The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding five new Common Vulnerabilities and Exposures (CVEs). This latest update highlights various security issues affecting key software from Microsoft, Apple, and Oracle.
Overview of New Vulnerabilities
The vulnerabilities recently added to the catalog include:
- CVE-2022-48503: This vulnerability, rated at 8.8, affects multiple Apple products and could permit arbitrary code execution during web content processing. Apple has mitigated the issue with enhanced bounds checks.
- CVE-2025-33073: An 8.8-rated vulnerability tied to improper access control within the Microsoft Windows SMB Client. Microsoft previously assessed this flaw as being less likely to be exploited during their June Patch Tuesday update.
- CVE-2025-61884: This 7.5-severity Oracle E-Business Suite vulnerability involves server-side request forgery (SSRF). Oracle responded to this issue with an emergency patch on October 11.
- CVE-2025-2746 and CVE-2025-2747: These two vulnerabilities are rated at 9.8 for password authentication bypass within the Kentico Xperience Staging Sync Server.
Oracle Vulnerabilities Under Fire
While CISA typically refrains from disclosing specific details on how these vulnerabilities are exploited, the announcement regarding CVE-2025-61884 came amid ongoing efforts by the CL0P ransomware group. They have been actively targeting CVE-2025-61882, a remote code execution flaw rated 9.8 within the Oracle E-Business Suite. Reports suggest this flaw has been exploited at least since August, with suspicious activities detected prior.
CISA registered CVE-2025-61882 in its KEV database on October 6 and subsequent information indicates that the CL0P group has utilized this vulnerability as part of a broader extortion campaign. Victims, including high-profile targets such as Harvard University and American Airlines’ Envoy Air subsidiary, received threatening emails claiming the theft of sensitive data from their Oracle environments, as reported by Google Threat Intelligence.
Furthermore, the Scattered LAPSUS$ Hunters group circulated proof-of-exploit code for CVE-2025-61882 on October 3. They asserted that they had developed the exploit independently from the CL0P group, indicating a potentially escalating threat landscape.
Insights on Recent Microsoft Vulnerability
The CVE-2025-33073 vulnerability was sourced by eight cybersecurity researchers, among them Keisuke Hirata from CrowdStrike and Cameron Stish from GuidePoint Security, during the findings disclosed in the June Patch Tuesday update.
According to insights shared by Microsoft, successful exploitation of this vulnerability would allow an attacker to gain SYSTEM privileges. The risk assessment involved multiple attack vectors, with the scenario presenting the highest risk based on the ability for an attacker to manipulate victims into connecting to rogue SMB servers.
In a detailed explanation, Microsoft described how a cleverly crafted malicious script could deceive a victim’s machine into re-establishing a connection to the attacker-controlled server, thereby compromising the protocol and potentially resulting in privilege elevation.
Key Takeaways
Awareness and timely software updates are critical as these vulnerabilities pose significant risks to organizations using affected applications. Keeping abreast of patches and security advisories from CISA and vendors can help mitigate the potential impact of these types of security flaws.
