CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, reflecting active exploitation by malicious actors. Among these are CVE-2025-31277 affecting multiple Apple products due to a buffer overflow vulnerability and CVE-2025-32432 impacting Craft CMS through code injection vulnerabilities. Additionally, two more issues with Apple products (CVE-2025-43510 for improper locking and CVE-2025-43520 for classic buffer overflows) have been added to the catalog, along with a Laravel Livewire code injection vulnerability (CVE-2025-54068). These vulnerabilities pose significant risks because they can be exploited by attackers to gain unauthorized access or execute arbitrary commands on affected systems. The impact is especially severe for organizations that rely on these technologies, as successful exploitation could lead to data breaches, service disruptions, and further system compromise.
- Apple Multiple Products (all versions before 15.0)
- Craft CMS (versions prior to 3.7.26)
- Laravel Livewire (versions prior to 2.4)
- Update Apple products to version 15.0 or later by running `softwareupdate --install-all` on macOS.
- Upgrade Craft CMS installations to at least version 3.7.26 via Composer with `composer require craftcms/cms:~3.7.26`.
- Patch Laravel Livewire installations to the latest stable release using `composer update livewire/livewire:^2.4`.
This impact is particularly relevant for homelab setups where Apple products, Craft CMS sites, and Laravel projects are used. Specific software versions such as macOS before 15.0, Craft CMS pre-3.7.26, and Laravel Livewire below 2.4 are directly affected.