CISA has added five significant vulnerabilities from Microsoft, Apple, and Oracle to its KEV catalog, highlighting ongoing threats to various systems. Notably, these include high-severity flaws exploited by ransomware groups such as CL0P and targeted at organizations like Harvard University and American Airlines. #CISAKEV #CL0Pransomware
Keypoints
- CISA added five vulnerabilities from Microsoft, Apple, and Oracle to its KEV list, indicating active threats.
- CVE-2022-48503 affects Apple products and allows arbitrary code execution through web content processing.
- CVE-2025-61884 is an Oracle SSRF vulnerability patched after exploitation campaigns, linked to CL0P ransomware activity.
- CL0P exploited CVE-2025-61882 for widespread extortion, affecting organizations like Harvard and American Airlines.
- Microsoftβs CVE-2025-33073 could allow attackers to gain SYSTEM privileges via SMB protocol manipulation.
Read More: https://thecyberexpress.com/cisa-microsoft-apple-oracle-vulnerabilities/