CISA Adds New CVEs to Known Exploited Vulnerabilities Catalog

CISA KEV catalog cybersecurity vulnerabilities Adminer CVE Cisco IOS CVE Fortra GoAnywhere MFT Libraesva ESG Sudo vulnerabilities
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025 3 min read

U.S. CISA Adds Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included several critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. These include flaws in Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo.

CISA

Adminer Vulnerability

  • CVE-2021-21311: This vulnerability allows server-side request forgery, enabling remote attackers to access potentially sensitive information.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Cisco IOS Vulnerability

  • CVE-2025-20352: A stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem.
  • This flaw can lead to remote code execution or denial of service.
  • Action: Apply mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.

Fortra GoAnywhere MFT Vulnerability

  • CVE-2025-10035: This vulnerability involves deserialization of untrusted data, allowing execution of arbitrary commands on affected systems.
  • Action: Users should upgrade to a patched version (latest release 7.8.4).
  • Additional details can be found in the Fortra Advisory.

Libraesva ESG Vulnerability

  • CVE-2025-59689: A command injection vulnerability exploited by nation-state actors through specially crafted compressed attachments.
  • This flaw allows attackers to execute arbitrary commands as a non-privileged user.
  • Action: Users should upgrade to the latest version of Libraesva ESG.
  • More information can be found in the Libraesva advisory.

Sudo Vulnerabilities

  • CVE-2025-32463: This vulnerability allows local users to escalate privileges to root on affected systems.
  • Action: Users should apply mitigations as per vendor recommendations and follow applicable BOD 22-01 guidance.
  • Additional details are available in the Sudo security advisory.

Libraesva ESG Zero-Day Exploit

The Libraesva Email Security Gateway (ESG) has been targeted by suspected state-sponsored attackers exploiting a zero-day vulnerability.

CVE-2025-59689 Details

  • This command injection vulnerability results from improper sanitization of code in compressed archive files.
  • Attackers can execute arbitrary shell commands using specially crafted emails.
  • The vulnerability affects versions from 4.5 to 5.5.
  • Fixes have been rolled out for the 5.x branches via automatic updates.
  • For 4.x users, a manual upgrade to a fixed 5.x version is required as 4.x is no longer supported.

Response to Exploit

Libraesva has confirmed that their security team is analyzing details of the attack and has rolled out an emergency security update. They emphasize the importance of rapid patch deployment due to the precision of the threat actor believed to be a foreign state.

Threat Actors Chaining Vulnerabilities in Ivanti CSA

CISA and the FBI have issued a joint advisory regarding multiple vulnerabilities in Ivanti Cloud Service Applications (CSA) that were exploited in September 2024.

Vulnerabilities Overview

The vulnerabilities include:

  • CVE-2024-8963: An administrative bypass allowing remote access to restricted features.
  • CVE-2024-9379: SQL injection vulnerability.
  • CVE-2024-8190 and CVE-2024-9380: Remote code execution vulnerabilities.

Exploitation Details

Threat actors exploited these vulnerabilities in chains to gain initial access and conduct remote code execution, leading to credential theft and webshell implantation. The vulnerabilities affect Ivanti CSA version 4.6x and below.

Recommended Actions

  • Upgrade to the latest supported version of Ivanti CSA.
  • Monitor networks for malicious activity related to these vulnerabilities.

For comprehensive details, refer to the advisory on Ivanti CSA vulnerabilities.

Additional Vulnerabilities in Ivanti Cloud Services Application

Multiple vulnerabilities have been reported in Ivanti CSA that could lead to remote code execution, including:

  • CVE-2024-11639: An authentication bypass vulnerability.
  • CVE-2024-11772: Command injection vulnerability.
  • CVE-2024-11773: SQL injection vulnerability.

Risk Assessment

These vulnerabilities pose a high risk for large and medium entities and a medium risk for small businesses and home users.

Recommendations

  • Apply updates provided by Ivanti immediately.
  • Establish a vulnerability management process to address these risks.

For further information, please consult the Ivanti Security Advisory.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Tribal-ISAC

Tribal-ISAC Cybersecurity Report Highlights for Tribal Nations

Discover the vital findings from the Tribal-ISAC's inaugural cybersecurity report, empowering Tribal Nations to enhance their cyber resilience. Read more!

By Edward Zhou October 2, 2025 3 min read
Read full article
Stefanini Group

Stefanini Group Strengthens Cybersecurity with Key Acquisitions

Discover how Stefanini Group's merger with Cyber Smart Defence strengthens its cybersecurity division and enhances service offerings. Learn more!

By Edward Zhou October 2, 2025 3 min read
Read full article
cybersecurity

Cybersecurity Alert: 94% of Leaked Passwords Are Not Unique

Discover essential password habits and best practices to enhance your cybersecurity. Learn how to protect your accounts today!

By Edward Zhou October 2, 2025 3 min read
Read full article
cybersecurity

Cybersecurity Alert: 94% of Passwords Are Not Unique - Learn Why

Learn effective password habits to enhance your cybersecurity. Discover password management techniques to protect against online threats. Act now!

By Edward Zhou October 2, 2025 3 min read
Read full article