CVE-2025-49706 — Microsoft SharePoint — Microsoft SharePoint Improper Authentication Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-49704 — Microsoft SharePoint — Microsoft SharePoint Code Injection Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-23
Ransomware: Known
CVE-2025-54309 — CrushFTP CrushFTP — CrushFTP Unprotected Alternate Channel Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-6558 — Google Chromium — Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-2776 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-2775 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-12
CVE-2025-53770 — Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2025-07-21
Ransomware: Known
CVE-2025-25257 — Fortinet FortiWeb — Fortinet FortiWeb SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-08
CVE-2025-47812 — Wing FTP Server Wing FTP Server — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-04
CVE-2025-5777 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-11
Ransomware: Known
CVE-2014-3931 — Looking Glass Multi-Router Looking Glass (MRLG) — Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2016-10033 — PHP PHPMailer — PHPMailer Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2019-5418 — Rails Ruby on Rails — Rails Ruby on Rails Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2019-9621 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-28
CVE-2025-6554 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-23
CVE-2025-48927 — TeleMessage TM SGNL — TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-22
CVE-2025-48928 — TeleMessage TM SGNL — TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-22
CVE-2025-6543 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-21
CVE-2024-54085 — AMI MegaRAC SPx — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
CVE-2024-0769 — D-Link DIR-859 Router — D-Link DIR-859 Router Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
CVE-2019-6693 — Fortinet FortiOS — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-16
Ransomware: Known
CVE-2023-0386 — Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-08
CVE-2025-43200 — Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-07
CVE-2023-33538 — TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-07-07