CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA added two new vulnerabilities, CVE-2025-11953 and CVE-2026-24423, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities represent frequent attack vectors and pose significant risks, particularly to the federal enterprise, prompting CISA to urge all organizations to prioritize their remediation.
IFF Assessment
The addition of actively exploited vulnerabilities to the KEV catalog indicates increased risk and active threats that defenders must address.
Severity
Defender Context
This announcement highlights the importance of timely patching and vulnerability management, especially for vulnerabilities listed in the CISA KEV catalog. Defenders should prioritize patching these vulnerabilities, monitor for related exploit activity, and ensure their vulnerability management processes are up-to-date. The KEV catalog serves as a valuable resource for focusing remediation efforts on actively exploited vulnerabilities.