Skip to content

CISA Adds Known Exploited Vulnerabilities to Catalog - 20250304001

Overview

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.

What is the vulnerability?

Product(s) (Affected) CVE # CVSS v4/v3 Severity
Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2023-20118 7.2 High
Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability CVE-2022-43939 9.8 Critical
Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability CVE-2022-43769 7.2 High
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability CVE-2018-8639 7.8 High
Progress WhatsUp Gold Path Traversal Vulnerability CVE-2024-4885 9.8 Critical

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.

Recommendation

Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions.