Advertisement

CISA Provides 4 Vital Vulnerabilities to KEV Catalog Resulting from Lively Exploitation


Thank you for reading this post, don't forget to subscribe!

Jul 08, 2025Ravie LakshmananCyber Assaults / Vulnerability

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added 4 safety flaws to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.

The record of flaws is as follows –

  • CVE-2014-3931 (CVSS rating: 9.8) – A buffer overflow vulnerability in Multi-Router Trying Glass (MRLG) that might permit distant attackers to trigger an arbitrary reminiscence write and reminiscence corruption
  • CVE-2016-10033 (CVSS rating: 9.8) – A command injection vulnerability in PHPMailer that might permit an attacker to execute arbitrary code throughout the context of the appliance or lead to a denial-of-service (DoS) situation
  • CVE-2019-5418 (CVSS rating: 7.5) – A path traversal vulnerability in Ruby on Rails’ Motion View that might trigger contents of arbitrary recordsdata on the goal system’s file system to be uncovered
  • CVE-2019-9621 (CVSS rating: 7.5) – A Server-Aspect Request Forgery (SSRF) vulnerability within the Zimbra Collaboration Suite that might lead to unauthorized entry to inside sources and distant code execution

There are presently no public studies on how the primary three vulnerabilities are being exploited in real-world assaults. The abuse of CVE-2019-9621, then again, was attributed by Development Micro to a China-linked menace actor often called Earth Lusca in September 2023 to drop net shells and Cobalt Strike.

Cybersecurity

In mild of lively exploitation, Federal Civilian Govt Department (FCEB) businesses are advisable to use the required updates by July 28, 2025, to safe their networks.

Technical Particulars of Citrix Bleed 2 Out

The event comes as watchTowr Labs and Horizon3.ai have launched technical analyses for a vital safety flaw in Citrix NetScaler ADC (CVE-2025-5777 aka Citrix Bleed 2), which is assessed to have come beneath lively exploitation.

“We’re seeing lively exploitation of each CVE-2025-5777 and CVE-2025-6543 within the wild,” watchTowr CEO Benjamin Harris instructed The Hacker Information. “This vulnerability permits studying of reminiscence, which we imagine attackers are utilizing to learn delicate info (for instance, info despatched inside HTTP requests which might be then processed in-memory), credentials, legitimate Citrix session tokens, and extra.”

The findings present that it is attainable to ship a login request to the “/p/u/doAuthentication.do” endpoint and trigger it (and different endpoints prone to the flaw) to replicate the user-supplied login worth within the response, no matter success or failure.

Horizon3.ai famous that the vulnerability could possibly be used to leak roughly 127 bytes of knowledge by way of a specifically crafted HTTP request with a modified “login=” with out an equal signal or worth, thereby making it attainable to extract session tokens or different delicate info.

The shortcoming, watchTowr defined, stems from using the snprintf operate together with a format string containing the “%.*s” format.

“The %.*s format tells snprintf: ‘Print as much as N characters, or cease on the first null byte () – whichever comes first.’ That null byte finally seems someplace in reminiscence, so whereas the leak would not run indefinitely, you continue to get a handful of bytes with every invocation,” the corporate mentioned.

“So, each time you hit that endpoint with out the =, you pull extra uninitialized stack information into the response. Repeat it sufficient occasions, and finally, you would possibly land on one thing helpful.”

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.