CISA Adds Actively Exploited Vulnerabilities in Google Chromium and Sierra Wireless to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174 affecting Google Chromium and an unspecified flaw in Sierra Wireless AirLink ALEOS. These vulnerabilities are actively being exploited in the wild, according to the source. CVE-2025-14174 pertains to Google Chromium, a widely used open-source web browser project. The source does not provide specific technical details or the impact of this vulnerability. However, given that Chromium serves as the foundation for many browsers, including Google Chrome, organizations using these products should prioritize patching. The unspecified flaw in Sierra Wireless AirLink ALEOS affects firmware used in cellular routers and gateways. These devices are often deployed in critical infrastructure and enterprise networks. The source does not provide specific technical details about this vulnerability. The source also mentions recent additions to the KEV catalog involving Microsoft Windows and WinRAR but does not provide specific CVE identifiers or technical details. This highlights the ongoing challenge of managing vulnerabilities in widely used software and the importance of timely patching and mitigation. The inclusion of these vulnerabilities in CISA's KEV catalog serves as a critical alert for organizations to prioritize patching and mitigation efforts. The active exploitation of these vulnerabilities underscores the importance of maintaining up-to-date systems and implementing robust security measures. From an expert perspective, vulnerabilities in widely deployed software and firmware present significant risks due to their broad attack surface. Organizations should ensure that they have effective patch management processes in place and regularly monitor for signs of exploitation. In conclusion, the addition of these vulnerabilities to CISA's KEV catalog emphasizes the ongoing threat posed by actively exploited flaws. Cybersecurity professionals are advised to apply the latest patches, conduct regular vulnerability assessments, and monitor network traffic for any signs of malicious activity related to these vulnerabilities.