Update KEV: Wed Feb 12 00:11:12 UTC 2025

aboutcode-automation · aboutcode-automation · commit 58e3120a8397 · 2025-02-12T00:11:12.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,69 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.02.07",
-    "dateReleased": "2025-02-07T18:02:47.8302Z",
-    "count": 1264,
+    "catalogVersion": "2025.02.11",
+    "dateReleased": "2025-02-11T19:20:49.4567Z",
+    "count": 1268,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2024-40891",
+            "vendorProject": "Zyxel",
+            "product": "DSL CPE Devices",
+            "vulnerabilityName": "Zyxel DSL CPE OS Command Injection Vulnerability",
+            "dateAdded": "2025-02-11",
+            "shortDescription": "Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.",
+            "requiredAction": "The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",
+            "dueDate": "2025-03-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https:\/\/www.zyxel.com\/service-provider\/global\/en\/security-advisories\/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-40891",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-40890",
+            "vendorProject": "Zyxel",
+            "product": "DSL CPE Devices",
+            "vulnerabilityName": "Zyxel DSL CPE OS Command Injection Vulnerability",
+            "dateAdded": "2025-02-11",
+            "shortDescription": "Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.",
+            "requiredAction": "The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",
+            "dueDate": "2025-03-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https:\/\/www.zyxel.com\/service-provider\/global\/en\/security-advisories\/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-40890",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-21418",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-02-11",
+            "shortDescription": "Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21418 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21418",
+            "cwes": [
+                "CWE-122"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-21391",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Storage Link Following Vulnerability",
+            "dateAdded": "2025-02-11",
+            "shortDescription": "Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21391 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21391",
+            "cwes": [
+                "CWE-59"
+            ]
+        },
         {
             "cveID": "CVE-2025-0994",
             "vendorProject": "Trimble",
