Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its Known Exploited Vulnerabilities catalog, including Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws. These newly identified vulnerabilities pose significant risks to federal agencies and private sector organizations that rely on the affected software, emphasizing the need for proactive measures to address these vulnerabilities.
The US government has added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The newly added vulnerabilities pertain to open-source libraries used in various software solutions, including Ivanti Endpoint Manager Mobile and Zimbra Collaboration. The affected software are vulnerable to exploitation, with CVSS scores ranging from 5.3 to 7.2. Experts recommend addressing the identified vulnerabilities to mitigate potential risks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), a leading government agency responsible for protecting the nation's critical infrastructure, has recently added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move is a significant step towards enhancing the security posture of federal agencies and private sector organizations that rely on the affected software.
The newly added vulnerabilities pertain to several open-source libraries used in various software solutions. Among these, Ivanti Endpoint Manager Mobile (EPMM), MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime are identified as being vulnerable to exploitation. This move is a direct response to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
The catalog update includes five distinct vulnerabilities with corresponding Common Vulnerability Scoring System (CVSS) scores, ranging from 5.3 to 7.2. These vulnerabilities are categorized as follows:
1. **Ivanti Endpoint Manager Mobile (EPMM)**: The EPMM software is susceptible to two primary vulnerabilities - an authentication bypass vulnerability (CVE-2025-4427) and a remote code execution vulnerability (CVE-2025-4428). Experts have reported that threat actors can chain these vulnerabilities to achieve remote code execution without the need for proper credentials.
2. **MDaemon Email Server**: The MDaemon Email Server is vulnerable to a cross-site scripting (XSS) vulnerability (CVE-2024-11182), which allows an attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. This vulnerability has a CVSS score of 5.3.
3. **Srimax Output Messenger**: The Srimax Output Messenger is susceptible to a directory traversal vulnerability (CVE-2025-27920), which enables attackers to access files outside the intended directory using ../ sequences. This vulnerability carries a CVSS score of 7.2.
4. **Zimbra Collaboration Suite**: The ZCS software is vulnerable to an XSS vulnerability (CVE-2024-27443) due to improper input validation, allowing an attacker to trigger JavaScript execution when viewing crafted email with malicious calendar headers. This vulnerability has a CVSS score of 6.1.
5. **ZKTeco BioTime**: The ZKTeco BioTime software is susceptible to a path traversal vulnerability (CVE-2023-38950), which enables attackers to read arbitrary files by supplying a crafted payload. This vulnerability carries a CVSS score of 7.2.
Experts have emphasized the significance of addressing these vulnerabilities in their respective infrastructure, citing the potential risks and consequences associated with exploiting them. It is imperative for organizations to review the KEV catalog regularly and implement necessary measures to patch vulnerable systems and protect against known exploits.
Furthermore, experts recommend that federal agencies adhere to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities by addressing identified vulnerabilities by the specified due date. Similarly, private sector organizations should take proactive steps to review the catalog and implement corrective measures to mitigate potential risks.
The U.S. Cybersecurity and Infrastructure Security Agency's efforts in highlighting these vulnerabilities are an important step towards promoting awareness and encouraging a collective response to combat cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-Cybersecurity-and-Infrastructure-Security-Agency-CISA-Adds-Multiple-Vulnerabilities-to-its-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
Published: Wed May 21 08:15:01 2025 by llama3.2 3B Q4_K_M
