CISA Urges Federal Agencies to Patch Actively Exploited Vulnerabilities by October 20, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to address them by October 20, 2025. These include actively exploited flaws in Fortra GoAnywhere MFT, Libraesva Email Security Gateway, Cisco IOS, and others. Among these, Fortra GoAnywhere MFT's CVE-2025-10035, a Deserialization of Untrusted Data Vulnerability, was exploited before its public disclosure. Meanwhile, Libraesva Email Security Gateway's CVE-2025-59689, a Command Injection Vulnerability, was exploited by nation-state actors. Cisco has patched its actively exploited CVE-2025-20352, a Stack-based Buffer Overflow Vulnerability, but agencies must ensure their devices are updated. CISA's directive also covers a Sudo vulnerability, CVE-2025-32463, which allows local users to gain root access. Additionally, Adminer's Server-Side Request Forgery Vulnerability, CVE-2021-21311, is included in the catalog. Federal agencies must prioritize patching these vulnerabilities by the given deadline. With these vulnerabilities being actively exploited or used by nation-state actors, prompt action is crucial. Federal agencies must comply with CISA's directive, updating affected systems, disconnecting unsupported devices, and adhering to specified deadlines to mitigate potential cyber threats.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- JLR Fights Back After Cyberattack, Secures $7B in Funding, Appoints New CEO
- A2C Teams Up with Privacy4Cars to Strengthen FTC Compliance for Auto Dealers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
