CISA Adds Critical Security Flaws to Known Exploited Vulnerabilities Catalog

On June 23, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States added two critical security vulnerabilities to its catalog of known exploited vulnerabilities (KEV) due to evidence of active exploitation. The vulnerabilities affect Erlang/Open Telecom Platform (OTP) SSH and Roundcube. The first vulnerability, CVE-2025-32433, has a CVSS score of 10.0 and is due to missing authentication for a critical function. The specific details of the second vulnerability are not mentioned in the article. These additions aim to alert organizations to potential risks and encourage immediate remediation measures.