The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical security vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation. CVE-2014-3931 and CVE-2016-10033 are buffer overflow and command injection vulnerabilities, respectively, each with a CVSS score of 9.8. CVE-2019-5418 is a path traversal vulnerability with a CVSS score of 7.5, and CVE-2019-9621 is a Server-Side Request Forgery vulnerability, also rated 7.5. Trend Micro linked CVE-2019-9621 to a China-linked group. Agencies must update by July 28, 2025, to safeguard networks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four security flaws to its Known Exploited Vulnerabilities catalog, highlighting active exploitation evidence.
CVE-2014-3931 and CVE-2016-10033 are critical vulnerabilities with CVSS scores of 9.8, allowing for remote attacks and potential denial-of-service conditions.
CVE-2019-9621, a Server-Side Request Forgery vulnerability, could permit unauthorized internal resource access and remote code execution, linked to attacks by Earth Lusca.
Federal Civilian Executive Branch agencies are urged to implement updates by July 28, 2025, to protect against these vulnerabilities.
Collection
[
|
...
]