FCEB
-
CISA adds VMware local privilege‑escalation zero-day to Known Exploited Vulnerabilities catalog
CISA added CVE-2025-41244, a high-severity VMware local privilege‑escalation flaw, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. Broadcom-owned VMware has issued a patch, NVISO Labs reported zero-day use since October 2024, and federal agencies must apply mitigations by Nov. 20, 2025.
-
CISA Adds Critical Lanscope Endpoint Manager Flaw to KEV Catalog
CISA added CVE-2025-61932, a critical arbitrary-code vulnerability in Motex Lanscope Endpoint Manager, to its Known Exploited Vulnerabilities catalog and said it is being actively exploited; Motex has released patched versions and agencies are advised to remediate by Nov. 12, 2025.
-
CISA adds Adobe AEM flaw to Known Exploited Vulnerabilities list
CISA added CVE-2025-54253, a critical Adobe Experience Manager Forms misconfiguration that can allow remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; Adobe has released a patch and federal agencies were told to apply fixes by Nov. 5, 2025.
