CISA adds Adobe Experience Manager flaw to KEV catalog
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2025-54253 affecting Adobe Experience Manager to its KEV catalog, turning the flaw into a federal remediation priority because it is under active exploitation. The listing matters because the bug is a 10.0-rated misconfiguration issue that can enable arbitrary code execution. Federal civilian agencies were told to apply fixes by November 5, 2025.
Related Happenings
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
First: 22.05.2026 08:47
Last: 22.05.2026 08:47
Sources 1
About this happening:
**CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV directive for CVE-2026-20133
Public Sector Action
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
**CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
Adobe security patch release for CVE-2026-34621
Security Patch Release
First: 12.04.2026 07:25
Last: 12.04.2026 07:25
Sources 1
About this happening:
**Adobe** issued **emergency updates** for **Acrobat Reader**, **Acrobat DC**, and **Acrobat 2024** after **CVE-2026-34621** was found **actively exploited in the wild**. The patc...
Adobe security patch release for CVE-2026-34621
Security Patch ReleaseAbout this happening: **Adobe** issued **emergency updates** for **Acrobat Reader**, **Acrobat DC**, and **Acrobat 2024** after **CVE-2026-34621** was found **actively exploited in the wild**. The patc...
Timeline
-
16.10.2025 07:26 2 articles · 7mo ago
Initial report: CISA adds Adobe Experience Manager flaw to KEV catalog
Initial DisclosureCISA formally moved **CVE-2025-54253** into the **KEV catalog** after evidence of **active exploitation**. That initial step made the Adobe issue a federal remediation priority rather than a routine vendor advisory.
Show sources
- CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack — thehackernews.com — 16.10.2025 07:26
- CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack — thehackernews.com — 16.10.2025 07:26