The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on December 17, 2025. The flaws affect Cisco Secure Email Gateway, SonicWall SMA 1000 series, and ASUS Live Update, enabling remote code execution, privilege escalation, and malicious code injection.
Details of the Vulnerabilities
- Cisco Secure Email Gateway RCE (CVE-2025-20393): Remote command execution in exposed management interfaces.
- SonicWall SMA 1000 Privilege Escalation (CVE-2025-40602): Chained exploits granting root access on appliances.
- ASUS Live Update Malicious Code (CVE-2025-59374): Embedded malicious code in outdated update tool (end-of-support December 2025).
Impact and Recommendations
- Enables remote compromise of network gateways and appliances
- Actively exploited in real-world attacks
- Apply vendor patches immediately (Cisco/SonicWall) or discontinue ASUS Live Update
- Restrict management interfaces to trusted networks
- Monitor for indicators of compromise on affected systems
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA Known Exploited Vulnerabilities Alert
Source and full details:
Read the full CISA alert here:
https://www.cisa.gov/news-events/alerts/2025/12/17/cisa-adds-three-known-exploited-vulnerabilities-catalog