Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV remediation order for CVE-2025-22225

Public Sector Action
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-22225 to the Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to secure affected systems by March 25, 2025. The directive formalized remediation for a VMware ESXi flaw already tied to ransomware campaigns, increasing urgency for government systems exposed to the vulnerability. The action was issued under Binding Operational Directive (BOD) 22-01 and applies to agencies that must either mitigate the flaw or stop using the product if mitigation is unavailable.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First: 30.04.2026 14:40 Last: 30.04.2026 14:40 Sources 1

About this happening: cPanel issued mitigation guidance for **CVE-2026-41940** after fixes became available for **cPanel, WHM, and WP Squared**, urging customers to restart **cpsrvd** to reduce exposur...

Open Happening

CISA Apache ActiveMQ CVE-2026-34197 mitigation order

Advisory/Mitigation
First: 21.04.2026 14:17 Last: 21.04.2026 14:17 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Apache ActiveMQ** servers by **April 30** after **CVE-2026-34197** was confirmed **actively exploited**. The flaw can allow **arbitr...

Open Happening

NIST/NVD risk-based CVE enrichment change

Public Sector Action
First: 16.04.2026 15:43 Last: 16.04.2026 15:43 Sources 1

About this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...

Open Happening

Timeline

  1. 04.02.2026 19:38 2 articles · 3mo ago

    CISA KEV remediation order for CVE-2025-22225

    Legal Policy Action Update

    CISA added CVE-2025-22225 to the Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to secure affected systems by March 25, 2025 under Binding Operational Directive (BOD) 22-01. The directive told agencies to apply vendor mitigations or discontinue use of the product if mitigations were unavailable.

    Show sources
    Open in new tab
  2. 04.02.2026 19:38 1 articles · 3mo ago

    CISA confirms ransomware exploitation of CVE-2025-22225

    Initial Disclosure

    CISA confirmed that ransomware gangs are exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox-escape and arbitrary-write flaw that Broadcom patched in March 2025 after marking it an actively exploited zero-day. The update also aligns with earlier reporting that Chinese-speaking threat actors likely chained related VMware flaws in sophisticated zero-day attacks since at least February 2024.

    Show sources
    Open in new tab