U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several new vulnerabilities to its list of Known Exploited Vulnerabilities (KEV), including flaws in Apple products and Juniper Networks' Junos OS software. This move highlights the importance of staying vigilant against emerging threats and emphasizes the need for organizations to prioritize vulnerability patching.

Juniper Networks Junos OS Flaws

The most recent addition to CISA's KEV catalog is a critical flaw in Juniper Networks' Junos OS, identified as CVE-2025-21590. This vulnerability allows a local attacker with high privileges to compromise the integrity of the device by injecting arbitrary code into trusted processes.

Mandiant researchers have warned that China-linked APT group UNC3886 is actively deploying custom backdoors on affected Juniper Networks routers, using techniques such as passive backdoors and tampering with logs and forensic artifacts to evade detection. The group's methods demonstrate a deep understanding of system internals, highlighting the importance of staying up-to-date with the latest security patches.

Juniper Networks has issued a security bulletin (JSA93446) that details the vulnerability and provides guidance on mitigating the risk. CISA is urging federal agencies to address this vulnerability by April 3, 2025, as outlined in their Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.

Apple WebKit Cross-Platform Web Browser Engine Flaw

The second addition to CISA's KEV catalog is a zero-day vulnerability in Apple's WebKit cross-platform web browser engine, identified as CVE-2025-24201. This vulnerability allows an attacker to exploit an out-of-bounds write issue, potentially leading to code execution and arbitrary code injection.

Apple has released emergency security updates to address this vulnerability, including iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. The company notes that maliciously crafted web content may be able to break out of the Web Content sandbox, highlighting the importance of staying vigilant against advanced threats.

The affected devices include iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, as well as Macs running macOS Sequoia.

Importance of Vulnerability Patching

CISA's addition of these new vulnerabilities to its KEV catalog serves as a reminder of the importance of staying up-to-date with the latest security patches. Federal agencies are urged to address these vulnerabilities by the due date, as outlined in their Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.

Private organizations are also encouraged to review the KEV catalog and address the vulnerabilities in their infrastructure. By prioritizing vulnerability patching, organizations can significantly reduce the risk of exploitation by known threats.

Follow me on Twitter: @securityaffairs

(@securityaffairs and) Facebook and Mastodon