CISA adds Sudo and four other flaws to KEV catalog
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2025-32463 in Sudo to the KEV catalog after evidence of active exploitation in the wild. The same update also added four other exploited flaws across Cisco IOS/IOS XE, Fortra GoAnywhere MFT, Adminer, and Libraesva ESG. FCEB agencies using the affected products must apply mitigations by October 20, 2025, making the update a near-term federal remediation priority.
Related Happenings
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationAbout this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
First: 22.05.2026 08:47
Last: 22.05.2026 08:47
Sources 1
About this happening:
**CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
Cisco ASA/FTD code execution and authentication bypass flaws (multiple vulnerabilities)
Vulnerability
First: 24.04.2026 20:06
Last: 24.04.2026 20:06
Sources 1
About this happening:
**Cisco ASA/FTD** vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** are still under **active exploitation** and can be chained for **unauthenticated remote control** of af...
Cisco ASA/FTD code execution and authentication bypass flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **Cisco ASA/FTD** vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** are still under **active exploitation** and can be chained for **unauthenticated remote control** of af...
Timeline
-
30.09.2025 08:41 3 articles · 7mo ago
CISA adds CVE-2025-32463 and four other exploited flaws to KEV
Legal Policy Action UpdateCISA added CVE-2025-32463 in Sudo, along with CVE-2021-21311 in Adminer, CVE-2025-20352 in Cisco IOS and IOS XE, CVE-2025-10035 in Fortra GoAnywhere MFT, and CVE-2025-59689 in Libraesva Email Security Gateway (ESG), to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation in the wild, and directed Federal Civilian Executive Branch agencies using the affected products to apply mitigations by October 20, 2025.
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42