Source URL: https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog
Source: Alerts
Title: CISA Adds One Known Exploited Vulnerability to Catalog
Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
AI Summary and Description: Yes
Summary: The text discusses the addition of a new vulnerability, CVE-2025-2783, to CISA’s Known Exploited Vulnerabilities Catalog. This catalog serves as a critical resource for federal agencies and other organizations to address significant cyber threats through timely remediation.
Detailed Description:
– CISA (Cybersecurity and Infrastructure Security Agency) has updated its Known Exploited Vulnerabilities Catalog to include CVE-2025-2783, which is a vulnerability found in the Google Chromium Mojo Sandbox.
– The identified vulnerability is a serious concern as it serves as a potential attack vector for cyber adversaries, leading to risks for federal and private enterprises.
– The **Binding Operational Directive (BOD) 22-01** aims to mitigate these risks by ensuring that federal agencies act promptly to remediate identified vulnerabilities. It establishes a living list of significant CVEs that pose threats to federal networks.
– Key requirements from BOD 22-01 include:
– Federal Civilian Executive Branch (FCEB) agencies must address vulnerabilities listed in the catalog by designated deadlines.
– Priority should be given to managing these vulnerabilities as a part of organizational cyber hygiene practices.
– Although the directive is aimed primarily at federal agencies, CISA emphasizes that all organizations—regardless of their affiliation—should implement rigorous vulnerability management practices to safeguard against potential cyberattacks.
– CISA plans to continue adding vulnerabilities to the catalog, thereby serving as a proactive measure to enhance cybersecurity across sectors.
This information is particularly relevant for security and compliance professionals as it highlights the dynamics of vulnerability management and the importance of keeping systems secure in light of known exploits. Compliance with directives like BOD 22-01 may also carry implications for broader governance and risk management strategies.