Update KEV: Wed Jun 11 00:13:11 UTC 2025

aboutcode-automation · aboutcode-automation · commit 88323f00539c · 2025-06-11T00:13:11.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,39 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.09",
-    "dateReleased": "2025-06-09T17:02:20.8538Z",
-    "count": 1362,
+    "catalogVersion": "2025.06.10",
+    "dateReleased": "2025-06-10T17:05:43.0382Z",
+    "count": 1364,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-33053",
+            "vendorProject": "Web Distributed Authoring and Versioning",
+            "product": "Web Distributed Authoring and Versioning (WebDAV)",
+            "vulnerabilityName": "Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability",
+            "dateAdded": "2025-06-10",
+            "shortDescription": "Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-01",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-33053 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33053",
+            "cwes": [
+                "CWE-73"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24016",
+            "vendorProject": "Wazuh",
+            "product": "Wazuh Server",
+            "vulnerabilityName": "Wazuh Server Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-06-10",
+            "shortDescription": "Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-01",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
         {
             "cveID": "CVE-2024-42009",
             "vendorProject": "Roundcube",
