Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Wazuh | Wazuh Server

CVE-2025-24016

Wazuh Server Deserialization of Untrusted Data Vulnerability: Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-10
Due Date: 2025-07-01

Additional Notes

Web Distributed Authoring and Versioning | Web Distributed Authoring and Versioning (WebDAV)

CVE-2025-33053

Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability: Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-10
Due Date: 2025-07-01

Additional Notes

Erlang | Erlang/OTP

CVE-2025-32433

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability: Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-09
Due Date: 2025-06-30

Additional Notes

Roundcube | Webmail

CVE-2024-42009

RoundCube Webmail Cross-Site Scripting Vulnerability: RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-09
Due Date: 2025-06-30

Additional Notes

Google | Chromium V8

CVE-2025-5419

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability: Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-125| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-05
Due Date: 2025-06-26

Additional Notes

Qualcomm | Multiple Chipsets

CVE-2025-27038

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-03
Due Date: 2025-06-24

Additional Notes

Qualcomm | Multiple Chipsets

CVE-2025-21480

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability: Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-03
Due Date: 2025-06-24

Additional Notes

Qualcomm | Multiple Chipsets

CVE-2025-21479

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-03
Due Date: 2025-06-24

Additional Notes

ASUS | RT-AX55 Routers

CVE-2023-39780

ASUS RT-AX55 Routers OS Command Injection Vulnerability: ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-02
Due Date: 2025-06-23

Additional Notes

Craft CMS | Craft CMS

CVE-2024-56145

Craft CMS Code Injection Vulnerability: Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-02
Due Date: 2025-06-23

Additional Notes

Craft CMS | Craft CMS

CVE-2025-35939

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability: Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.

Related CWE: CWE-472

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-02
Due Date: 2025-06-23

Additional Notes

ConnectWise | ScreenConnect

CVE-2025-3935

ConnectWise ScreenConnect Improper Authentication Vulnerability: ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-02
Due Date: 2025-06-23

Additional Notes

ASUS | Routers

CVE-2021-32030

ASUS Routers Improper Authentication Vulnerability: ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-06-02
Due Date: 2025-06-23

Additional Notes

Samsung | MagicINFO 9 Server

CVE-2025-4632

Samsung MagicINFO 9 Server Path Traversal Vulnerability: Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-22
Due Date: 2025-06-12

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2025-4427

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

Related CWE: CWE-288

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

MDaemon | Email Server

CVE-2024-11182

MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability: MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

Srimax | Output Messenger

CVE-2025-27920

Srimax Output Messenger Directory Traversal Vulnerability: Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2024-27443

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

ZKTeco | BioTime

CVE-2023-38950

ZKTeco BioTime Path Traversal Vulnerability: ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-19
Due Date: 2025-06-09

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates