嗯,用户让我帮忙总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述就行。好的,首先我得仔细阅读这篇文章,理解它的主要内容。 文章主要讲的是美国网络安全和基础设施安全局(CISA)的已知被利用漏洞(KEV)目录在2025年的增长情况。KEV目录新增了245个漏洞,总数达到了1484个,增幅接近20%。其中有24个漏洞被勒索软件团伙利用。此外,还提到了一些老漏洞被加入目录的情况,比如CVE-2007-0671和CVE-2002-0367。微软是新增漏洞最多的厂商,有39个漏洞被加入。最常见的软件弱点包括命令注入、反序列化等。 接下来,我需要把这些信息浓缩到100字以内。要抓住关键点:KEV目录的增长、新增漏洞数量、勒索软件相关的漏洞、老漏洞的加入、微软的高贡献以及常见弱点。 可能的结构是:先总述增长情况,然后提到勒索软件相关和老漏洞的情况,最后提到微软和其他信息。这样既全面又简洁。 现在开始组织语言:CISA的KEV目录在2025年增长了约20%,新增了245个漏洞,总数达1484个。其中24个被勒索软件利用。还加入了94个较旧的漏洞,包括CVE-2007-0671和CVE-2002-0367。微软贡献最多,有39个漏洞。最常见的弱点包括命令注入、反序列化等。 检查一下字数是否在限制内,并且确保没有使用禁止的开头语句。 </think> CISA的已知被利用漏洞(KEV)目录在2025年增长了约20%,新增了245个漏洞至总数1,484个。其中包含24个被勒索软件利用的漏洞,并加入了94个较旧的漏洞(如CVE-2007-0671)。微软贡献最多(39个),常见弱点包括命令注入和反序列化等。 2026-1-2 10:31:26 Author: cyble.com(查看原文) 阅读量:3 收藏
CISA’s Known Exploited Vulnerabilities (KEV) catalog grew by 20% in 2025, including 24 vulnerabilities exploited by ransomware groups.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyberattacks.
The agency removed at least one vulnerability from the catalog in 2025 – CVE-2025-6264, a Velociraptor Incorrect Default Permissions vulnerability that CISA determined had insufficient evidence of exploitation – but the database has generally grown steadily since its launch in November 2021.
After an initial surge of added vulnerabilities after the database first launched, growth stabilized in 2023 and 2024, with 187 vulnerabilities added in 2023 and 185 in 2024.
Growth accelerated in 2025, however, as CISA added 245 vulnerabilities to the KEV catalog, an increase of more than 30% above the trend seen in 2023 and 2024. With new vulnerabilities surging in recent weeks, the elevated exploitation trend may well continue into 2026.
Overall, CISA KEV vulnerabilities grew from 1,239 vulnerabilities at the end of 2024 to 1,484 at the end of 2025, an increase of just under 20%.
We’ll look at some of the trends and vulnerabilities from 2025 – including 24 vulnerabilities known to be exploited by ransomware groups – along with the vendors and projects that had the most CVEs added to the list this year.
Older Vulnerabilities Added to CISA KEV Also Grew
The addition of older vulnerabilities to the CISA KEV catalog also grew in 2025. In 2023 and 2024, 60 to 70 older vulnerabilities were added to the KEV catalog each year. In 2025, the number of vulnerabilities from 2024 and earlier added to the catalog grew to 94, a 34% increase from a year earlier.
The oldest vulnerability added to the KEV catalog in 2025 was CVE-2007-0671, a Microsoft Office Excel Remote Code Execution vulnerability.
The oldest vulnerability in the catalog remains one from 2002 – CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 smss.exe debugging subsystem that has been known to be used in ransomware attacks.
Vulnerabilities Used in Ransomware Attacks
CISA marked 24 of the vulnerabilities added in 2025 as known to be exploited by ransomware groups. They include some well-known flaws such as CVE-2025-5777 (dubbed “CitrixBleed 2”) and Oracle E-Business Suite vulnerabilities exploited by the CL0P ransomware group.
The full list of vulnerabilities newly exploited by ransomware groups in 2025 is included below, and should be prioritized by security teams if they’re not yet patched.
| Vulnerabilities Exploited by Ransomware Groups | |
| CVE-2025-5777 | Citrix NetScaler ADC and Gateway Out-of-Bounds Read |
| CVE-2025-31161 | CrushFTP Authentication Bypass |
| CVE-2019-6693 | Fortinet FortiOS Use of Hard-Coded Credentials |
| CVE-2025-24472 | Fortinet FortiOS and FortiProxy Authentication Bypass |
| CVE-2024-55591 | Fortinet FortiOS and FortiProxy Authentication Bypass |
| CVE-2025-10035 | Fortra GoAnywhere MFT Deserialization of Untrusted Data |
| CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow |
| CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow |
| CVE-2025-55182 | Meta React Server Components Remote Code Execution |
| CVE-2025-49704 | Microsoft SharePoint Code Injection |
| CVE-2025-49706 | Microsoft SharePoint Improper Authentication |
| CVE-2025-53770 | Microsoft SharePoint Deserialization of Untrusted Data |
| CVE-2025-29824 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free |
| CVE-2025-26633 | Microsoft Windows Management Console (MMC) Improper Neutralization |
| CVE-2018-8639 | Microsoft Windows Win32k Improper Resource Shutdown or Release |
| CVE-2024-55550 | Mitel MiCollab Path Traversal |
| CVE-2024-41713 | Mitel MiCollab Path Traversal |
| CVE-2025-61884 | Oracle E-Business Suite Server-Side Request Forgery (SSRF) |
| CVE-2025-61882 | Oracle E-Business Suite Unspecified |
| CVE-2023-48365 | Qlik Sense HTTP Tunneling |
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload |
| CVE-2024-57727 | SimpleHelp Path Traversal |
| CVE-2024-53704 | SonicWall SonicOS SSLVPN Improper Authentication |
| CVE-2025-23006 | SonicWall SMA1000 Appliances Deserialization |
Projects and Vendors with the Highest Number of Exploited Vulnerabilities
Microsoft once again led all vendors and projects in CISA KEV additions, with 39 vulnerabilities added to the database in 2025, up from 36 in 2024.
Several vendors and projects had fewer vulnerabilities added in 2025 than they did in 2024, suggesting improved security controls. Among the vendors and projects that saw a decline in KEV vulnerabilities in 2025 were Adobe, Android, Apache, Ivanti, Palo Alto Networks, and VMware.
11 vendors and projects had five or more KEV vulnerabilities added this year, included below.
| Vendor/project | CISA KEV additions in 2025 |
| Microsoft | 39 |
| Apple | 9 |
| Cisco | 8 |
| Fortinet | 8 |
| Google Chromium | 7 |
| Ivanti | 7 |
| Linux Kernel | 7 |
| Citrix | 5 |
| D-Link | 5 |
| Oracle | 5 |
| SonicWall | 5 |
Most Common Software Weaknesses Exploited in 2025
Eight software and hardware weaknesses (common weakness enumerations, or CWEs) were particularly prominent among the 2025 KEV additions. The list is similar to last year, although CWE-787, CWE-79, and CWE-94 are new to the list this year.
- CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) – was again the most common weakness among vulnerabilities added to the KEV database, accounting for 18 of the 245 vulnerabilities added in 2025.
- CWE-502 – Deserialization of Untrusted Data – again came in second, occurring in 14 of the vulnerabilities.
- CWE-22 – Improper Limitation of a Pathname to a Restricted Directory, or ‘Path Traversal’ – moved up to third place with 13 appearances.
- CWE-416 – Use After Free – slipped a spot to fourth and was behind 11 of the vulnerabilities.
- CWE-787 – Out-of-bounds Write – was a factor in 10 of the vulnerabilities.
- CWE-79 – Cross-site Scripting – appeared 7 times.
Conclusion
CISA’s Known Exploited Vulnerabilities catalog remains a valuable tool for helping IT security teams prioritize patching and vulnerability management efforts.
The CISA KEV catalog can also alert organizations to third-party risks – although by the time a vulnerability gets added to the database, it’s become an urgent problem requiring immediate attention. Third-party risk management (TPRM) solutions could provide earlier warnings about partner risk through audits and other tools.
Finally, software and application development teams should monitor CISA KEV additions to gain awareness of common software weaknesses that threat actors routinely target.
Take control of your vulnerability risk today — book a personalized demo to see how CISA KEV impacts your organization.
如有侵权请联系:admin#unsafe.sh