CISA Adds 8 Exploited Vulnerabilities Affecting Cisco, Zimbra, TeamCity

The CISA KEV catalog has become a critical barometer for cyber‑risk management, aggregating vulnerabilities that threat actors are already exploiting in the wild. By adding eight new entries, the agency underscores the acceleration of exploit development cycles, where software flaws transition from discovery to active weaponization within months. This trend pressures security teams to shift from reactive patching to proactive threat‑intelligence integration, ensuring that vulnerability scanners are aligned with the KEV list to flag high‑impact issues before they are leveraged in ransomware or espionage campaigns.

Enterprises should pay particular attention to the highlighted flaws. The PaperCut authentication bypass (CVE‑2023‑27351) has been tied to the Lace Tempest group’s deployment of Cl0p and LockBit ransomware, demonstrating how a single flaw can fuel multi‑stage attacks. Similarly, the TeamCity path‑traversal (CVE‑2024‑27199) and the critical Quest KACE SMA authentication bug (CVE‑2025‑32975) expose both development pipelines and IT management consoles to unauthorized code execution. For organizations relying on Cisco’s SD‑WAN infrastructure, the trio of Cisco Catalyst vulnerabilities presents a clear escalation path—from file overwrite to credential exposure—necessitating immediate hardening of API controls and credential storage practices.

The federal remediation deadlines set by the Binding Operational Directive reinforce the urgency for all sectors. While agencies must patch by May 2026, private firms are advised to treat the KEV catalog as a de‑facto priority list, integrating its entries into change‑management workflows and automated patch‑deployment tools. Early remediation not only reduces compliance risk but also curtails the attack surface that adversaries continuously probe. As exploit techniques evolve, continuous monitoring of the KEV updates will remain essential for maintaining a resilient security posture.