U.S. CISA Adds Google Chromium, DrayTek Routers, and SAP NetWeaver Flaws to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken another crucial step in protecting the nation's networks by adding three new flaws to its Known Exploited Vulnerabilities (KEV) catalog. Google Chromium, DrayTek routers, and SAP NetWeaver are now included on the list of vulnerabilities that federal agencies and private organizations must address to prevent potential attacks.
The addition of these flaws is part of CISA's ongoing efforts to identify and mitigate known vulnerabilities in critical infrastructure. The KEV catalog serves as a resource for federal agencies and private organizations to review and address the identified vulnerabilities in their networks, ensuring a stronger defense against cyber threats.
What You Need to Know
The three new flaws added to the KEV catalog are:
- Google Chromium: A vulnerability was discovered in Google Chromium that allows an attacker to execute arbitrary code on a system.
- DrayTek Routers: A flaw was identified in DrayTek routers that enables an attacker to remotely access and control the device, potentially leading to unauthorized access to sensitive data.
- SAP NetWeaver: A vulnerability was discovered in SAP NetWeaver that allows an attacker to execute malicious code on a system, potentially leading to unauthorized access or disruption of critical systems.
According to CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until June 5, 2025, to address these identified vulnerabilities and protect their networks against attacks exploiting the flaws in the catalog.
Expert Recommendations
Experts are urging private organizations to review the KEV catalog and take proactive measures to address the identified vulnerabilities in their infrastructure. By doing so, they can significantly reduce the risk of a successful cyber attack.
"The addition of these new flaws to the KEV catalog serves as a reminder that cyber threats are constantly evolving, and it's essential for organizations to stay vigilant and proactive in addressing known vulnerabilities," said [Expert Name], [Expert Title]. "I strongly recommend that all organizations review the catalog and take immediate action to patch and update their systems to prevent potential attacks."
Stay Informed
For more information on the KEV catalog and CISA's efforts to protect the nation's networks, follow us on Twitter: @securityaffairs and Facebook and Mastodon.
If you have any questions or concerns about the added flaws or CISA's recommendations, please don't hesitate to reach out. We're here to provide you with the latest updates and guidance on how to stay safe in a rapidly evolving cybersecurity landscape.