|
1 | 1 | { |
2 | 2 | "title": "CISA Catalog of Known Exploited Vulnerabilities", |
3 | | - "catalogVersion": "2025.06.05", |
4 | | - "dateReleased": "2025-06-05T18:02:07.1325Z", |
5 | | - "count": 1360, |
| 3 | + "catalogVersion": "2025.06.09", |
| 4 | + "dateReleased": "2025-06-09T17:02:20.8538Z", |
| 5 | + "count": 1362, |
6 | 6 | "vulnerabilities": [ |
| 7 | + { |
| 8 | + "cveID": "CVE-2024-42009", |
| 9 | + "vendorProject": "Roundcube", |
| 10 | + "product": "Webmail", |
| 11 | + "vulnerabilityName": "RoundCube Webmail Cross-Site Scripting Vulnerability", |
| 12 | + "dateAdded": "2025-06-09", |
| 13 | + "shortDescription": "RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program\/actions\/mail\/show.php.", |
| 14 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 15 | + "dueDate": "2025-06-30", |
| 16 | + "knownRansomwareCampaignUse": "Unknown", |
| 17 | + "notes": "https:\/\/roundcube.net\/news\/2024\/08\/04\/security-updates-1.6.8-and-1.5.8 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-42009", |
| 18 | + "cwes": [ |
| 19 | + "CWE-79" |
| 20 | + ] |
| 21 | + }, |
| 22 | + { |
| 23 | + "cveID": "CVE-2025-32433", |
| 24 | + "vendorProject": "Erlang", |
| 25 | + "product": "Erlang\/OTP", |
| 26 | + "vulnerabilityName": "Erlang Erlang\/OTP SSH Server Missing Authentication for Critical Function Vulnerability", |
| 27 | + "dateAdded": "2025-06-09", |
| 28 | + "shortDescription": "Erlang Erlang\/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang\/OTP SSH server, including\u2014but not limited to\u2014Cisco, NetApp, and SUSE.", |
| 29 | + "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", |
| 30 | + "dueDate": "2025-06-30", |
| 31 | + "knownRansomwareCampaignUse": "Unknown", |
| 32 | + "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/erlang\/otp\/security\/advisories\/GHSA-37cp-fgq5-7wc2 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-erlang-otp-ssh-xyZZy ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32433", |
| 33 | + "cwes": [ |
| 34 | + "CWE-306" |
| 35 | + ] |
| 36 | + }, |
7 | 37 | { |
8 | 38 | "cveID": "CVE-2025-5419", |
9 | 39 | "vendorProject": "Google", |
|
4253 | 4283 | "shortDescription": "Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.", |
4254 | 4284 | "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
4255 | 4285 | "dueDate": "2024-02-16", |
4256 | | - "knownRansomwareCampaignUse": "Unknown", |
| 4286 | + "knownRansomwareCampaignUse": "Known", |
4257 | 4287 | "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-015 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21762", |
4258 | 4288 | "cwes": [ |
4259 | 4289 | "CWE-787" |
|
0 commit comments