|
1 | 1 | { |
2 | 2 | "title": "CISA Catalog of Known Exploited Vulnerabilities", |
3 | | - "catalogVersion": "2025.09.30", |
4 | | - "dateReleased": "2025-09-30T12:35:25.4401Z", |
5 | | - "count": 1422, |
| 3 | + "catalogVersion": "2025.10.02", |
| 4 | + "dateReleased": "2025-10-02T14:59:13.7696Z", |
| 5 | + "count": 1427, |
6 | 6 | "vulnerabilities": [ |
| 7 | + { |
| 8 | + "cveID": "CVE-2014-6278", |
| 9 | + "vendorProject": "GNU", |
| 10 | + "product": "GNU Bash", |
| 11 | + "vulnerabilityName": "GNU Bash OS Command Injection Vulnerability", |
| 12 | + "dateAdded": "2025-10-02", |
| 13 | + "shortDescription": "GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.", |
| 14 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. ", |
| 15 | + "dueDate": "2025-10-23", |
| 16 | + "knownRansomwareCampaignUse": "Unknown", |
| 17 | + "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http:\/\/ftp.gnu.org\/gnu\/bash\/bash-4.3-patches\/bash43-027 ; https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/23467 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20140926-bash ; https:\/\/www.ibm.com\/support\/pages\/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-6278", |
| 18 | + "cwes": [ |
| 19 | + "CWE-78" |
| 20 | + ] |
| 21 | + }, |
| 22 | + { |
| 23 | + "cveID": "CVE-2017-1000353", |
| 24 | + "vendorProject": "Jenkins", |
| 25 | + "product": "Jenkins", |
| 26 | + "vulnerabilityName": "Jenkins Remote Code Execution Vulnerability", |
| 27 | + "dateAdded": "2025-10-02", |
| 28 | + "shortDescription": "Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.", |
| 29 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 30 | + "dueDate": "2025-10-23", |
| 31 | + "knownRansomwareCampaignUse": "Unknown", |
| 32 | + "notes": "https:\/\/www.jenkins.io\/security\/advisory\/2017-04-26\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-1000353", |
| 33 | + "cwes": [] |
| 34 | + }, |
| 35 | + { |
| 36 | + "cveID": "CVE-2015-7755", |
| 37 | + "vendorProject": "Juniper", |
| 38 | + "product": "ScreenOS", |
| 39 | + "vulnerabilityName": "Juniper ScreenOS Improper Authentication Vulnerability", |
| 40 | + "dateAdded": "2025-10-02", |
| 41 | + "shortDescription": "Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.", |
| 42 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 43 | + "dueDate": "2025-10-23", |
| 44 | + "knownRansomwareCampaignUse": "Unknown", |
| 45 | + "notes": "https:\/\/supportportal.juniper.net\/s\/article\/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7755", |
| 46 | + "cwes": [ |
| 47 | + "CWE-287" |
| 48 | + ] |
| 49 | + }, |
| 50 | + { |
| 51 | + "cveID": "CVE-2025-21043", |
| 52 | + "vendorProject": "Samsung", |
| 53 | + "product": "Mobile Devices", |
| 54 | + "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Write Vulnerability", |
| 55 | + "dateAdded": "2025-10-02", |
| 56 | + "shortDescription": "Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.", |
| 57 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 58 | + "dueDate": "2025-10-23", |
| 59 | + "knownRansomwareCampaignUse": "Unknown", |
| 60 | + "notes": "https:\/\/security.samsungmobile.com\/securityUpdate.smsb?year=2025&month=09 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21043", |
| 61 | + "cwes": [ |
| 62 | + "CWE-787" |
| 63 | + ] |
| 64 | + }, |
| 65 | + { |
| 66 | + "cveID": "CVE-2025-4008", |
| 67 | + "vendorProject": "Smartbedded", |
| 68 | + "product": "Meteobridge", |
| 69 | + "vulnerabilityName": "Smartbedded Meteobridge Command Injection Vulnerability", |
| 70 | + "dateAdded": "2025-10-02", |
| 71 | + "shortDescription": "Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.", |
| 72 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 73 | + "dueDate": "2025-10-23", |
| 74 | + "knownRansomwareCampaignUse": "Unknown", |
| 75 | + "notes": "https:\/\/forum.meteohub.de\/viewtopic.php?t=18687 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4008", |
| 76 | + "cwes": [ |
| 77 | + "CWE-306", |
| 78 | + "CWE-77" |
| 79 | + ] |
| 80 | + }, |
7 | 81 | { |
8 | 82 | "cveID": "CVE-2025-32463", |
9 | 83 | "vendorProject": "Sudo", |
|
0 commit comments