**U.S. CISA Adds Cisco, SonicWall, and ASUS Flaws to its Known Exploited Vulnerabilities Catalog**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities (KEV) catalog, bringing attention to critical vulnerabilities in Cisco, SonicWall, and ASUS products.

Cisco was the first to report a December 10 campaign targeting certain Secure Email Gateway appliances with exposed ports, allowing attackers to run root-level commands and plant persistence mechanisms. The vulnerability, tracked as CVE-2025-20393, is a Remote Command Execution Vulnerability in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

"On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager," reads the advisory. "This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances."

The second vulnerability added to the catalog is a local privilege escalation issue, tracked as CVE-2025-40602, which is due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). This week, SonicWall urged customers to address this vulnerability that was exploited as a zero-day in attacks in the wild.

"A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC)," reads the advisory published by the company. "Please note that SonicWall Firewall products are not affected by this vulnerability." The vendor warned customers that the vulnerability was chained with CVE-2025-23006 in zero-day attacks to escalate privileges.

CISA also added a critical ASUS Live Update flaw (CVE-2025-59374) to its KEV catalog after confirming active exploitation. The issue stems from a supply chain compromise in which certain Live Update versions were distributed with embedded malicious code, enabling unintended actions on specifically targeted devices. The vulnerability traces back to the ShadowHammer campaign uncovered in 2019, when threat actors trojanized ASUS updates to target a small set of users identified by MAC addresses.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the CISCO and SonicWall vulnerabilities by December 24, 2025, and ASUS flaw by January 7, 2026.