The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical vulnerabilities that are actively being exploited by cybercriminals. These vulnerabilities pose significant risks to organizations, particularly those relying on Windows and other enterprise platforms.

Overview of the Vulnerabilities

The newly added vulnerabilities are:

  1. CVE-2025-1316: Edimax IC-7100 IP Camera OS Command Injection Vulnerability
  2. CVE-2024-48248: NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
  3. CVE-2017-12637: SAP NetWeaver Directory Traversal Vulnerability
Implications and Impact

These vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. (cisa.gov)

Recommendations for Organizations

While BOD 22-01 specifically applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. (cisa.gov)

Conclusion

The addition of these vulnerabilities to CISA's KEV Catalog underscores the ongoing and evolving nature of cyber threats. Organizations are encouraged to stay informed about such updates and take proactive measures to secure their systems against potential exploits.

References Meta Description

CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize timely remediation to enhance cybersecurity.

Tags

backup security, cisa, cyber defense, cybersecurity, data protection, enterprise security, exploited flaws, incident response, infrastructure security, network security, patch management, risk management, security best practices, storage security, supply chain security, threat intelligence, vulnerabilities, vulnerability patch, windows security