CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.

The US cybersecurity agency CISA on Monday expanded its Known Exploited Vulnerabilities (KEV) catalog with eight more flaws, including three that have not previously been flagged as exploited.

The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple actively exploited vulnerabilities affecting major enterprise platforms – including Cisco, Kentico, and Zimbra – to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate remediation to prevent further attacks.

At the center of the update is CVE-2026-20133, a high-severity information disclosure vulnerability in Cisco Catalyst SD-WAN Manager. The flaw, patched earlier this year, stems from insufficient file system access restrictions, which could allow attackers to access system APIs and retrieve sensitive information from the underlying operating system. The vulnerability was disclosed alongside CVE-2026-20122 and CVE-2026-20128 – two additional Cisco SD-WAN flaws that were flagged as actively exploited in March. All three have now been formally added to CISA’s KEV list.

CISA also highlighted ongoing exploitation of vulnerabilities in Kentico Xperience and Zimbra Collaboration Suite (ZCS), both of which present significant remote code execution (RCE) risks. The Kentico flaw, tracked as CVE-2025-2749, is a path traversal and arbitrary file upload vulnerability that could enable attackers to execute malicious content on affected servers. The issue impacts Kentico Xperience versions 13.0.178 and earlier, where the Staging Sync Server improperly handles file uploads, allowing files to be written to path-relative locations. Although exploitation requires authentication, the vulnerability remains a serious concern for enterprise deployments.

The Zimbra vulnerability, identified as CVE-2025-48700, is a cross-site scripting (XSS) flaw in the Zimbra Classic UI. It arises from insufficient sanitization of HTML content and can be triggered when a user opens a specially crafted email message. Successful exploitation allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to account compromise and data exposure.

In addition to these, CISA has included three other vulnerabilities in its KEV catalog: CVE-2025-32975, a critical issue affecting Quest KACE systems that was recently flagged as potentially exploited; CVE-2024-27199, a JetBrains TeamCity vulnerability that has reportedly been exploited for over two years; and CVE-2023-27351, a PaperCut flaw that has been actively exploited since April 2023.

CISA has issued clear remediation deadlines for federal agencies, mandating that patches for the Cisco and Zimbra vulnerabilities be applied by April 23, while fixes for the remaining vulnerabilities must be implemented by May 4.

The inclusion of these flaws in the KEV catalog underscores the growing urgency for organizations to prioritize vulnerability management and patching strategies. As threat actors continue to exploit known weaknesses across widely used enterprise platforms, timely remediation remains critical to reducing exposure and maintaining cybersecurity resilience.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com  



🔒 Login or Register to continue reading