Ethical Hacking News
U.S. CISA has added vulnerabilities from top technology companies such as Oracle, Microsoft Windows, Kentico, and Apple to its Known Exploited Vulnerabilities catalog, highlighting the growing concern over cybersecurity. This update emphasizes the importance of vigilance and proactive measures in addressing these vulnerabilities before they can be exploited. Experts recommend that private organizations review the catalog and address the vulnerabilities in their infrastructure to prevent potential exploitation.
The U.S. CISA has added several vulnerabilities from top technology companies to its Known Exploited Vulnerabilities catalog. The latest additions include vulnerabilities in Apple, Kentico Xperience CMS, Microsoft Windows, and Oracle. Four new vulnerabilities were added on October 21, 2025, including two critical authentication bypass issues in Kentico and a high-severity improper access control bug in Microsoft Windows. The additions demonstrate the growing concern over cybersecurity and the increasing number of exploits being carried out against prominent companies. Organizations are advised to address these vulnerabilities before they can be exploited, as suggested by CISA's Binding Operational Directive.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities from top technology companies such as Oracle, Microsoft Windows, Kentico, and Apple to its Known Exploited Vulnerabilities catalog. This move emphasizes the growing concern over cybersecurity as it highlights the increasing number of exploits being carried out against these prominent companies.
According to the latest update on October 21, 2025, the U.S. CISA has added four vulnerabilities to the list: CVE-2022-48503, a three-year-old Apple vulnerability in its JavaScriptCore component; CVE-2025-2746 and CVE-2025-2747, two critical authentication bypass issues in Kentico Xperience CMS; and CVE-2025-33073, a high-severity improper access control bug in the Microsoft Windows SMB Client.
The latest addition of vulnerabilities to the catalog demonstrates how frequently technology companies are being targeted by cyberattackers. It is imperative for organizations to remain vigilant and proactive in addressing these vulnerabilities before they can be exploited. According to CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies are required to fix these identified vulnerabilities by November 10, 2025.
Oracle recently released an emergency patch for CVE-2025-61884, a server-side request forgery vulnerability in Oracle E-Business Suite that affects some deployments. This vulnerability has been rated with a CVSS Base Score of 7.5 and can be exploited remotely by unauthenticated attackers to steal sensitive data.
Kentico Xperience CMS is another company whose vulnerabilities have been added to the catalog. The two critical authentication bypass issues, CVE-2025-2746 and CVE-2025-2747, allow attackers to gain control over administrative objects through weaknesses in the Staging Sync Server's password handling.
Microsoft Windows has also been included in the list of affected companies. A high-severity improper access control bug, CVE-2025-33073, was patched by Microsoft in June 2025. The vulnerability enables privilege escalation and could potentially be exploited by attackers to gain unauthorized access to systems.
These recent additions to the Known Exploited Vulnerabilities catalog underscore the importance of vigilance and proactive measures in addressing cybersecurity concerns. Experts recommend that private organizations review the catalog and address the vulnerabilities in their infrastructure to prevent potential exploitation.
In addition to these companies, other affected entities include European Telecom, which was breached by the China-linked Salt Typhoon group via a Citrix exploit; Spanish fashion retailer MANGO, whose data breach impacted 17.6 million accounts; and a critical WatchGuard Firewall flaw that could allow unauthenticated code execution.
Overall, the recent additions to the Known Exploited Vulnerabilities catalog highlight the growing concerns over cybersecurity. It is imperative for organizations to take proactive measures in addressing these vulnerabilities before they can be exploited. By staying vigilant and proactive, companies can reduce their risk of being targeted by cyberattackers.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Oracle-Windows-Kentico-and-Apple-Flaws-to-Known-Exploited-Vulnerabilities-Catalog-Highlighting-Growing-Concerns-Over-Cybersecurity-ehn.shtml
https://securityaffairs.com/183659/uncategorized/u-s-cisa-adds-oracle-windows-kentico-apple-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2025/10/20/cisa-adds-five-known-exploited-vulnerabilities-catalog
https://thehackernews.com/2025/10/five-new-exploited-bugs-land-in-cisas.html
https://nvd.nist.gov/vuln/detail/CVE-2022-48503
https://www.cvedetails.com/cve/CVE-2022-48503/
https://nvd.nist.gov/vuln/detail/CVE-2025-2746
https://www.cvedetails.com/cve/CVE-2025-2746/
https://nvd.nist.gov/vuln/detail/CVE-2025-2747
https://www.cvedetails.com/cve/CVE-2025-2747/
https://nvd.nist.gov/vuln/detail/CVE-2025-33073
https://www.cvedetails.com/cve/CVE-2025-33073/
https://nvd.nist.gov/vuln/detail/CVE-2025-61884
https://www.cvedetails.com/cve/CVE-2025-61884/
Published: Tue Oct 21 10:30:08 2025 by llama3.2 3B Q4_K_M
