U.S. CISA Adds Sitecore, Android, and Linux Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken significant steps to protect the nation's networks from exploitation by adding three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The added flaws include a serious Sitecore vulnerability, an Android exploit, and a Linux issue that warrants immediate attention from federal agencies and private organizations alike.
Google recently released security updates for 120 Android vulnerabilities as part of the Android Security Bulletin – September 2025. Two of these vulnerabilities have been identified as being under limited, targeted exploitation. According to Google's Threat Analysis Group (TAG), one of the flaws discovered by Benoît Sevens allows local privilege escalation without extra permissions or user interaction. This vulnerability has raised concerns among security experts, who believe it may have been exploited in spyware attacks.
The second Android vulnerability added to CISA's KEV catalog is CVE-2025-53690 (CVSS score: 7.4). This issue involves a deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) that allows code injection. The affected software versions include Experience Manager (XM): through 9.0; and Experience Platform (XP): through 9.0.
According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies are required to address these identified vulnerabilities by a specific due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also strongly recommend that private organizations review the KEV catalog and take immediate action to address the vulnerabilities in their infrastructure.
CISA has ordered federal agencies to fix the vulnerabilities by September 25, 2025. This timely notice highlights the importance of prioritizing vulnerability patching and network security measures to prevent potential attacks. As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and proactive in addressing known exploited vulnerabilities.
Stay Informed
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates and insights on cybersecurity and infrastructure security.