Security News > 2025 > February > CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
2025-02-05 05:05
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
News URL
https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html
Related news
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List (source)
- CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise (source)
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- Ransomware criminals love CISA's KEV list – and that's a bug, not a feature (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |