CISA adds four known exploited vulnerabilities to catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation:
CVE-2019-19006 Sangoma reePBX Improper Authentication Vulnerability, CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability, CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability, CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.