CISA Adds Two High-Severity Vulnerabilities to Known Exploited Vulnerabilities Catalog

On April 21, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States added two high-severity security vulnerabilities to its catalog of known exploited vulnerabilities (KEV) due to evidence of active exploitation. The vulnerabilities affect Broadcom Brocade Fabric OS and Commvault Web Server. The first, CVE-2025-1976, is a code injection vulnerability with a CVSS score of 8.6.