CISA Adds Five Known Exploited Vulnerabilities to Catalog

Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

URL Source: https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog

Markdown Content: # CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

[Skip to main content](https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog#main)


An official website of the United States government

Here’s how you know

Here’s how you know


**Official websites use .gov**

A **.gov** website belongs to an official government organization in the United States.


**Secure .gov websites use HTTPS**

A **lock** () or **https://** means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

**Due to the lapse in federal funding, this website will not be actively managed.**[**Read More**](https://go.dhs.gov/lapse-2026)

[no-cost Cyber Services](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools "Free Cyber Services")[Secure by design](https://www.cisa.gov/securebydesign)[Secure Your Business](https://www.cisa.gov/secureyourbusiness)[Shields Up](https://www.cisa.gov/node/8056)[Report A Cyber Issue](https://www.cisa.gov/report)

[](https://www.cisa.gov/)

[](https://www.cisa.gov/)

Search

[×](javascript:void(0) "Clear search box")

Menu


Close

[×](javascript:void(0) "Clear search box")

* Topics[Topics](https://www.cisa.gov/topics) [Cybersecurity Best Practices](https://www.cisa.gov/topics/cybersecurity-best-practices) [Cyber Threats and Response](https://www.cisa.gov/topics/cyber-threats-and-response) [Critical Infrastructure Security and Resilience](https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience) [Election Security](https://www.cisa.gov/topics/election-security) [Emergency Communications](https://www.cisa.gov/topics/emergency-communications) [Industrial Control Systems](https://www.cisa.gov/topics/industrial-control-systems) [Information and Communications Technology Supply Chain Security](https://www.cisa.gov/topics/information-communications-technology-supply-chain-security) [Partnerships and Collaboration](https://www.cisa.gov/topics/partnerships-and-collaboration) [Physical Security](https://www.cisa.gov/topics/physical-security) [Risk Management](https://www.cisa.gov/topics/risk-management) [How can we help?](https://www.cisa.gov/audiences) [Government](https://www.cisa.gov/topics/government)[Educational […]

[… 3,500 Zeichen — nächste Zone: keyword-dense paragraphs …]

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [KEV Catalog vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog "Known Exploited Vulnerabilities Catalog") as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the [specified criteria](https://www.cisa.gov/known-exploited-vulnerabilities "Reducing the Significant Risk of Known Exploited Vulnerabilities").

* [CVE-2025-31277](https://www.cve.org/CVERecord?id=CVE-2025-31277 "(opens in a new window)") Apple Multiple Products Buffer Overflow Vulnerability * [CVE-2025-32432](https://www.cve.org/CVERecord?id=CVE-2025-32432 "(opens in a new window)") Craft CMS Code Injection Vulnerability * [CVE-2025-43510](https://www.cve.org/CVERecord?id=CVE-2025-43510 "(opens in a new window)") Apple Multiple Products Improper Locking Vulnerability * [CVE-2025-43520](https://www.cve.org/CVERecord?id=CVE-2025-43520 "(opens in a new window)") Apple Multiple Products Classic Buffer Overflow Vulnerability * [CVE-2025-54068](https://www.cve.org/CVERecord?id=CVE-2025-54068 "(opens in a new window)") Laravel Livewire Code Injection Vulnerability

CISA has added five new vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog "Known Exploited Vulnerabilities Catalog"), based on evidence of active exploitation.

[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](https://www.cisa.gov/binding-operational-directive-22-01) established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf) for more information.

1. [Home](https://www.cisa.gov/) 2. [News & Events](https://www.cisa.gov/news-events) 3. [Cybersecurity Advisories](https://www.cisa.gov/news-events/cybersecurity-advisories) […]

[… 3,032 Zeichen — nächste Zone: tail …]

[Return to top](https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog#top)

* [Topics](https://www.cisa.gov/topics) * [Spotlight](https://www.cisa.gov/spotlight) * [Resources & Tools](https://www.cisa.gov/resources-tools) * [News & Events](https://www.cisa.gov/news-events) * [Careers](https://www.cisa.gov/careers) * [About](https://www.cisa.gov/about)

[Cybersecurity & Infrastructure Security Agency](https://www.cisa.gov/ "Go to the Cybersecurity & Infrastructure Security Agency homepage")

* [Facebook](https://www.facebook.com/CISA) * [X](https://x.com/CISAgov) * [LinkedIn](https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency) * [YouTube](https://www.youtube.com/@cisagov) * [Instagram](https://www.instagram.com/cisagov) * [RSS](https://www.cisa.gov/subscribe-updates-cisa)

CISA Central[1-844-Say-CISA](tel:1-844-Say-CISA)[contact@cisa.dhs.gov](mailto:contact@cisa.dhs.gov)

DHS Seal

CISA.gov

An official website of the U.S. Department of Homeland Security

* [About CISA](https://www.cisa.gov/about "About CISA") * [Budget and Performance](https://www.dhs.gov/performance-financial-reports "Budget and Performance") * [DHS.gov](https://www.dhs.gov/ "Department of Homeland Security") * [FOIA Requests](https://www.dhs.gov/foia "FOIA Requests") * [No FEAR Act](https://www.cisa.gov/no-fear-act "No FEAR Act Reporting") * [Office of Inspector General](https://www.oig.dhs.gov/ "Office of Inspector General") * [Privacy Policy](https://www.cisa.gov/privacy-policy "Privacy Policy") * [Subscribe](https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138 "Subscribe to Email Updates") * [The White House](https://www.whitehouse.gov/ "The White House") * [USA.gov](https://www.usa.gov/ "USA.gov") * [Website Feedback](https://www.cisa.gov/forms/feedback "Website Feedback")

Give Feedback