4664", |
264 | | - "vendorProject": "Google", |
265 | | - "product": "Chromium", |
266 | | - "vulnerabilityName": "Google Chromium Loader Insufficient Policy Enforcement Vulnerability", |
267 | | - "dateAdded": "2025-05-15", |
268 | | - "shortDescription": "Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.", |
269 | | - "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
270 | | - "dueDate": "2025-06-05", |
271 | | - "knownRansomwareCampaignUse": "Unknown", |
272 | | - "notes": "https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4664", |
273 | | - "cwes": [ |
274 | | - "CWE-346" |
275 | | - ] |
276 | | - }, |
277 | 278 | { |
278 | 279 | "cveID": "CVE-2025-32756", |
279 | 280 | "vendorProject": "Fortinet", |
|
0 commit comments