|
1 | 1 | { |
2 | 2 | "title": "CISA Catalog of Known Exploited Vulnerabilities", |
3 | | - "catalogVersion": "2025.05.08", |
4 | | - "dateReleased": "2025-05-08T15:49:01.7238Z", |
5 | | - "count": 1335, |
| 3 | + "catalogVersion": "2025.05.12", |
| 4 | + "dateReleased": "2025-05-12T17:37:55.1269Z", |
| 5 | + "count": 1336, |
6 | 6 | "vulnerabilities": [ |
| 7 | + { |
| 8 | + "cveID": "CVE-2025-47729", |
| 9 | + "vendorProject": "TeleMessage", |
| 10 | + "product": "TM SGNL", |
| 11 | + "vulnerabilityName": "TeleMessage TM SGNL Hidden Functionality Vulnerability", |
| 12 | + "dateAdded": "2025-05-12", |
| 13 | + "shortDescription": "TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.", |
| 14 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 15 | + "dueDate": "2025-06-02", |
| 16 | + "knownRansomwareCampaignUse": "Unknown", |
| 17 | + "notes": "Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47729", |
| 18 | + "cwes": [ |
| 19 | + "CWE-912" |
| 20 | + ] |
| 21 | + }, |
7 | 22 | { |
8 | 23 | "cveID": "CVE-2024-11120", |
9 | 24 | "vendorProject": "GeoVision", |
|
322 | 337 | "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ", |
323 | 338 | "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.", |
324 | 339 | "dueDate": "2025-04-11", |
325 | | - "knownRansomwareCampaignUse": "Unknown", |
| 340 | + "knownRansomwareCampaignUse": "Known", |
326 | 341 | "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457", |
327 | 342 | "cwes": [ |
328 | 343 | "CWE-121" |
|
1250 | 1265 | "shortDescription": "SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.", |
1251 | 1266 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
1252 | 1267 | "dueDate": "2025-02-14", |
1253 | | - "knownRansomwareCampaignUse": "Unknown", |
| 1268 | + "knownRansomwareCampaignUse": "Known", |
1254 | 1269 | "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0002 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-23006", |
1255 | 1270 | "cwes": [ |
1256 | 1271 | "CWE-502" |
|
1385 | 1400 | "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.", |
1386 | 1401 | "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.", |
1387 | 1402 | "dueDate": "2025-01-15", |
1388 | | - "knownRansomwareCampaignUse": "Unknown", |
| 1403 | + "knownRansomwareCampaignUse": "Known", |
1389 | 1404 | "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282", |
1390 | 1405 | "cwes": [ |
1391 | 1406 | "CWE-121" |
|
1413 | 1428 | "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.", |
1414 | 1429 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
1415 | 1430 | "dueDate": "2025-01-28", |
1416 | | - "knownRansomwareCampaignUse": "Unknown", |
| 1431 | + "knownRansomwareCampaignUse": "Known", |
1417 | 1432 | "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55550", |
1418 | 1433 | "cwes": [ |
1419 | 1434 | "CWE-22" |
|
1428 | 1443 | "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.", |
1429 | 1444 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
1430 | 1445 | "dueDate": "2025-01-28", |
1431 | | - "knownRansomwareCampaignUse": "Unknown", |
| 1446 | + "knownRansomwareCampaignUse": "Known", |
1432 | 1447 | "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41713 ", |
1433 | 1448 | "cwes": [ |
1434 | 1449 | "CWE-22" |
|
1787 | 1802 | "shortDescription": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.", |
1788 | 1803 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.", |
1789 | 1804 | "dueDate": "2024-12-09", |
1790 | | - "knownRansomwareCampaignUse": "Unknown", |
| 1805 | + "knownRansomwareCampaignUse": "Known", |
1791 | 1806 | "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-0012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0012", |
1792 | 1807 | "cwes": [ |
1793 | 1808 | "CWE-306" |
|
5029 | 5044 | "shortDescription": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert\/maintenance\/diagnostic\/nslookup URI.", |
5030 | 5045 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
5031 | 5046 | "dueDate": "2023-10-09", |
5032 | | - "knownRansomwareCampaignUse": "Unknown", |
| 5047 | + "knownRansomwareCampaignUse": "Known", |
5033 | 5048 | "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https:\/\/www.zyxelguard.com\/Zyxel-EOL.asp; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-6884", |
5034 | 5049 | "cwes": [ |
5035 | 5050 | "CWE-78" |
|
7170 | 7185 | "shortDescription": "Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.", |
7171 | 7186 | "requiredAction": "Apply updates per vendor instructions.", |
7172 | 7187 | "dueDate": "2022-12-09", |
7173 | | - "knownRansomwareCampaignUse": "Unknown", |
| 7188 | + "knownRansomwareCampaignUse": "Known", |
7174 | 7189 | "notes": "https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2022-41091; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41091", |
7175 | 7190 | "cwes": [ |
7176 | 7191 | "CWE-863" |
|
7875 | 7890 | "shortDescription": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.", |
7876 | 7891 | "requiredAction": "Apply updates per vendor instructions.", |
7877 | 7892 | "dueDate": "2022-09-15", |
7878 | | - "knownRansomwareCampaignUse": "Unknown", |
| 7893 | + "knownRansomwareCampaignUse": "Known", |
7879 | 7894 | "notes": "https:\/\/groups.google.com\/g\/discuss-webrtc\/c\/5KBtZx2gvcQ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2294", |
7880 | 7895 | "cwes": [ |
7881 | 7896 | "CWE-122" |
|
8326 | 8341 | "shortDescription": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.", |
8327 | 8342 | "requiredAction": "Apply updates per vendor instructions.", |
8328 | 8343 | "dueDate": "2022-07-05", |
8329 | | - "knownRansomwareCampaignUse": "Unknown", |
| 8344 | + "knownRansomwareCampaignUse": "Known", |
8330 | 8345 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30190", |
8331 | 8346 | "cwes": [ |
8332 | 8347 | "CWE-610" |
|
11412 | 11427 | "shortDescription": "Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.", |
11413 | 11428 | "requiredAction": "Apply updates per vendor instructions.", |
11414 | 11429 | "dueDate": "2022-04-15", |
11415 | | - "knownRansomwareCampaignUse": "Unknown", |
| 11430 | + "knownRansomwareCampaignUse": "Known", |
11416 | 11431 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21999", |
11417 | 11432 | "cwes": [ |
11418 | 11433 | "CWE-40", |
|
13604 | 13619 | "shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.", |
13605 | 13620 | "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", |
13606 | 13621 | "dueDate": "2022-03-24", |
13607 | | - "knownRansomwareCampaignUse": "Unknown", |
| 13622 | + "knownRansomwareCampaignUse": "Known", |
13608 | 13623 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7645", |
13609 | 13624 | "cwes": [] |
13610 | 13625 | }, |
|
14098 | 14113 | "shortDescription": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.", |
14099 | 14114 | "requiredAction": "Apply updates per vendor instructions.", |
14100 | 14115 | "dueDate": "2022-03-24", |
14101 | | - "knownRansomwareCampaignUse": "Unknown", |
| 14116 | + "knownRansomwareCampaignUse": "Known", |
14102 | 14117 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2008-2992", |
14103 | 14118 | "cwes": [ |
14104 | 14119 | "CWE-119" |
|
15215 | 15230 | "shortDescription": "Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.", |
15216 | 15231 | "requiredAction": "Apply updates per vendor instructions.", |
15217 | 15232 | "dueDate": "2021-12-29", |
15218 | | - "knownRansomwareCampaignUse": "Unknown", |
| 15233 | + "knownRansomwareCampaignUse": "Known", |
15219 | 15234 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43890", |
15220 | 15235 | "cwes": [] |
15221 | 15236 | }, |
|
16340 | 16355 | "shortDescription": "Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.", |
16341 | 16356 | "requiredAction": "Apply updates per vendor instructions.", |
16342 | 16357 | "dueDate": "2022-05-03", |
16343 | | - "knownRansomwareCampaignUse": "Unknown", |
| 16358 | + "knownRansomwareCampaignUse": "Known", |
16344 | 16359 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11580", |
16345 | 16360 | "cwes": [] |
16346 | 16361 | }, |
|
16756 | 16771 | "shortDescription": "GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.", |
16757 | 16772 | "requiredAction": "Apply updates per vendor instructions.", |
16758 | 16773 | "dueDate": "2021-11-17", |
16759 | | - "knownRansomwareCampaignUse": "Unknown", |
| 16774 | + "knownRansomwareCampaignUse": "Known", |
16760 | 16775 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205", |
16761 | 16776 | "cwes": [ |
16762 | 16777 | "CWE-20", |
|
17421 | 17436 | "shortDescription": "Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.", |
17422 | 17437 | "requiredAction": "Apply updates per vendor instructions.", |
17423 | 17438 | "dueDate": "2022-05-03", |
17424 | | - "knownRansomwareCampaignUse": "Unknown", |
| 17439 | + "knownRansomwareCampaignUse": "Known", |
17425 | 17440 | "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1812", |
17426 | 17441 | "cwes": [ |
17427 | 17442 | "CWE-255" |
|
0 commit comments