Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, in a move aimed at encouraging patch management among government agencies and organizations. The list of vulnerabilities includes improper authentication vulnerabilities, path traversal vulnerabilities, cross-site scripting vulnerabilities, storing passwords in a recoverable format vulnerability, and exposure of sensitive information to an unauthorized actor vulnerability.
CISA has issued an alert about eight newly added vulnerabilities in the KEV catalog that have been actively exploited. The most severe vulnerability, CVE-2025-32975, allows attackers to impersonate legitimate users without valid credentials. Another critical vulnerability, CVE-2026-20133, can allow remote attackers to view sensitive information on affected systems. Patch management is recommended for organizations to address these vulnerabilities and prevent further exploitation.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding eight newly added vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, which have already been observed being actively exploited. The list of vulnerabilities includes flaws from various vendors such as Cisco, JetBrains, Kentico Xperience, Quest KACE Systems Management Appliance, Synacor Zimbra Collaboration Suite, and PaperCut NG/MF.
According to CISA, the most severe vulnerability in the list is CVE-2025-32975, which allows an attacker to impersonate legitimate users without valid credentials. This flaw was attributed to unknown threat actors who have been weaponizing it to target unpatched Quest KACE Systems Management Appliance systems as late last month.
Another critical vulnerability highlighted by CISA is CVE-2026-20133, which can allow remote attackers to view sensitive information on affected systems. However, Cisco has stated that it became aware of the exploitation of this vulnerability in March 2026 but has yet to revise its advisory to reflect the in-the-wild abuse of CVE-2026-20122 and CVE-2026-20128.
The list also includes CVE-2023-27351, an improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class. Lace Tempest was blamed for exploiting this vulnerability in April 2023 in connection with attacks delivering Cl0p and LockBit ransomware families.
Cisco has also been targeted by CISA regarding its vulnerabilities, specifically CVE-2026-20133, which can allow an attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user. The company has yet to revise its advisory to reflect the in-the-wild abuse of this vulnerability.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies have been recommended to address the three Cisco vulnerabilities by April 23, 2026, and the rest by May 4, 2026. This recommendation is part of a larger effort to encourage patch management among government agencies and organizations.
It's worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. However, it remains unclear if both vulnerabilities are being exploited together by the same threat actor.
In light of these newly disclosed vulnerabilities and their associated exploits, organizations are advised to prioritize patch management and stay vigilant for any further threats.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Eight-Newly-Exploited-Vulnerabilities-in-KEV-Catalog-ehn.shtml
https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html
Published: Tue Apr 21 03:02:18 2026 by llama3.2 3B Q4_K_M
