Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, impacting key enterprise and consumer products from Oracle, Microsoft, Apple, and Kentico.
These vulnerabilities — ranging from authentication bypass to remote code execution — are confirmed to be actively exploited and/or present a heightened risk of exploitation.
CISA has directed all federal civilian executive branch (FCEB) agencies to apply vendor mitigations by November 10. Private organizations are strongly encouraged to follow the same timeline to minimize exposure and prevent potential attacks.
Brief Overview of CISA’s Latest Known Exploited Vulnerabilities (KEV)
| CVE ID | Vendor | Product | Vulnerability Type | CWE | Due Date |
| CVE-2025-61884 | Oracle | E-Business Suite | Server-Side Request Forgery (SSRF) | CWE-918 | Nov 10, 2025 |
| CVE-2025-33073 | Microsoft | Windows SMB Client | Improper Access Control | CWE-284 | Nov 10, 2025 |
| CVE-2025-2747 | Kentico | Xperience CMS | Authentication Bypass (Alternate Path) | CWE-288 | Nov 10, 2025 |
| CVE-2025-2746 | Kentico | Xperience CMS | Authentication Bypass (Alternate Path) | CWE-288 | Nov 10, 2025 |
| CVE-2022-48503 | Apple | macOS, iOS, tvOS, watchOS, Safari | Arbitrary Code Execution via JavaScriptCore | — | Nov 10, 2025 |
Key Vulnerabilities
Oracle E-Business Suite – CVE-2025-61884
A server-side request forgery (SSRF) vulnerability affects the Runtime component of Oracle Configurator within Oracle E-Business Suite. The flaw is remotely exploitable without authentication, allowing attackers to manipulate internal resources or exfiltrate sensitive data through crafted HTTP requests.
Impact: Unauthenticated attackers can exploit internal network connections or escalate attacks against backend services, resulting in data leakage or internal system compromise.
Mitigation: Oracle has released a security alert addressing this issue. Apply the latest patch immediately to prevent exploitation.
Related CWE: CWE-918 (Server-Side Request Forgery)
Microsoft Windows SMB Client – CVE-2025-33073
A privilege escalation vulnerability in Microsoft Windows SMB Client stems from improper access control mechanisms. Attackers can exploit this flaw by sending a crafted script that forces a victim system to authenticate against a malicious SMB server, potentially exposing credentials or system access.
Impact: The vulnerability could allow remote code execution or lateral movement within enterprise networks, making it a prime target for post-exploitation campaigns.
Mitigation: Apply Microsoft’s security update as soon as possible. Restrict outbound SMB connections and disable SMBv1 where not required.
Related CWE: CWE-284 (Improper Access Control)
Kentico Xperience CMS – CVE-2025-2746 & CVE-2025-2747
Two authentication bypass vulnerabilities affect Kentico Xperience CMS, both leveraging alternate path or channel exploitation. Attackers can use these flaws to gain unauthorized administrative control of CMS instances.
Impact: Successful exploitation may allow unauthenticated attackers to take over CMS administrative interfaces, alter configuration settings, and manipulate hosted content — severely impacting website integrity.
Mitigation: Kentico has issued hotfixes to address both vulnerabilities. Apply updates immediately and review administrative access permissions.
Related CWE: CWE-288 (Authentication Bypass Using an Alternate Path or Channel)
Apple macOS, iOS, tvOS, watchOS, and Safari – CVE-2022-48503
An unspecified vulnerability in the JavaScriptCore engine used by Apple’s ecosystem (macOS, iOS, tvOS, watchOS, and Safari) could enable arbitrary code execution when processing malicious web content.
Apple’s security advisories indicate that some affected products are now end-of-life (EoL) or end-of-service (EoS), meaning users of unsupported systems remain permanently vulnerable.
Impact: Attackers could achieve complete system compromise on outdated Apple devices via maliciously crafted web pages.
Mitigation: Refer to Apple’s official advisories (HT213340, HT213341, HT213342, HT213345, HT213346) and immediately update to supported versions or discontinue use of deprecated devices.
Recommendations
To mitigate the risks associated with these KEV-listed vulnerabilities, organizations should:
- Apply Vendor Patches Immediately: Implement updates from Oracle, Microsoft, Kentico, and Apple to close exploitable gaps.
- Audit Unsupported Systems: Identify and retire any EoL Apple devices or software that no longer receive patches.
- Harden SMB and Web Configurations: Restrict outbound SMB connections, enforce HTTPS, and disable outdated protocols.
- Review Access Controls: Verify administrator permissions in Kentico and restrict access to management interfaces.
- Implement Continuous Monitoring: Use SIEM and EDR tools to detect abnormal SMB connections, SSRF attempts, or web-based exploit activity.
- Follow BOD 22-01 Requirements: FCEB agencies must ensure full compliance before November 10, 2025; private entities should adopt similar timelines.
- Maintain Asset Visibility: Keep a current inventory of systems and regularly assess them for exposure to known exploited vulnerabilities.
Conclusion
CISA’s latest additions to the KEV catalog highlight how quickly vulnerabilities across widely used enterprise products become leveraged in real-world attacks. With exploitation timelines shrinking, proactive patching and vigilant monitoring remain the most effective defense against ransomware and privilege escalation campaigns.
