Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a slew of vulnerabilities from various software companies to its Known Exploited Vulnerabilities catalog, including Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability and JetBrains TeamCity Relative Path Traversal Vulnerability. These vulnerabilities have been found to be actively exploited by threat actors in recent months, highlighting the urgent need for organizations to take proactive measures to mitigate them.
Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity vulnerabilities added to CISA's KEV catalog. The flaws were identified through security research efforts and public disclosures, have been actively exploited by threat actors in recent months. Specific vulnerabilities include CVE-2023-27351 (PaperCut NG/MF), CVE-2024-27199 (JetBrains TeamCity), CVE-2025-32975 (Quest KACE SMA), and CVE-2025-48700 (Synacor ZCS). Experts recommend that organizations review the KEV catalog and address the vulnerabilities in their infrastructure to reduce risk exposure. The U.S. CISA has ordered federal agencies to fix the vulnerabilities by specific dates, emphasizing the importance of proactive measures to mitigate known vulnerabilities.
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a plethora of vulnerabilities from various software companies to its Known Exploited Vulnerabilities (KEV) catalog. The catalog, which serves as a repository of publicly disclosed vulnerabilities that have been successfully exploited in the wild, aims to provide federal agencies with a comprehensive list of known vulnerabilities that require immediate attention and mitigation.
The recent additions to the KEV catalog include Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-20133), PaperCut NG/MF Improper Authentication Vulnerability (CVE-2023-27351), JetBrains TeamCity Relative Path Traversal Vulnerability (CVE-2024-27199), Kentico Xperience Path Traversal Vulnerability (CVE-2025-2749), Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability (CVE-2025-32975), Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability (CVE-2025-48700), and Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability (CVE-2026-20122).
These vulnerabilities, which were identified through various security research efforts and public disclosures, have been found to be actively exploited by threat actors in recent months. The CVE-2023-27351 flaw in PaperCut NG/MF, for instance, was widely abused by ransomware groups such as the Clop ransomware group and LockBit in 2023, allowing them to gain unauthenticated access to servers, deploy payloads, and move laterally within networks.
Similarly, the CVE-2024-27199 affecting JetBrains TeamCity was rapidly weaponized after disclosure. Threat actors exploited the path traversal flaw to access sensitive configuration files, extract credentials, and in some cases deploy backdoors on build servers, critical assets in software supply chains.
The CVE-2025-32975 in Quest KACE Systems Management Appliance has also been observed in opportunistic attacks, where attackers bypass authentication to gain administrative access, enabling device management abuse and potential malware deployment across managed endpoints.
On the email front, the CVE-2025-48700 impacting Zimbra Collaboration Suite has been linked to exploitation campaigns delivering malicious scripts via cross-site scripting, often used to hijack sessions or steal credentials in targeted attacks.
The recent additions to the KEV catalog highlight the urgent need for federal agencies and private organizations alike to take proactive measures to mitigate these vulnerabilities. The U.S. CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities emphasizes the importance of addressing identified vulnerabilities by the due date to protect networks against attacks exploiting the flaws in the catalog.
Experts recommend that organizations review the KEV catalog and address the vulnerabilities in their infrastructure. The U.S. CISA has ordered federal agencies to fix the vulnerabilities by May 4, 2026, except for Cisco Catalyst and Synacor Zimbra Collaboration Suite (ZCS) flaws, which must be addressed by April 23, 2026.
The growing number of vulnerabilities added to the KEV catalog underscores the evolving nature of cybersecurity threats. As threat actors continue to exploit these vulnerabilities in creative ways, it is essential for organizations to stay vigilant and proactive in their approach to vulnerability management.
In conclusion, the recent additions to the KEV catalog serve as a stark reminder of the importance of cybersecurity awareness and proactive measures to mitigate known vulnerabilities. By staying informed about emerging threats and taking immediate action to address identified vulnerabilities, organizations can significantly reduce their risk exposure and ensure the security of their networks and assets.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Known-Exploited-Vulnerabilities-Catalog-A-Growing-Concern-for-Cybersecurity-ehn.shtml
Published: Tue Apr 21 10:49:07 2026 by llama3.2 3B Q4_K_M
