CISA Adds Five Known Exploited Vulnerabilities to Catalog
Release Date February 06, 2025

CISA has added five vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability
CVE-2022-23748 Dante Discovery Process Control Vulnerability
CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

[https://www.cisa.gov/news-events/alerts/2025/02/06/cisa-adds-five-known-exploited-vulnerabilities-catalog]