CVE-2025-20362 — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability
Action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-09-26
CVE-2025-10585 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-10-14
CVE-2025-5086 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-10-02
CVE-2025-53690 — Sitecore Multiple Products — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-25
CVE-2025-48543 — Android Runtime — Android Runtime Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-25
CVE-2025-38352 — Linux Kernel — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-25
CVE-2025-9377 — TP-Link Multiple Routers — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-24
CVE-2023-50224 — TP-Link TL-WR841N — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-24
CVE-2025-55177 — Meta Platforms WhatsApp — Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-23
CVE-2020-24363 — TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-23
CVE-2025-57819 — Sangoma FreePBX — Sangoma FreePBX Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-19
CVE-2025-7775 — Citrix NetScaler — Citrix NetScaler Memory Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-28
CVE-2024-8069 — Citrix Session Recording — Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2024-8068 — Citrix Session Recording — Citrix Session Recording Improper Privilege Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-48384 — Git Git — Git Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-43300 — Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-11
CVE-2025-54948 — Trend Micro Apex One — Trend Micro Apex One OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-08
CVE-2025-8875 — N-able N-Central — N-able N-Central Insecure Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2025-8876 — N-able N-Central — N-able N-Central Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2013-3893 — Microsoft Internet Explorer — Microsoft Internet Explorer Resource Management Errors Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2007-0671 — Microsoft Office — Microsoft Office Excel Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2025-8088 — RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2022-40799 — D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25079 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
