CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

/in

Cyble CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

In a recent update to its Known Exploited Vulnerabilities Catalog, the Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities that are currently under active exploitation. These vulnerabilities span across multiple platforms and pose substantial security risks for both organizations and individual users.

The vulnerabilities identified in CVE-2024-40891, CVE-2024-40890, CVE-2025-21418, and CVE-2025-21391 can be exploited with relative ease if security updates are not applied promptly. Users and organizations should follow the guidance provided by vendors like Zyxel and Microsoft, ensuring that their systems are updated regularly to address the latest security flaws.

For organizations relying on Zyxel DSL routers or Windows-based systems, it is crucial to assess the exposure to these vulnerabilities and take immediate steps to update firmware or software versions.

Details of the Vulnerabilities and Active Exploitation

CVE-2024-40891 and CVE-2024-40890: Critical Command Injection Vulnerabilities in Zyxel DSL Routers

The two vulnerabilities—CVE-2024-40891 and CVE-2024-40890—are related to a series of Command Injection Vulnerabilities affecting Zyxel DSL CPE devices. Specifically, these vulnerabilities affect the Zyxel VMG4325-B10A router model running firmware version 1.00(AAFR.4)C0_20170615.

Both vulnerabilities share a common thread: they allow authenticated attackers to execute arbitrary operating system (OS) commands on the affected devices via Telnet (CVE-2024-40891) or a crafted HTTP POST request (CVE-2024-40890). This puts devices at high risk of being compromised by threat actors who can exploit these weaknesses to gain control of the affected systems.

According to the official Zyxel advisory, both vulnerabilities have been assigned a CVSS severity score of 8.8 (High). These flaws stem from improper neutralization of special elements used in OS commands (CWE-78: Improper Neutralization of Special Elements used in an OS Command). Once successfully exploited, the vulnerabilities could allow attackers to bypass authentication and execute malicious OS commands, effectively compromising the security of the devices.

Zyxel has issued advisories urging users to update their firmware to mitigate these vulnerabilities. Devices using older firmware versions are especially at risk. The active exploitation of these vulnerabilities could lead to severe consequences, such as unauthorized access, data breaches, or complete system takeovers.

CVE-2025-21418: Windows Ancillary Function Driver Buffer Overflow Vulnerability

The third vulnerability in the catalog, CVE-2025-21418, is related to a Heap-based Buffer Overflow in the Windows Ancillary Function Driver for WinSock. This vulnerability affects various Windows operating systems, including Windows 10 (version 1809 and newer) and Windows Server editions, and could allow an attacker to elevate their privileges on the system.

Exploiting this flaw, cybercriminals can gain higher privileges, potentially leading to system compromise. The CVE has been assigned a CVSS score of 7.8, marking it as high severity. The vulnerability arises from improper handling of buffers, specifically during the interaction between the Windows Ancillary Function Driver and WinSock.

Windows users and organizations are encouraged to install security updates to mitigate this threat. If left unpatched, the vulnerability could allow attackers to perform malicious actions that compromise system integrity and confidentiality.

CVE-2025-21391: Windows Storage Link Following Vulnerability

Finally, CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, has been added to the CISA catalog. This vulnerability is tied to an issue in Windows Storage where the system improperly resolves links before accessing files. Known as link following (CWE-59), this vulnerability allows an attacker to perform elevation of privilege attacks, potentially granting them access to files and resources they should not have access to.

This vulnerability affects multiple versions of Windows, including Windows 10, Windows Server 2019, and Windows 11. With a CVSS score of 7.1, this vulnerability is considered moderately severe but still presents cybersecurity risks if left unaddressed. Attackers exploiting this vulnerability can manipulate file access controls to gain higher-level privileges and access critical system components.

Conclusion

The inclusion of CVE-2024-40891, CVE-2024-40890, CVE-2025-21418, and CVE-2025-21391 in CISA’s Known Exploited Vulnerabilities Catalog highlights the ongoing risk of cyberattacks exploiting vulnerabilities in widely used systems. Command injection, buffer overflows, and improper link resolution remain common attack vectors. Organizations must stay vigilant, apply patches promptly, and prioritize security to prevent data breaches and system compromises.

Cyble, with its AI-driven cybersecurity platforms, helps businesses stay protected at all times by providing proactive threat intelligence and real-time vulnerability monitoring. Staying informed and prepared is essential to protecting sensitive data from cyber risks.

References

The post CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues appeared first on Cyble.

Blog – Cyble – ​Read More