The CISA releases four constantly abused vulnerabilities in the KEV catalog and requests fixes by February 25.

Feb 05, 2025Ravie LakshmananVulnerability / Software Security

According to the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ), which four security flaws to its Known Exploited Vulnerabilities ( ) list on Tuesday, the agency cited evidence of active exploitation in the wild.

The record of threats follows:

    A remote attacker can use arbitrary code to execute arbitrary code on the server by using a forced browsing vulnerability in Apache OFBiz ( CVSS score: 7.5/9.8 ) ( Fixed in September 2024 ).

  • ( CVSS score: 7.5 )- An information disclosure vulnerability in Microsoft.NET Framework that could expose the ObjRef URI and lead to remote code execution ( Fixed in )
  • ( CVSS score: 7.2 )- A vulnerability in the Paesler PRTG Network Monitor’s operating system command injection vulnerability that allows a hacker to use the PRTG System Administrator web console to execute commands ( fixed in ).
  • ( CVSS score: 9.8 )- A local file inclusion vulnerability in Paessler PRTG Network Monitor that allows a remote, unauthenticated attacker to create users with read-write privileges ( Fixed in )

Although the particular vendors have since addressed these issues, there are no current public reports on how they might have been used in real-world attacks.

Federal Civilian Executive Branch (FCEB ) organizations are urged to implement the necessary fixes by February 25th, 2025, to protect against potential active threats.

Found this post exciting? Following us on and Twitter to access more unique content.

Leave a Comment