Update KEV: Fri May 9 00:12:44 UTC 2025

aboutcode-automation · aboutcode-automation · commit 5b38bab8cc07 · 2025-05-09T00:12:44.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,7 +1,7 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.05.07",
-    "dateReleased": "2025-05-07T17:00:03.4992Z",
+    "catalogVersion": "2025.05.08",
+    "dateReleased": "2025-05-08T15:49:01.7238Z",
     "count": 1335,
     "vulnerabilities": [
         {
@@ -10,7 +10,7 @@
             "product": "Multiple Devices",
             "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
             "dateAdded": "2025-05-07",
-            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.",
+            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-05-28",
             "knownRansomwareCampaignUse": "Unknown",
@@ -25,7 +25,7 @@
             "product": "Multiple Devices",
             "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
             "dateAdded": "2025-05-07",
-            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.",
+            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-05-28",
             "knownRansomwareCampaignUse": "Unknown",
@@ -44,7 +44,7 @@
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-05-27",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see https:\/\/source.android.com\/docs\/security\/bulletin\/2025-05-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27363",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/source.android.com\/docs\/security\/bulletin\/2025-05-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27363",
             "cwes": [
                 "CWE-787"
             ]
