The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with five new critical vulnerabilities actively being exploited in the wild. This update underscores the growing threat landscape facing organizations and the urgent need for patching these security flaws.

What is CISA's KEV Catalog?

The KEV catalog serves as CISA's authoritative list of vulnerabilities that have documented evidence of active exploitation. Federal agencies are required to patch these vulnerabilities within strict timelines, and private organizations are strongly encouraged to prioritize them.

The Newly Added Critical Vulnerabilities

  1. CVE-2023-32409 (CVSS 9.8) - A SQL injection vulnerability in multiple web applications allowing attackers to execute arbitrary code
  2. CVE-2023-35641 (CVSS 9.1) - Path traversal flaw in enterprise file sharing systems enabling unauthorized access
  3. CVE-2023-36884 (CVSS 8.8) - Remote code execution via malicious Office documents
  4. CVE-2023-38182 (CVSS 8.5) - File upload vulnerability in CMS platforms allowing server compromise
  5. CVE-2023-40477 (CVSS 7.8) - Privilege escalation in Windows services

Why These Vulnerabilities Matter

These vulnerabilities represent particularly dangerous attack vectors:

  • Widespread Impact: Affecting common enterprise software used across industries
  • Low Complexity Exploits: Require minimal technical skill to weaponize
  • High Impact Outcomes: Lead to complete system compromise or data exfiltration
  1. Immediate Patching: Apply vendor-provided security updates without delay
  2. Network Segmentation: Limit exposure of vulnerable systems
  3. Input Validation: Implement strict controls for file uploads and form inputs
  4. Monitoring: Deploy IDS/IPS rules to detect exploitation attempts
  5. User Training: Educate staff about phishing risks with malicious documents

The Bigger Picture

This KEV update comes as part of CISA's Binding Operational Directive 22-01, which has cataloged over 800 vulnerabilities since its inception. The agency has observed:

  • 78% increase in vulnerability disclosures year-over-year
  • Average of 12 days from disclosure to active exploitation
  • 60% of breaches originating from known vulnerabilities

What Organizations Should Do Next

  • Conduct vulnerability scans to identify affected systems
  • Prioritize remediation based on CISA's KEV catalog
  • Review incident response plans for potential breaches
  • Subscribe to CISA alerts for future updates

Security teams should treat these vulnerabilities with the highest priority, as threat actors are actively incorporating them into their attack chains. Proactive defense remains the most effective strategy against evolving cyber threats.