The threat landscape continues to evolve rapidly and staying ahead of actively exploited vulnerabilities is key to effective cybersecurity defense. On September 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added five high-risk vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling urgent action for IT teams, SOC analysts, and vulnerability managers across sectors.
CVE-2021-21311: Adminer SSRF Vulnerability
Adminer is an open-source database management tool often deployed in web environments. This vulnerability is a server-side request forgery (SSRF) affecting versions from 4.0.0 to 4.7.8, especially those using the bundled adminer.php file. Attackers can exploit this flaw by tricking Adminer into issuing HTTP requests to internal resources. Successful SSRF attacks may allow reading internal files or sensitive data from backend services, posing a risk of data breaches or lateral movement. The issue is mitigated by updating to Adminer 4.7.9 or using single-driver versions.
CVE-2025-20352: Cisco IOS/IOS XE Buffer Overflow
This vulnerability is a stack-based buffer overflow in the SNMP subsystem of Cisco IOS and IOS XE. Exploitation involves sending specially crafted SNMP packets over IPv4 or IPv6 to devices with SNMP enabled. Attackers can trigger denial-of-service (DoS), or—if possessing higher privileged SNMP credentials—achieve remote code execution and total compromise of network hardware. Both Meraki and Catalyst switches are impacted. Cisco urges swift patching and recommends restricting SNMP access to trusted sources while monitoring actively for exploitation.
CVE-2025-10035: Fortra GoAnywhere MFT Deserialization
GoAnywhere MFT is a well-known enterprise managed file transfer platform. CVE-2025-10035 is a deserialization vulnerability within its License Response Servlet: attackers can submit a forged license response, leading to deserialization of attacker-controlled Java objects and ultimately remote code execution (RCE). File transfer solutions are high-value targets for ransomware and supply chain attacks; exploitation in the wild is probable if admin consoles are publicly reachable. Urgent patching and access restriction are critical.
CVE-2025-59689: Libraesva ESG Command Injection
Libraesva Email Security Gateway (ESG) suffers from improper input validation when processing compressed email attachments, resulting in command injection. Attackers can send malicious attachments to bypass protection and execute arbitrary OS-level commands, gaining unauthorized access or disrupting email defenses. This vulnerability may serve as a gateway for data exfiltration, lateral movement, or ransomware deployment. Libraesva ESG should be promptly patched and monitored for unexplained attachment processing behaviors.
CVE-2025-32463: Sudo chroot Privilege Escalation
This Linux and Unix vulnerability concerns the sudo command’s –chroot (-R) option. By creating a rogue /etc/nsswitch.conf within a user-specified root directory, local attackers can trick sudo into loading arbitrary shared libraries, escalating privileges to root. The bug affects sudo versions 1.9.14–1.9.17; patching to the latest version is required to prevent local compromise, particularly in multi-user or container-heavy environments[.
Why This Matters—and Guidance for Mitigation
These weaknesses target vital infrastructure across cloud, network, email, and authentication layers. Their inclusion in KEV is based on evidence of active exploitation, meaning adversaries are already leveraging these attack paths to breach organizations.
Recommended Defender Actions:
- Patch or upgrade affected software immediately according to vendor advisories.
- Apply configuration changes or mitigations if immediate patching is unfeasible.
- Restrict network access to sensitive management interfaces.
- Enhance monitoring and alerting for exploitation behaviors, especially targeting these CVEs.
Federal agencies must comply with Binding Operational Directive 22-01 timelines, but private sector organizations and critical infrastructure operators should treat these vulnerabilities with equal urgency.
