U.S. CISA Adds Multiple Vulnerabilities to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its list of known exploited vulnerabilities.
These additions come as part of CISA's ongoing efforts to help protect federal agencies and private organizations from cyber threats. The agency has been tracking the vulnerabilities and providing guidance on how to address them.
Ivanti EPMM Vulnerabilities
In mid-May, Ivanti released security updates to address two newly discovered vulnerabilities in its Endpoint Manager Mobile (EPMM) software: CVE-2025-4427 and CVE-2025-4428. The company confirmed that these flaws have been chained by threat actors in limited attacks to gain remote code execution.
CERT-EU reported both vulnerabilities to Ivanti, which has since addressed them with versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. However, the company is still investigating the attacks and does not have "reliable atomic indicators" at this time.
The vulnerabilities affect two unnamed open-source libraries used in EPMM, but they don't reside in Ivanti's codebase. This adds to the complexity of addressing these flaws, as the agency must now consider third-party dependencies.
MDaemon Email Server Vulnerabilities
No specific details about MDaemon Email Server vulnerabilities were provided by CISA. However, it is clear that this addition comes as part of the agency's broader efforts to address known exploited vulnerabilities in various software products.
Srimax Output Messenger Vulnerabilities
No information was available on Srimax Output Messenger vulnerabilities at the time of this writing. As with MDaemon Email Server, it is likely that CISA has added this product to the list due to its potential for exploitation.
Zimbra Collaboration Vulnerabilities
Similar to MDaemon Email Server and Srimax Output Messenger, no specific details about Zimbra Collaboration vulnerabilities were provided by CISA. However, it is clear that this addition comes as part of the agency's broader efforts to address known exploited vulnerabilities in various software products.
ZKTeco BioTime Vulnerabilities
No information was available on ZKTeco BioTime vulnerabilities at the time of this writing. As with other products, it is likely that CISA has added this product to the list due to its potential for exploitation.
Experts recommend that private organizations review the catalog and address these vulnerabilities in their infrastructure to protect against attacks exploiting the flaws listed in the catalog.
CISA Orders Federal Agencies to Address Vulnerabilities
Federal agencies are required to fix the vulnerabilities by June 9, 2025. This deadline is part of CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
By addressing these vulnerabilities, federal agencies can help reduce the risk of successful cyber attacks and protect their networks against exploitation by threat actors.
Conclusion
The addition of Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to CISA's Known Exploited Vulnerabilities catalog is a reminder of the importance of staying vigilant in the face of evolving cyber threats.