Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 20 of 40
Filters:
VMware | ESXi, Workstation, and Fusion

CVE-2025-22226

VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-04
  • Due Date: 2025-03-25
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22226
VMware | ESXi

CVE-2025-22225

VMware ESXi Arbitrary Write Vulnerability: VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

Related CWE: CWE-123

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-04
  • Due Date: 2025-03-25
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225
VMware | ESXi and Workstation

CVE-2025-22224

VMware ESXi and Workstation TOCTOU Race Condition Vulnerability: VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-04
  • Due Date: 2025-03-25
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22224
Palo Alto Networks | PAN-OS

CVE-2025-0111

Palo Alto Networks PAN-OS File Read Vulnerability: Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-20
  • Due Date: 2025-03-13
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111
Palo Alto Networks | PAN-OS

CVE-2025-0108

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108
Palo Alto Networks | PAN-OS

CVE-2024-3393

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-30
  • Due Date: 2025-01-20
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393
VMware | vCenter Server

CVE-2024-38812

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability: VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-20
  • Due Date: 2024-12-11
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38812
VMware | vCenter Server

CVE-2024-38813

VMware vCenter Server Privilege Escalation Vulnerability: VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Related CWEs: CWE-250| CWE-273

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-20
  • Due Date: 2024-12-11
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813
Palo Alto Networks | PAN-OS

CVE-2024-0012

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012
Palo Alto Networks | PAN-OS

CVE-2024-9474

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability: Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
Palo Alto Networks | Expedition

CVE-2024-9463

Palo Alto Networks Expedition OS Command Injection Vulnerability: Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463
Palo Alto Networks | Expedition

CVE-2024-9465

Palo Alto Networks Expedition SQL Injection Vulnerability: Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465
Palo Alto Networks | Expedition

CVE-2024-5910

Palo Alto Networks Expedition Missing Authentication Vulnerability: Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-07
  • Due Date: 2024-11-28
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910
VMware | ESXi

CVE-2024-37085

VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Related CWE: CWE-305

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-30
  • Due Date: 2024-08-20
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505; https://nvd.nist.gov/vuln/detail/CVE-2024-37085
VMware | vCenter Server

CVE-2022-22948

VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Related CWE: CWE-276

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-17
  • Due Date: 2024-08-07
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2022-0009.html; https://nvd.nist.gov/vuln/detail/CVE-2022-22948
Palo Alto Networks | PAN-OS

CVE-2024-3400

Palo Alto Networks PAN-OS Command Injection Vulnerability: Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Related CWEs: CWE-20| CWE-77

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
  • Date Added: 2024-04-12
  • Due Date: 2024-04-19
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400
VMware | vCenter Server

CVE-2023-34048

VMware vCenter Server Out-of-Bounds Write Vulnerability: VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-22
  • Due Date: 2024-02-12
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2023-0023.html; https://nvd.nist.gov/vuln/detail/CVE-2023-34048
VMware | Tools

CVE-2023-20867

VMware Tools Authentication Bypass Vulnerability: VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2023-0013.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20867
VMware | Aria Operations for Networks

CVE-2023-20887

Vmware Aria Operations for Networks Command Injection Vulnerability: VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-22
  • Due Date: 2023-07-13
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2023-0012.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20887
ZK Framework | AuUploader

CVE-2022-36537

ZK Framework AuUploader Unspecified Vulnerability: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.

Related CWE: CWE-441

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-27
  • Due Date: 2023-03-20
Additional Notes
https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now