CVEs

CVE-2021-43798 — Grafana Labs Grafana — Grafana Path Traversal Vulnerability

CISA KEV•CVE-2021-43798•Grafana Labs Grafana• October 9, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-30

Details NVD

CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

CISA KEV•CVE-2025-27915•Synacor Zimbra Collaboration Suite (ZCS)• October 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-28

Details NVD

CVE-2025-61882 — Oracle E-Business Suite — Oracle E-Business Suite Unspecified Vulnerability

CISA KEV•CVE-2025-61882•Oracle E-Business Suite• October 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-28

Details NVD

CVE-2010-3765 — Mozilla Multiple Products — Mozilla Multiple Products Remote Code Execution Vulnerability

CISA KEV•CVE-2010-3765•Mozilla Multiple Products• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2011-3402 — Microsoft Windows — Microsoft Windows Remote Code Execution Vulnerability

CISA KEV•CVE-2011-3402•Microsoft Windows• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2013-3918 — Microsoft Windows — Microsoft Windows Out-of-Bounds Write Vulnerability

CISA KEV•CVE-2013-3918•Microsoft Windows• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2021-43226 — Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability

CISA KEV•CVE-2021-43226•Microsoft Windows• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2010-3962 — Microsoft Internet Explorer — Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability

CISA KEV•CVE-2010-3962•Microsoft Internet Explorer• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2021-22555 — Linux Kernel — Linux Kernel Heap Out-of-Bounds Write Vulnerability

CISA KEV•CVE-2021-22555•Linux Kernel• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

CVE-2025-4008 — Smartbedded Meteobridge — Smartbedded Meteobridge Command Injection Vulnerability

CISA KEV•CVE-2025-4008•Smartbedded Meteobridge• October 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-23

Details NVD

CVE-2025-21043 — Samsung Mobile Devices — Samsung Mobile Devices Out-of-Bounds Write Vulnerability

CISA KEV•CVE-2025-21043•Samsung Mobile Devices• October 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-23

Details NVD

CVE-2015-7755 — Juniper ScreenOS — Juniper ScreenOS Improper Authentication Vulnerability

CISA KEV•CVE-2015-7755•Juniper ScreenOS• October 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-23

Details NVD

CVE-2017-1000353 — Jenkins Jenkins — Jenkins Remote Code Execution Vulnerability

CISA KEV•CVE-2017-1000353•Jenkins Jenkins• October 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-23

Details NVD

CVE-2014-6278 — GNU GNU Bash — GNU Bash OS Command Injection Vulnerability

CISA KEV•CVE-2014-6278•GNU GNU Bash• October 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-23

Details NVD

CVE-2021-21311 — Adminer Adminer — Adminer Server-Side Request Forgery Vulnerability

CISA KEV•CVE-2021-21311•Adminer Adminer• September 29, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-20

Details NVD

CVE-2025-20352 — Cisco IOS and IOS XE — Cisco IOS and IOS XE Stack-based Buffer Overflow Vulnerability

CISA KEV•CVE-2025-20352•Cisco IOS and IOS XE• September 29, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-20

Details NVD

CVE-2025-10035 — Fortra GoAnywhere MFT — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-10035•Fortra GoAnywhere MFT• September 29, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-20

Details NVD

CVE-2025-59689 — Libraesva Email Security Gateway — Libraesva Email Security Gateway Command Injection Vulnerability

CISA KEV•CVE-2025-59689•Libraesva Email Security Gateway• September 29, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-20

Details NVD

CVE-2025-32463 — Sudo Sudo — Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

CISA KEV•CVE-2025-32463•Sudo Sudo• September 29, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-20

Details NVD

CVE-2025-20333 — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability

CISA KEV•CVE-2025-20333•Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense• September 25, 2025

Action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Due: 2025-09-26

Details NVD

CVE-2025-20362 — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability

CISA KEV•CVE-2025-20362•Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense• September 25, 2025

Action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Due: 2025-09-26

Details NVD

CVE-2025-10585 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CISA KEV•CVE-2025-10585•Google Chromium V8• September 23, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-14

Details NVD

CVE-2025-5086 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-5086•Dassault Systèmes DELMIA Apriso• September 11, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-02

Details NVD

CVE-2025-53690 — Sitecore Multiple Products — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-53690•Sitecore Multiple Products• September 4, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-09-25

Details NVD