CISA Adds Two New Vulnerabilities to KEV Catalog: Urges Organizations to Act Swiftly

2nd July 2025, Kathmandu

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog on July 1, 2025, by adding two new vulnerabilities that pose significant threats to public and private sector cybersecurity.

Newly Added CVEs in CISA’s KEV Catalog

Based on verified evidence of active exploitation, CISA has listed the following Common Vulnerabilities and Exposures (CVEs):

CVE-2025-48927 – TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

CVE-2025-48928 – TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

Both vulnerabilities are being actively targeted by cybercriminals and represent frequent attack vectors that can compromise critical systems if not remediated immediately.

Why These Vulnerabilities Matter?

These TeleMessage TM SGNL vulnerabilities allow unauthorized access to sensitive data and infrastructure due to insecure configurations and improper resource handling. Exploiting such flaws enables attackers to bypass security measures, extract confidential information, and potentially gain control over enterprise environments.

CISA warns that these vulnerabilities pose high risks to the federal enterprise and must be prioritized for remediation.

Binding Operational Directive (BOD) 22-01

The addition of these CVEs falls under the scope of Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, which mandates Federal Civilian Executive Branch (FCEB) agencies to:

Continuously monitor CISA’s KEV Catalog.

Remediate listed vulnerabilities by their assigned due dates.

Strengthen federal cybersecurity posture by defending against real-time threats.

Read the BOD 22-01 Fact Sheet for more information.

CISA’s Advisory for All Organizations

While BOD 22-01 is only mandatory for FCEB agencies, CISA strongly encourages all public and private organizations—regardless of size or sector—to:

Continuously monitor CISA’s KEV Catalog.

Prioritize immediate remediation of high-risk CVEs.

Integrate KEV-based patching into their broader vulnerability management strategies.

Neglecting to address actively exploited vulnerabilities can lead to data breaches, system compromise, and significant operational disruptions.

What Organizations Should Do Next?

Identify vulnerable systems running TeleMessage TM SGNL software.

Apply vendor patches or mitigation steps as soon as possible.

Review internal security policies and align with BOD 22-01 guidelines, even if not mandated.

Regularly audit systems to detect and respond to known and emerging threats.

CISA will continue to expand the KEV Catalog as new vulnerabilities meet the defined criteria. Proactive organizations should subscribe to CISA alerts and monitor updates regularly.

About the KEV Catalog

The KEV Catalog is a dynamic, publicly available list of Common Vulnerabilities and Exposures that have been proven to be actively exploited in the wild. It serves as a high-priority checklist for security teams aiming to reduce exposure and prevent breaches through the timely remediation of known threats.

Access the KEV Catalog: CISA Known Exploited Vulnerabilities Catalog

Final Thoughts

The addition of CVE-2025-48927 and CVE-2025-48928 to CISA’s Known Exploited Vulnerabilities Catalog is a crucial reminder that cyber threats are constantly evolving. Organizations must stay vigilant, act swiftly, and adopt a proactive cybersecurity posture to protect their infrastructure and users.

Implementing CISA-recommended best practices, including real-time patching and threat monitoring, is not just about compliance—it’s about resilience and long-term protection.

For more: CISA Known Exploited Vulnerabilities Catalog