#cisa20250929 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cisa20250929, aggregated by home.social.

ZEN SecDB @[email protected] · 2025-09-29 · 20:00 UTC

🚨 [CISA-2025:0929] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:0929)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-21311 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-21311)
- Name: Adminer Server-Side Request Forgery Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adminer
- Product: Adminer
- Notes: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 ; https://nvd.nist.gov/vuln/detail/CVE-2021-21311
⚠️ CVE-2025-10035 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-10035)
- Name: Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortra
- Product: GoAnywhere MFT
- Notes: https://www.fortra.com/security/advisories/product-security/fi-2025-012 ; https://nvd.nist.gov/vuln/detail/CVE-2025-10035
⚠️ CVE-2025-20352 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-20352)
- Name: Cisco IOS and IOS XE Stack-based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: IOS and IOS XE
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte ; https://nvd.nist.gov/vuln/detail/CVE-2025-20352
⚠️ CVE-2025-32463 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32463)
- Name: Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Sudo
- Product: Sudo
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.sudo.ws/security/advisories/chroot_bug/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-32463
⚠️ CVE-2025-59689 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-59689)
- Name: Libraesva Email Security Gateway Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Libraesva
- Product: Email Security Gateway
- Notes: https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59689
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20250929 #cisa20250929 #cve_2021_21311 #cve_2025_10035 #cve_2025_20352 #cve_2025_32463 #cve_2025_59689 #cve202121311 #cve202510035 #cve202520352 #cve202532463 #cve202559689

#secdb #infosec #cve #cisa_kev #cisa_20250929 #cisa20250929
ZEN SecDB @[email protected] · 2025-09-29 · 20:00 UTC

🚨 [CISA-2025:0929] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:0929)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-21311 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-21311)
- Name: Adminer Server-Side Request Forgery Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adminer
- Product: Adminer
- Notes: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 ; https://nvd.nist.gov/vuln/detail/CVE-2021-21311
⚠️ CVE-2025-10035 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-10035)
- Name: Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortra
- Product: GoAnywhere MFT
- Notes: https://www.fortra.com/security/advisories/product-security/fi-2025-012 ; https://nvd.nist.gov/vuln/detail/CVE-2025-10035
⚠️ CVE-2025-20352 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-20352)
- Name: Cisco IOS and IOS XE Stack-based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: IOS and IOS XE
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte ; https://nvd.nist.gov/vuln/detail/CVE-2025-20352
⚠️ CVE-2025-32463 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32463)
- Name: Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Sudo
- Product: Sudo
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.sudo.ws/security/advisories/chroot_bug/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-32463
⚠️ CVE-2025-59689 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-59689)
- Name: Libraesva Email Security Gateway Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Libraesva
- Product: Email Security Gateway
- Notes: https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59689
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20250929 #cisa20250929 #cve_2021_21311 #cve_2025_10035 #cve_2025_20352 #cve_2025_32463 #cve_2025_59689 #cve202121311 #cve202510035 #cve202520352 #cve202532463 #cve202559689

#cve202559689 #cve202532463 #cve202520352 #cve202510035 #cve202121311 #cve_2025_59689