Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Cisco IOS, Fortra GoAnywhere, and open-source database manager Adminer all make the cut in the latest CISA KEV update.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities to its known exploited vulnerabilities catalogue.
CVE-2021-21311 is a server-side request forgery vulnerability in Adminer, a PHP-based open-source database management program. The flaw is present in versions between 4.0.0 and 4.7.8; however, it is fixed in version 4.7.9. This vulnerability has a CVSS score of 7.2, making it a high-severity vulnerability.
CVE-2025-20352 is a stack-based buffer overflow vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software. The vulnerability could allow an unauthenticated attacker to cause a denial-of-service condition and lead to remote code execution. This one has a CVSS score of 7.7, making it another high-severity vulnerability.
Several security experts have been concerned by CVE-2025-10035, a deserialisation vulnerability in the License Servlet of Fortra’s GoAnywhere MFT. This vulnerability – a perfect 10 CSS score – could ultimately lead to command injection, prompting Caitlin Condon, vice president of research at VulnCheck, to sound the alarm.
“The description and root cause of CVE-2025-10035 – a newly disclosed critical vulnerability in Fortra’s GoAnywhere MFT solution – is virtually identical to that of CVE-2023-0669, another critical issue that was widely exploited by ransomware groups in 2023, including Clop,” Condon told Cyber Daily last week.
“While it’s not clear currently if CVE-2025-10035 has been exploited in the wild, it’s safe to assume ransomware and other APT groups will be highly motivated to develop exploits targeting this new vulnerability. Fortra also delivered a patch within five days of discovery, if their timeline is accurate, which implies that the supplier is also aware of the urgency.”
With its addition to the KEV catalogue, it looks like Condon’s fears were well-founded.
CVE-2025-59689 is an issue with email security platform Libraesva ESG, present in versions 4.5 through 5.5.x and before 5.5.7 – this flaw could allow command injection by a compressed email attachment. A fix is available for versions 5.0 and up. This vulnerability has a CVSS score of 6.1, meaning it is a medium-severity vulnerability.
Finally, CVE-2025-32463 is a privilege escalation vulnerability in Sudo that could lead to an attacker running arbitrary commands as root on systems that support /etc/nsswitch.conf. It is a critical severity, with a CVSS score of 9.3.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
