U.S. CISA Adds Critical Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken another significant step in protecting the nation's digital infrastructure by adding three critical flaws to its Known Exploited Vulnerabilities (KEV) catalog. The additions include Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server vulnerabilities, which pose a significant risk to federal agencies and private organizations alike.

According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have been ordered to address these identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The BOD emphasizes the importance of timely patching and mitigation to prevent potential breaches and minimize the risk of successful exploitation.

Experts strongly recommend that private organizations review the KEV catalog and take immediate action to address these vulnerabilities in their infrastructure. By doing so, they can significantly reduce the attack surface and protect themselves against potential cyber threats.

Fedrual Agencies Under Order to Fix Vulnerabilities

CISA has issued specific deadlines for federal agencies to fix the identified vulnerabilities. As of May 19, 2025, federal agencies are required to address the CVE-2025-1976 and CVE-2025-42599 vulnerabilities. In contrast, the CVE-2025-3928 vulnerability is due to be fixed by May 17, 2025.

By adhering to these deadlines, federal agencies can ensure that their networks are adequately protected against exploitation of these known vulnerabilities. This proactive approach will help prevent potential breaches and minimize the risk of successful attacks on critical infrastructure.

Importance of KEV Catalog

The KEV catalog serves as a vital resource for organizations looking to protect themselves against known exploited vulnerabilities. By regularly reviewing and addressing these identified flaws, businesses and federal agencies can significantly reduce their attack surface and improve overall cybersecurity posture.

As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and proactive in addressing known vulnerabilities. By leveraging resources like the KEV catalog, they can stay ahead of potential threats and protect themselves against costly cyber breaches.