Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

GeoVision | Multiple Devices

CVE-2024-6047

GeoVision Devices OS Command Injection Vulnerability: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-07
Due Date: 2025-05-28

Additional Notes

GeoVision | Multiple Devices

CVE-2024-11120

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-07
Due Date: 2025-05-28

Additional Notes

Apple | Multiple Products

CVE-2025-31200

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-04-17
Due Date: 2025-05-08

Additional Notes

Apple | Multiple Products

CVE-2025-31201

Apple Multiple Products Arbitrary Read and Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-04-17
Due Date: 2025-05-08

Additional Notes

Apple | Multiple Products

CVE-2025-24201

Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-13
Due Date: 2025-04-03

Additional Notes

VMware | ESXi

CVE-2025-22225

VMware ESXi Arbitrary Write Vulnerability: VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

Related CWE: CWE-123

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-04
Due Date: 2025-03-25

Additional Notes

VMware | ESXi, Workstation, and Fusion

CVE-2025-22226

VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-04
Due Date: 2025-03-25

Additional Notes

VMware | ESXi and Workstation

CVE-2025-22224

VMware ESXi and Workstation TOCTOU Race Condition Vulnerability: VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-04
Due Date: 2025-03-25

Additional Notes

Apple | iOS and iPadOS

CVE-2025-24200

Apple iOS and iPadOS Incorrect Authorization Vulnerability: Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-12
Due Date: 2025-03-05

Additional Notes

Apple | Multiple Products

CVE-2025-24085

Apple Multiple Products Use-After-Free Vulnerability: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-01-29
Due Date: 2025-02-19

Additional Notes

Apple | Multiple Products

CVE-2024-44308

Apple Multiple Products Code Execution Vulnerability: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-21
Due Date: 2024-12-12

Additional Notes

Apple | Multiple Products

CVE-2024-44309

Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-21
Due Date: 2024-12-12

Additional Notes

VMware | vCenter Server

CVE-2024-38813

VMware vCenter Server Privilege Escalation Vulnerability: VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Related CWEs: CWE-250| CWE-273

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-20
Due Date: 2024-12-11

Additional Notes

VMware | vCenter Server

CVE-2024-38812

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability: VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-20
Due Date: 2024-12-11

Additional Notes

VMware | ESXi

CVE-2024-37085

VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Related CWE: CWE-305

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-07-30
Due Date: 2024-08-20

Additional Notes

VMware | vCenter Server

CVE-2022-22948

VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Related CWE: CWE-276

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-07-17
Due Date: 2024-08-07

Additional Notes

Apple | Multiple Products

CVE-2024-23296

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-06
Due Date: 2024-03-27

Additional Notes

Apple | Multiple Products

CVE-2024-23225

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-06
Due Date: 2024-03-27

Additional Notes

Apple | Multiple Products

CVE-2022-48618

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-31
Due Date: 2024-02-21

Additional Notes

Apple | Multiple Products

CVE-2024-23222

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-23
Due Date: 2024-02-13

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates