The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added four significant security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation in real-world scenarios. This move underscores the urgent need for organizations to address these critical vulnerabilities to safeguard their systems.
The newly added vulnerabilities include CVE-2014-3931, a buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) rated at a CVSS score of 9.8. This flaw could enable remote attackers to perform arbitrary memory writes, potentially leading to severe memory corruption. Similarly, CVE-2016-10033, another vulnerability with the same high score, is found in PHPMailer and allows for command injection, resulting in a potential denial-of-service condition.
Furthermore, CISA’s update includes CVE-2019-5418 and CVE-2019-9621, both rated at a CVSS score of 7.5. The former is a path traversal vulnerability in Ruby on Rails’ Action View, which could expose sensitive files on the target system. The latter is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite, leading to unauthorized access and potential remote code execution.
While details regarding the active exploitation of CVE-2014-3931 and CVE-2016-10033 remain scarce, CVE-2019-9621 has been linked to a China-based threat actor known as Earth Lusca, which was reported by Trend Micro in September 2023. They utilized this vulnerability to deploy web shells and Cobalt Strike within compromised environments.
In response to the threats posed by these vulnerabilities, CISA is urging Federal Civilian Executive Branch (FCEB) agencies to implement necessary updates by July 28, 2025. This proactive step aims to fortify their defenses against potential intrusions and exploits.