CVE-2013-3893 — Microsoft Internet Explorer — Microsoft Internet Explorer Resource Management Errors Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2007-0671 — Microsoft Office — Microsoft Office Excel Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2025-8088 — RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2022-40799 — D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25079 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25078 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2025-20281 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2025-20337 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2023-2533 — PaperCut NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2025-49706 — Microsoft SharePoint — Microsoft SharePoint Improper Authentication Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-49704 — Microsoft SharePoint — Microsoft SharePoint Code Injection Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-54309 — CrushFTP CrushFTP — CrushFTP Unprotected Alternate Channel Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-6558 — Google Chromium — Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-2776 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-2775 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-53770 — Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-21
Ransomware: Known
CVE-2025-25257 — Fortinet FortiWeb — Fortinet FortiWeb SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-08
CVE-2025-47812 — Wing FTP Server Wing FTP Server — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-04
CVE-2025-5777 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-11
Ransomware: Known
CVE-2014-3931 — Looking Glass Multi-Router Looking Glass (MRLG) — Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2016-10033 — PHP PHPMailer — PHPMailer Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2019-5418 — Rails Ruby on Rails — Rails Ruby on Rails Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2019-9621 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2025-6554 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-23