CVE-2020-24363 — TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-23
CVE-2025-57819 — Sangoma FreePBX — Sangoma FreePBX Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-19
CVE-2025-7775 — Citrix NetScaler — Citrix NetScaler Memory Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-28
CVE-2024-8069 — Citrix Session Recording — Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2024-8068 — Citrix Session Recording — Citrix Session Recording Improper Privilege Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-48384 — Git Git — Git Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-43300 — Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-11
CVE-2025-54948 — Trend Micro Apex One — Trend Micro Apex One OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-08
CVE-2025-8875 — N-able N-Central — N-able N-Central Insecure Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2025-8876 — N-able N-Central — N-able N-Central Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2013-3893 — Microsoft Internet Explorer — Microsoft Internet Explorer Resource Management Errors Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2007-0671 — Microsoft Office — Microsoft Office Excel Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2025-8088 — RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2022-40799 — D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25079 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25078 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2025-20281 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2025-20337 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2023-2533 — PaperCut NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2025-49706 — Microsoft SharePoint — Microsoft SharePoint Improper Authentication Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-49704 — Microsoft SharePoint — Microsoft SharePoint Code Injection Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-54309 — CrushFTP CrushFTP — CrushFTP Unprotected Alternate Channel Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-6558 — Google Chromium — Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-2776 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12