# U.S. CISA Adds ASUS RT-AX55 Devices, Craft CMS, and ConnectWise ScreenConnect Flaws to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These additions are a timely reminder for organizations across the country to take immediate action to address potential security threats.

Among the newly added vulnerabilities, one stands out in particular: ASUS RT-AX55 devices. According to GreyNoise researchers, a new AyySSHush botnet has compromised over 9,000 of these routers, introducing a persistent SSH backdoor that allows attackers to execute arbitrary system commands and gain unauthorized access.

The vulnerability, tracked as CVE-2023-39780, was discovered by GreyNoise in ASUS RT-AX55 v3.0.0.4.386.51598. The attackers exploit the authenticated command injection flaw to add their SSH key and enable access on port 53282, ensuring persistent backdoor access across reboots and updates.

This news comes on the heels of a recent alert from ConnectWise, which revealed that it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. A ScreenConnect flaw, tracked as CVE-2025-3935, may have led to this breach, allowing remote code execution via stolen machine keys.

While ConnectWise has not yet confirmed whether this vulnerability was exploited, it has already patched the issue on cloud-hosted instances before disclosure. The agency's swift action highlights the importance of timely patching and vigilance in preventing security breaches.

The U.S. government is taking a proactive approach to addressing these vulnerabilities by issuing Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. According to this directive, federal agencies have until June 23, 2025, to address identified vulnerabilities and protect their networks against attacks exploiting the flaws in the catalog.

In addition to federal agencies, private organizations are also urged to review the KEV catalog and take immediate action to address these vulnerabilities in their infrastructure. The consequences of inaction can be severe, with potentially catastrophic results for sensitive data and national security.

As always, it is crucial for organizations to stay informed about emerging threats and take proactive steps to strengthen their defenses. By following the latest updates from CISA and staying vigilant, businesses and individuals can help protect themselves against these known exploited vulnerabilities.

Stay up-to-date on the latest cybersecurity news and alerts by following me on Twitter: @securityaffairs, Facebook, and Mastodon.