CISA Adds Four New Vulnerabilities to Exploited List — What You Need to Patch Now

The Cybersecurity and Infrastructure Security Agency added four new vulnerabilities to their Known Exploited Vulnerabilities catalog this week. These are not theoretical threats. These are vulnerabilities being actively exploited in the wild right now. If you are responsible for security in your organization, you need to pay attention.

What Actually Happened

CISA maintains a catalog of vulnerabilities that are known to be exploited by threat actors. Being added to this list is a big deal. It means there is credible evidence that attackers are actively using these vulnerabilities to compromise systems. The four new additions cover some of the most widely deployed enterprise software in the world.

The first vulnerability affects Microsoft Exchange Server. It is a privilege escalation bug that allows an attacker with limited access to gain administrative privileges. Exchange servers are high-value targets because they contain email, which is often the keys to the kingdom for further attacks.

The second vulnerability is in Cisco IOS XE Web UI. This is a remote code execution flaw that allows unauthenticated attackers to execute arbitrary commands on affected devices. Cisco networking equipment is everywhere. A vulnerability here has massive blast radius potential.

The third vulnerability targets JetBrains TeamCity. This is an authentication bypass that allows attackers to gain administrative access to CI/CD servers. TeamCity is used by development teams to build and deploy software. Compromising a CI/CD server is a devastating attack vector because it allows attackers to poison software builds.

The fourth vulnerability is in VMware vCenter Server. It is a file upload vulnerability that allows remote code execution. vCenter manages virtualized infrastructure. If you compromise vCenter, you compromise every virtual machine it manages.

Why This Matters for Small Teams

You might think these vulnerabilities only matter for large enterprises with dedicated security teams. You would be wrong. Attackers do not discriminate by company size. They run automated scans looking for vulnerable systems across the entire internet. If your system is vulnerable and exposed, you will be found.

Small teams are actually more vulnerable because they lack the resources to monitor threat intelligence and respond quickly. While enterprises have security operations centers watching for these alerts, small teams might not hear about the vulnerability until it is too late.

The economics of attacks favor automation. An attacker can write a script that scans the entire internet for vulnerable systems in hours. When found, automated exploitation follows. The cost to attack is near zero. The cost to you if you are compromised can be business-ending.

What You Should Do

Check your inventory. Do you run any of the affected products? Be honest. Many teams forget about systems that were set up years ago and have been running untouched since. Check your network. Check your cloud accounts. Check with your team.

Patch immediately. For three of these four vulnerabilities, patches have been available for weeks. The only reason they are on CISA's list is because people have not applied them. Do not wait for your next maintenance window. Patch now.

Check for compromise. If you are running Exchange or VMware vCenter and have not patched, assume you might be compromised. Look for indicators of compromise. Check for unauthorized users, unexpected processes, or unusual network traffic. When in doubt, rebuild from known-good backups.

Review your exposure. If you have to run these products, make sure they are not exposed to the internet unnecessarily. Use VPNs. Use jump boxes. Use zero-trust access controls. Every service exposed to the internet is a potential entry point.

The Bigger Picture

CISA's KEV catalog is a valuable resource that too few teams monitor. Subscribe to their alerts. Make it someone's responsibility to review new additions weekly. The 15 minutes you spend reviewing the catalog could save you from a devastating breach.

Security is not a one-time effort. It is a continuous process of monitoring, patching, and improving. These vulnerabilities will not be the last. The question is whether you will be ready for the next one.