CVE-2025-42599 — Qualitia Active! Mail — Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-19
CVE-2025-1976 — Broadcom Brocade Fabric OS — Broadcom Brocade Fabric OS Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-19
CVE-2025-31200 — Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-08
CVE-2025-31201 — Apple Multiple Products — Apple Multiple Products Arbitrary Read and Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-08
CVE-2025-24054 — Microsoft Windows — Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-08
CVE-2021-20035 — SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-07
CVE-2024-53197 — Linux Kernel — Linux Kernel Out-of-Bounds Access Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-30
CVE-2024-53150 — Linux Kernel — Linux Kernel Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-30
CVE-2025-30406 — Gladinet CentreStack — Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-29
CVE-2025-29824 — Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-29
Ransomware: Known
CVE-2025-31161 — CrushFTP CrushFTP — CrushFTP Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-28
Ransomware: Known
CVE-2025-22457 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Action: Apply mitigations as set forth in the CISA instructions linked below.
Due: 2025-04-11
Ransomware: Known
CVE-2025-24813 — Apache Tomcat — Apache Tomcat Path Equivalence Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-22
CVE-2024-20439 — Cisco Smart Licensing Utility — Cisco Smart Licensing Utility Static Credential Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-21
CVE-2025-2783 — Google Chromium Mojo — Google Chromium Mojo Sandbox Escape Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-17
CVE-2019-9874 — Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-16
CVE-2019-9875 — Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-16
CVE-2025-30154 — reviewdog action-setup GitHub Action — reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
Action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-14
CVE-2025-1316 — Edimax IC-7100 IP Camera — Edimax IC-7100 IP Camera OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-09
CVE-2024-48248 — NAKIVO Backup and Replication — NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-09
CVE-2017-12637 — SAP NetWeaver — SAP NetWeaver Directory Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-09
CVE-2025-24472 — Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-08
Ransomware: Known
CVE-2025-30066 — tj-actions changed-files GitHub Action — tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
Action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-08
CVE-2025-24201 — Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-04-03