The U.S. Cybersecurity Landscape: New Vulnerabilities Identified by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog. This update includes five new security flaws that are currently being actively exploited. The vulnerabilities affect critical infrastructure components, including databases, network operating systems, email gateways, and file transfer solutions.
Overview of Newly Cataloged Vulnerabilities
The new entries in the KEV Catalog consist of CVE-2021-21311, CVE-2025-20352, CVE-2025-10035, CVE-2025-59689, and CVE-2025-32463. Each of these weaknesses poses a significant risk to organizations that utilize impacted systems, emphasizing the necessity for immediate attention and remediation.
In-Depth Analysis of Each Vulnerability
CVE-2021-21311 – Adminer SSRF Vulnerability
This Server-Side Request Forgery (SSRF) vulnerability was first identified in early 2021 and impacts Adminer versions from 4.0.0 to 4.7.8. As a lightweight PHP-based database management tool, Adminer can be manipulated through crafted URL parameters, allowing unauthorized access to internal resources. With a CVSS score of 7.2, it is categorized as high severity. Attackers can exploit this flaw to proxy requests, enabling internal navigation and reconnaissance within networks.
CVE-2025-20352 – Cisco IOS/IOS XE Buffer Overflow
This flaw affects multiple versions of Cisco’s IOS and IOS XE operating systems that support the Simple Network Management Protocol (SNMP). Identified as a stack-based buffer overflow, it can be triggered by sending specially crafted SNMP packets. Depending on the attacker’s privileges, the outcomes can vary, ranging from denial of service to complete remote code execution, earning it a CVSS score of 7.7 and presenting a serious threat to both enterprise and governmental networks.
CVE-2025-10035 – GoAnywhere MFT Deserialization Flaw
Affecting GoAnywhere MFT versions up to 7.8.3, this critical vulnerability scores a CVSS of 10.0 and resides within the application’s License Servlet. Malicious exploitation of this deserialization weakness allows attackers to execute arbitrary commands, targeting sensitive file transfer systems. The vendor, Fortra, has urged users to promptly apply patches and strengthen input validation measures.
CVE-2025-59689 – Libraesva Email Gateway Command Injection
This vulnerability exists in several versions of the Libraesva Email Security Gateway (ESG) and permits attackers to inject and execute commands through improperly sanitized email attachments. While rated at medium severity with a CVSS of 6.1, its presence in a security appliance that manages email traffic renders it a prime entry point for cyber adversaries.
CVE-2025-32463 – Sudo Privilege Escalation
The vulnerability affects the Sudo utility in Unix and Linux systems across versions 1.9.14 to 1.9.17p1. It arises from improper handling of external control functionalities related to /etc/nsswitch.conf in chroot environments. With a critical CVSS rating of 9.3, successful exploitation could provide an unprivileged user with root-level access.
Importance of the KEV Catalog
The inclusion of these vulnerabilities in the KEV Catalog underscores that they are not merely theoretical risks; they are actively being exploited in the wild. CISA’s KEV list highlights real threats faced by organizations, often leveraged by sophisticated threat actors in advanced persistent threats or ransomware campaigns. This catalog serves as a crucial alert, motivating organizations to take expedited actions to mitigate known vulnerabilities.
Impacted Systems and Versions
- Cisco IOS/IOS XE: Over 349 IOS XE versions and 21 Catalyst SD-WAN releases are impacted by CVE-2025-20352.
- Fortra GoAnywhere MFT: All versions up to 7.8.3 are at risk due to CVE-2025-10035.
- Libraesva ESG: Multiple versions from 4.5 to 5.5 are vulnerable to CVE-2025-59689.
- Sudo: Versions from 1.9.14 to just before 1.9.17p1 are affected by CVE-2025-32463.
- Adminer: Versions prior to 4.7.9 need an upgrade to address CVE-2021-21311.
Recommended Mitigation Strategies
CISA offers several recommendations for organizations to manage these vulnerabilities effectively:
- Apply patches immediately upon vendor release to address vulnerabilities.
- Implement compensating controls if patching is not feasible quickly, such as access limitations, enhanced input validation, and network segmentation.
- Increase monitoring for indicators of exploitation attempts, including unusual traffic patterns or unexpected behavior within systems.
- Engage in threat hunting initiatives directed at identifying any privilege escalation attempts or anomalous file transfer activities.
