CISA Adds Three Security Flaws to Known Exploited Vulnerabilities Catalog

On June 25, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States added three security vulnerabilities to its catalog of known exploited vulnerabilities (KEV) due to evidence of active exploitation. The vulnerabilities affect AMI MegaRAC, the D-Link DIR-859 router, and Fortinet FortiOS. Technical details include the flaw CVE-2024-54085, with a CVSS score of 10.0, which allows for authentication bypass through spoofing.