TL;DR
['CISA updates its Known Exploited Vulnerabilities (KEV) Catalog with four newly identified vulnerabilities based on evidence of exploitation.', 'CVEs include FreePBX authentication issues, GitLab SSRF vulnerability, SolarWinds deserialization flaw, and a Sangoma command injection bug.', 'FCEB agencies must remediate t
What happened
['CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation.', 'The newly identified CVEs include Sangoma FreePBX improper authentication, GitLab SSRF, SolarWinds deserialization flaw, and a Sangoma OS command injection bug.']
Why it matters for ops
['These vulnerabilities pose significant risks to the federal enterprise due to their potential for exploitation by malicious cyber actors.', 'Prompt remediation is required under Binding Operational Directive (BOD) 22-01 for FCEB agencies to protect against active threats.']
Mitigation
- Apply available security updates and patches to remediate the identified vulnerabilities.
- Implement strict access controls and authentication mechanisms to prevent unauthorized exploitation of affected components.
Action items
- Review the KEV Catalog for all applicable CVEs and prioritize their remediation as per BOD 22-01 requirements.
- Ensure timely patching and monitoring of systems to detect and mitigate potential exploitation attempts.
Detection IOCs
- CVE-2019-19006
- CVE-2021-39935
- CVE-2025-40551
- CVE-2025-64328