Federal Panic: Patch or Perish as CISA Flags Five Exploitable Vulnerabilities

The CISA Known Exploited Vulnerabilities catalog just got five new CVEs, including a Cisco routers flaw and a Win32k bug from 2018. Time to patch up! Federal agencies have until March 24 to fix these holes before threat actors make themselves at home.

3P
Published: March 4, 2025 10:34 amAdded: March 4, 2025 at 3:06 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, it looks like CISA is playing matchmaker with Uncle Sam and some neglected cybersecurity patches. Who knew vulnerabilities could have a shelf life longer than a Twinkie? Dust off those routers and servers, folks, because in the world of cybersecurity, it’s never too late for a little spring cleaning!

Key Points:

  • Five new vulnerabilities have been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
  • High-profile issues include a command injection vulnerability in Cisco routers and privilege escalation in Microsoft Windows Win32k.
  • Two vulnerabilities found in Hitachi Vantara Pentaho BA servers, one allowing server authorization bypass.
  • A path traversal vulnerability in Progress WhatsUp Gold network monitoring software also made the list.
  • Federal agencies have until March 24 to patch these vulnerabilities or face the wrath of CISA.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?