Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

Mar 4, 2025

—

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog
Source: Alerts
Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog

Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability
CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

AI Summary and Description: Yes

Summary: The text outlines CISA’s recent addition of four critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, emphasizing their potential exploitation by malicious actors and the associated risks for federal enterprises. The guidance from Binding Operational Directive 22-01 serves to underline the importance of timely remediation of such vulnerabilities, which is also urged for broader organizational relevance beyond federal agencies.

Detailed Description:
The information provided highlights significant developments in the context of cybersecurity, specifically addressing vulnerabilities that have been recognized by CISA (Cybersecurity and Infrastructure Security Agency) as actively exploited. This classification is crucial for professionals in security, particularly in the fields of infrastructure security and information security.

Key Points:
– **New Vulnerabilities Added**: CISA has cataloged four new vulnerabilities:
– **CVE-2024-50302**: Vulnerability in the Linux Kernel involving uninitialized resource usage.
– **CVE-2025-22225**: An arbitrary write vulnerability found in VMware ESXi.
– **CVE-2025-22224**: A TOCTOU (Time-of-check to time-of-use) race condition vulnerability in VMware ESXi and Workstation.
– **CVE-2025-22226**: Information disclosure vulnerability found in VMware ESXi, Workstation, and Fusion.

– **Active Exploitation Risks**: The vulnerabilities identified are considered frequent attack vectors and pose significant threats, particularly to federal enterprise systems.

– **Binding Operational Directive 22-01**: This directive has established the Known Exploited Vulnerabilities Catalog to document vulnerabilities that pose serious risks. It mandates that:
– Federal Civilian Executive Branch (FCEB) agencies must address and remediate specified vulnerabilities by designated deadlines to protect their networks from potential threats.
– All organizations, while the directive primarily pertains to FCEB agencies, are encouraged to adopt similar practices for vulnerability management, emphasizing the importance of timely remediation.

– **Ongoing Updates**: CISA will continually update the catalog to reflect new vulnerabilities that fit the established criteria, indicating the dynamic nature of cybersecurity threats.

Overall, the information presented is particularly relevant for information security and infrastructure security professionals who must prioritize vulnerability management within their organizations to mitigate risk and enhance resilience against cyber threats.

01 1 2 2024 24 3 4 5 a Act active exploitation active threats AI alerts alt and art as attack attack vector attack vectors attacks based Binding Operational Directive Binding Operational Directive 22 by C catalog CIA CISA class classification Common Vulnerabilities Common Vulnerabilities and Exposures Context critical CVE cyber cyber actors cyber threat cyber threats cyberattack Cyberattacks cybersecurit Cybersecurity Cybersecurity and Infrastructure Security Agency cybersecurity threat cybersecurity threats D de design development directive disclosure document e enterprise enterprise systems enterprises ERP event exp exploit Exploitation exploitation risk exploitation risks exploited vulnerabilities Exposures fact federal agencies Federal Civilian Executive Branch federal enterprise for g Gen Go guidance H high Highlight HR http HTTPS in information information disclosure information security infrastructure infrastructure security inux ite k kernel Key Known Exploited Vulnerabilities Known Exploited Vulnerabilities Catalog l led Li Linux Linux Kernel Living malicious actors malicious cyber actors man management media Mila N network networks news no o of on operation OPM opt organization organizations out over point potential pre professionals R race condition rag RCE red remediation resilience resource resource usage Risk risks Ro RoT s sec security security professionals security threat security threats side Sig Sim SoC source specific system systems T text the threat threats Time to Tor TP two type UI up update updates US usage use V vectors vents VMware vulnerabilities vulnerabilities catalog vulnerability Vulnerability Management vulnerability management practice Wi workstation x