The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with three new entries, all with evidence of active exploitation in the wild. The additions include vulnerabilities affecting Broadcom Brocade Fabric OS, Qualitia Active! Mail, and Commvault web servers, posing significant risks to federal and private sector networks alike1.
Executive Summary for Security Leadership
Federal agencies must remediate these vulnerabilities by their respective deadlines under Binding Operational Directive (BOD) 22-01, while private organizations are strongly urged to prioritize patching. The catalog now contains 1,323 entries as of 2025, with network devices and enterprise software accounting for 60% of recent additions2.
- CVE-2025-1976: Broadcom Brocade Fabric OS code injection (CVSS pending)
- CVE-2025-42599: Qualitia Active! Mail stack-based buffer overflow (CVSS pending)
- CVE-2025-3928: Commvault web server unspecified vulnerability (CVSS pending)
Technical Analysis of New Vulnerabilities
The Broadcom Brocade Fabric OS vulnerability (CVE-2025-1976) allows remote code execution through crafted input to the management interface. This affects SAN switching infrastructure commonly found in government data centers. Researchers have observed exploitation attempts targeting unpatched systems within 72 hours of CISA’s announcement3.
Qualitia’s Active! Mail vulnerability (CVE-2025-42599) stems from improper bounds checking in email message processing. Successful exploitation could lead to complete system compromise through specially crafted messages. The Commvault web server flaw (CVE-2025-3928) details remain unspecified, but historical patterns suggest potential authentication bypass or remote command execution vectors in the backup management interface1.
Remediation and Mitigation Strategies
Federal agencies must apply vendor-provided patches by the following deadlines:
| CVE | Vendor | Patch Status | Federal Deadline |
|---|---|---|---|
| CVE-2025-1976 | Broadcom | Available | 2025-05-15 |
| CVE-2025-42599 | Qualitia | Pending | TBD |
| CVE-2025-3928 | Commvault | Available | 2025-05-22 |
For organizations unable to immediately patch, CISA recommends network segmentation of affected systems and strict access controls. Monitoring for anomalous traffic patterns, particularly to management interfaces on TCP ports 22, 80, and 443, may detect exploitation attempts4.
Broader Threat Landscape Context
The KEV Catalog updates reflect ongoing trends in attacker behavior. Recent months have seen increased targeting of backup systems (Commvault), email infrastructure (Qualitia), and network management interfaces (Broadcom). These align with historical patterns where attackers prioritize systems with high-value data and persistent access opportunities5.
Notably, 42% of vulnerabilities added to the KEV Catalog in 2025 involve network infrastructure components, up from 35% in 2024. This shift suggests attackers are focusing on systems that provide lateral movement opportunities within enterprise environments2.
Conclusion
CISA’s latest KEV Catalog update highlights three vulnerabilities actively being exploited in the wild. While federal agencies have mandated remediation timelines, all organizations should prioritize these flaws given their active exploitation status. The inclusion of backup and email system vulnerabilities underscores the need for comprehensive patch management programs that extend beyond perimeter defenses.
Security teams should cross-reference these CVEs with their asset inventories and monitor vendor advisories for additional technical details. CISA’s catalog remains a critical resource for understanding attacker priorities and focusing remediation efforts1.
References
- “Known Exploited Vulnerabilities Catalog.” CISA, 17 Apr. 2025.
- “CISA Adds Three Known Exploited Vulnerabilities to Catalog.” CSIAC, Apr. 2025.
- “CISA Warns of Newly Exploited Vulnerabilities.” Cyble, 18 Apr. 2025.
- “CISA Warns of Newly Exploited Vulnerabilities.” Reddit/r/pwnhub, 17 Apr. 2025.
- “CISA Known Exploited Vulnerabilities Catalog Discussion.” Wilders Security Forums, Apr. 2025.
