Update KEV: Wed Feb 19 00:11:26 UTC 2025

aboutcode-automation · aboutcode-automation · commit 1881149dc22b · 2025-02-19T00:11:26.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,39 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.02.15",
-    "dateReleased": "2025-02-15T19:28:17.8832Z",
-    "count": 1271,
+    "catalogVersion": "2025.02.18",
+    "dateReleased": "2025-02-18T20:08:26.6543Z",
+    "count": 1273,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-0108",
+            "vendorProject": "Palo Alto",
+            "product": "PAN-OS",
+            "vulnerabilityName": "Palo Alto PAN-OS Authentication Bypass Vulnerability",
+            "dateAdded": "2025-02-18",
+            "shortDescription": "Palo Alto PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2025-0108 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0108",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-53704",
+            "vendorProject": "SonicWall",
+            "product": "SonicOS",
+            "vulnerabilityName": "SonicWall SonicOS SSLVPN Improper Authentication Vulnerability",
+            "dateAdded": "2025-02-18",
+            "shortDescription": "SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0003 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53704",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
         {
             "cveID": "CVE-2024-57727",
             "vendorProject": "SimpleHelp ",
@@ -217,7 +247,7 @@
         {
             "cveID": "CVE-2018-19410",
             "vendorProject": "Paessler",
-            "product": "PTRG Network Monitor",
+            "product": "PRTG Network Monitor",
             "vulnerabilityName": "Paessler PRTG Network Monitor Local File Inclusion Vulnerability",
             "dateAdded": "2025-02-04",
             "shortDescription": "Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).",
