U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
December 18, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

• CVE-2025-20393 (CVSS score of 10.0) Cisco Multiple Products Improper Input Validation Vulnerability
• CVE-2025-40602 (CVSS score of 6.6) SonicWall SMA1000 Missing Authorization Vulnerability
• CVE-2025-59374 (CVSS score of 9.3) ASUS Live Update Embedded Malicious Code Vulnerability

Cisco reported a December 10 campaign targeting certain Secure Email Gateway appliances with exposed ports, enabling attackers to…