New Exploited Vulnerabilities Added to CISA’s KEV Catalog: What You Need to Know

By /

Listen to this Post

On March 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog, adding five critical security flaws affecting major software from companies like Cisco, Hitachi Vantara, Microsoft, and Progress. These vulnerabilities have been marked based on active exploitation, putting a range of organizations at risk. The flaws cover issues from command injections to privilege escalation and remote code execution, making them crucial for companies to address quickly. This article breaks down these vulnerabilities, what they mean for your cybersecurity posture, and the actions you need to take to protect your systems.

Vulnerabilities in CISA’s KEV Catalog

CISA recently added five significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, each impacting different software products. The vulnerabilities are:

  • CVE-2023-20118 (Cisco Small Business RV Series routers): A command injection flaw allowing attackers to gain root-level privileges. It remains unpatched due to the routers’ end-of-life status.

  • CVE-2022-43939 (Hitachi Vantara Pentaho BA Server): An authorization bypass flaw caused by non-canonical URL paths used for decision-making. A fix will be included in the 9.3.0.2 and 9.4.0.1 updates in August 2024.

  • CVE-2022-43769 (Hitachi Vantara Pentaho BA Server): A special element injection vulnerability enabling attackers to execute arbitrary commands via Spring template injection. A fix will also be available in August 2024.

  • CVE-2018-8639 (Microsoft Windows Win32k): A local privilege escalation flaw in Microsoft Windows that can execute arbitrary code at the kernel level. This was fixed in 2018.

  • CVE-2024-4885 (Progress WhatsUp Gold): A path traversal vulnerability allowing attackers to execute remote code. A patch will be released in June 2024.

These vulnerabilities have already been exploited, with incidents like botnet recruitment using CVE-2023-20118 and active exploitation of CVE-2024-4885 confirmed by researchers. Federal agencies are urged to implement mitigations by March 24, 2025, to safeguard their systems.

What Undercode Says:

The addition of these vulnerabilities to the CISA KEV catalog highlights the ongoing risk of cybersecurity threats in widely used enterprise software. Companies and governmental agencies relying on Cisco, Hitachi, Microsoft, and Progress products must prioritize patching these vulnerabilities to prevent potential exploitation.

The vulnerabilities span a range of severities, with CVE-2024-4885 being particularly concerning due to its high CVSS score of 9.8, indicating that exploitation can lead to remote code execution without authentication. As this vulnerability has been actively targeted by threat actors, organizations using affected systems need to take immediate action to block unauthorized access. The fact that exploitation attempts have been detected globally—by IP addresses in Hong Kong, Russia, Brazil, South Korea, and the UK—illustrates the widespread interest malicious actors have in targeting this flaw.

CVE-2023-20118 is another critical issue. Even though the vulnerability exists in routers reaching the end of their life cycle, its exploitation continues to be seen in the wild. This shows that legacy systems, while no longer receiving official support, remain a tempting target for attackers. Cisco’s failure to issue a patch for this flaw underlines the risks organizations face when running outdated hardware that can’t be updated.

The vulnerabilities related to Hitachi Vantara’s Pentaho BA Server are also noteworthy, with CVE-2022-43939 and CVE-2022-43769 presenting serious authorization and command execution issues. These flaws could allow attackers to gain control over critical business intelligence data, making them prime targets for attackers seeking to exploit sensitive corporate systems.

While CVE-2018-8639 appears to be older, its continued active exploitation by the Dalbit group emphasizes that cybercriminals can target even “patched” vulnerabilities if they’re not adequately mitigated by users. Attackers exploiting this flaw to escalate privileges could ultimately compromise the entire system.

The combination of old and new vulnerabilities on this list reinforces a broader point: cybersecurity isn’t just about patching new flaws—it’s about maintaining systems at all stages of their lifecycle. Organizations must consider the risks of continuing to operate outdated systems without proper patches and mitigations.

Fact Checker Results:

  1. CVE-2024-4885 and CVE-2023-20118 are actively exploited in the wild, with proof of botnet involvement and targeted attacks across multiple countries.
  2. Microsoft’s CVE-2018-8639 remains a threat despite being patched in 2018, as it continues to be weaponized by advanced threat actors.
  3. The CVE-2022-43939 and CVE-2022-43769 vulnerabilities are fixed in the 9.3.0.2 and 9.4.0.1 versions of Pentaho BA Server, slated for release in 2024, providing a timely opportunity to address security gaps.

References:

Reported By: https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html
Extra Source Hub:
https://www.twitter.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: