CVE-2025-48927 — TeleMessage TM SGNL — TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-22
CVE-2025-48928 — TeleMessage TM SGNL — TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-22
CVE-2025-6543 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-21
CVE-2024-54085 — AMI MegaRAC SPx — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
CVE-2024-0769 — D-Link DIR-859 Router — D-Link DIR-859 Router Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
CVE-2019-6693 — Fortinet FortiOS — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
Ransomware: Known
CVE-2023-0386 — Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-08
CVE-2025-43200 — Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-07
CVE-2023-33538 — TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-07
CVE-2025-24016 — Wazuh Wazuh Server — Wazuh Server Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-01
CVE-2025-33053 — Microsoft Windows — Microsoft Windows External Control of File Name or Path Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-01
CVE-2025-32433 — Erlang Erlang/OTP — Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-30
CVE-2024-42009 — Roundcube Webmail — RoundCube Webmail Cross-Site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-30
CVE-2025-5419 — Google Chromium V8 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-26
CVE-2025-27038 — Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-24
CVE-2025-21480 — Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-24
CVE-2025-21479 — Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-24
CVE-2023-39780 — ASUS RT-AX55 Routers — ASUS RT-AX55 Routers OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-23
CVE-2024-56145 — Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-23
CVE-2025-35939 — Craft CMS Craft CMS — Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-23
CVE-2025-3935 — ConnectWise ScreenConnect — ConnectWise ScreenConnect Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-23
CVE-2021-32030 — ASUS Routers — ASUS Routers Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-23
CVE-2025-4632 — Samsung MagicINFO 9 Server — Samsung MagicINFO 9 Server Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-12
CVE-2025-4427 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09