Key Findings CISA added two actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog requiring immediate remediation CVE-2022-0492 affects Linux Kernel with CVSS 7.8, enabling privilege escalation and container escape attacks CVE-2025-48595 targets Android 14 and later with CVSS 8.4, allowing arbitrary code execution with elevated privileges Federal agencies must patch both vulnerabilities by June 5, 2026 under Binding Operational Directive 22-01 Both