The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added several critical vulnerabilities affecting ASUS RT-AX55 routers, Craft CMS, and ConnectWise ScreenConnect to its Known Exploited Vulnerabilities catalog. These flaws have been exploited by threat actors, leading to remote code execution and persistent backdoors, emphasizing the need for immediate patching. #ASUSRT-AX55 #CraftCMS #ConnectWiseScreenConnect
Keypoints
- CISA has added multiple vulnerabilities to its KEV catalog, urging organizations to patch them.
- The ASUS RT-AX55 vulnerability CVE-2023-39780 is exploited by a botnet to establish backdoor SSH access.
- ConnectWise ScreenConnect flaw CVE-2025-3935 may have allowed remote code execution, impacting some customers.
- Threat actors exploited Craft CMS vulnerabilities CVE-2024-56145 and CVE-2025-35939 for malicious control and code injection.
- Federal agencies are ordered to fix these vulnerabilities by June 23, 2025, to reduce security risks.
Views: 22