CISA Adds Exploited XWiki and VMware Flaws to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in XWiki and VMware to its Known Exploited Vulnerabilities (KEV) catalog. This action highlights the critical nature of these vulnerabilities, as they are known to be actively exploited in the wild. Specifically, Broadcom has updated its advisory on CVE-2025-41244 to indicate that attackers are actively exploiting this flaw. XWiki, an open-source wiki software, and VMware, a leading virtualization and cloud computing provider, are both widely used in enterprise environments, making these vulnerabilities particularly concerning. The exploitation of these vulnerabilities can lead to severe consequences such as remote code execution, privilege escalation, and unauthorized access to sensitive data. Organizations are strongly advised to prioritize patching these vulnerabilities to mitigate the risk of exploitation. This development underscores the importance of maintaining a robust vulnerability management program and staying informed about emerging threats through reliable sources like CISA's KEV catalog. Cybersecurity professionals should ensure that their organizations have processes in place to quickly respond to new vulnerabilities and apply necessary patches or mitigations. Additionally, implementing defense-in-depth strategies can help protect against various types of attacks, even if some vulnerabilities remain unpatched.