CISA KEV listing for ASUS Live Update and FCEB cutoff
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added ASUS Live Update to its KEV catalog after evidence of active exploitation, making CVE-2025-59374 a federal remediation priority. The agency told Federal Civilian Executive Branch users to discontinue use by January 7, 2026. The move addresses a supply chain compromise that introduced unauthorized code into compromised client builds.
Related Happenings
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV directive for CVE-2026-20133
Public Sector Action
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA urgent mitigation order for Cisco FMC CVE-2026-20131
Advisory/Mitigation
First: 23.03.2026 12:30
Last: 23.03.2026 12:30
Sources 1
About this happening:
**CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...
CISA urgent mitigation order for Cisco FMC CVE-2026-20131
Advisory/MitigationAbout this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
Timeline
-
18.12.2025 15:27 2 articles · 5mo ago
CISA adds CVE-2025-59374 to KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-59374 to its Known Exploited Vulnerabilities (KEV) catalog and warned federal agencies to stop using Asus Live Update, a now-discontinued utility linked to a supply-chain backdoor.
Show sources
- CISA Warns of Exploited Flaw in Asus Update Tool — www.securityweek.com — 18.12.2025 15:27
- CISA Warns of Exploited Flaw in Asus Update Tool — www.securityweek.com — 18.12.2025 15:27
-
18.12.2025 07:01 1 articles · 5mo ago
ASUS Live Update reaches end-of-support
Industry Or Public Sector UpdateASUS formally announces that the Live Update client has reached end-of-support as of December 4, 2025, with the last version identified as 3.6.15. Devices still using the software are expected to move away from the product lifecycle that previously required updating to V3.6.8 or higher to address security concerns.
Show sources
- CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation — thehackernews.com — 18.12.2025 07:01
-
18.12.2025 07:01 1 articles · 5mo ago
CISA adds ASUS Live Update flaw to KEV
Initial DisclosureCISA adds CVE-2025-59374 affecting ASUS Live Update to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw involves unauthorized modifications in certain client builds from a supply chain compromise and could cause devices that installed the compromised versions to perform unintended actions.
Show sources
- CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation — thehackernews.com — 18.12.2025 07:01
-
18.12.2025 07:01 1 articles · 5mo ago
CISA sets ASUS Live Update discontinuation deadline for FCEB
Legal Policy Action UpdateCISA urges Federal Civilian Executive Branch agencies still relying on ASUS Live Update to discontinue its use by January 7, 2026. The directive follows the KEV listing and treats the compromised update client as a remediation priority for federal users.
Show sources
- CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation — thehackernews.com — 18.12.2025 07:01