Update KEV: Tue Jun 17 00:13:15 UTC 2025

aboutcode-automation · aboutcode-automation · commit ad84c2f6c523 · 2025-06-17T00:13:15.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,37 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.13",
-    "dateReleased": "2025-06-13T16:08:40.4237Z",
-    "count": 1364,
+    "catalogVersion": "2025.06.16",
+    "dateReleased": "2025-06-16T17:34:23.4151Z",
+    "count": 1366,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2023-33538",
+            "vendorProject": "TP-Link",
+            "product": "Multiple Routers",
+            "vulnerabilityName": "TP-Link Multiple Routers Command Injection Vulnerability",
+            "dateAdded": "2025-06-16",
+            "shortDescription": "TP-Link TL-WR940N V2\/V4, TL-WR841N V8\/V10, and TL-WR740N V1\/V2 contain a command injection vulnerability via the component \/userRpm\/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-07",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/nordic\/support\/faq\/3562\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-33538",
+            "cwes": [
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-43200",
+            "vendorProject": "Apple",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability",
+            "dateAdded": "2025-06-16",
+            "shortDescription": "Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-07",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/122174 ; https:\/\/support.apple.com\/en-us\/122173 ; https:\/\/support.apple.com\/en-us\/122900 ; https:\/\/support.apple.com\/en-us\/122901 ; https:\/\/support.apple.com\/en-us\/122902 ; https:\/\/support.apple.com\/en-us\/122903 ; https:\/\/support.apple.com\/en-us\/122904 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43200",
+            "cwes": []
+        },
         {
             "cveID": "CVE-2025-33053",
             "vendorProject": "Web Distributed Authoring and Versioning",
@@ -29,7 +57,7 @@
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-01",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
+            "notes": "https:\/\/wazuh.com\/blog\/addressing-the-cve-2025-24016-vulnerability\/ ; https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
             "cwes": [
                 "CWE-502"
             ]
