Cisa has added three new vulnerabilities to its catalog of known vulnerabilities, based on active operating evidence.
- CVE-2025-31200 Vulnerability of the corruption of memory of several Apple products
- CVE-2025-31201 Apple several arbitrary reading and vulnerability writing products
- CVE-2025-24054 Microsoft Windows NTLM Hash Hassih Disclosure Fulgorability Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber-actors and have significant risks for the federal enterprise.
Operational Liaison Directive (BOD) 22-01: Reduction of the significant risk of known vulnerabilities used has established the catalog of vulnerabilities exploited known as a living list of known vulnerabilities and common exhibitions (CVE) which include a significant risk for the federal enterprise. BOD 22-01 requires that federal civilian management agencies (FCEB) repair vulnerabilities identified by the due date to protect FCEB networks from active threats. See the BOD 22-01 information sheet for more information.
Although the BOB 22-01 only applies to FCEB agencies, the CISA strongly urges all organizations to reduce their exposure to cyber attacks by prioritizing the catalog vulnerabilities in the context of their vulnerability management practice. The CISA will continue to add vulnerabilities to the catalog which meets the specified criteria.
