The US cybersecurity agency CISA has identified 1,484 vulnerabilities that have been exploited in the wild, with a significant increase in the Known Exploited Vulnerabilities list in 2025. Notable flaws include those exploited in ransomware attacks, such as CitrixBleed 2 and Oracle E-Business Suite, affecting multiple industries and security systems. #CISA #KEV #Ransomware #CVE2025 #CitrixBleed
Keypoints
- CISAβs KEV list has grown to 1,484 exploited vulnerabilities, including 245 added in 2025.
- Most of the vulnerabilities added in 2025 are new, but older flaws are still being exploited.
- The oldest vulnerability in the list dates back to 2002, involving privilege escalation in Windows systems.
- 24 vulnerabilities, including CitrixBleed 2 and Oracle flaws, are exploited by ransomware groups.
- Common attack vectors include OS command injection, path traversal, and code injection, impacting organizations globally.
Read More: https://www.securityweek.com/cisa-kev-catalog-expanded-20-in-2025-topping-1480-entries/