top of page

CISA Adds Actively Exploited Vulnerabilities to KEV Catalog

  • Jun 3
  • 2 min read

Key Findings


  • CISA added two actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog requiring immediate remediation

  • CVE-2022-0492 affects Linux Kernel with CVSS 7.8, enabling privilege escalation and container escape attacks

  • CVE-2025-48595 targets Android 14 and later with CVSS 8.4, allowing arbitrary code execution with elevated privileges

  • Federal agencies must patch both vulnerabilities by June 5, 2026 under Binding Operational Directive 22-01

  • Both flaws are currently weaponized by threat actors in active attacks


Background


The Cybersecurity and Infrastructure Security Agency regularly tracks security vulnerabilities being actively exploited in the wild through its Known Exploited Vulnerabilities catalog. This list serves as a critical reference for defenders prioritizing patch deployment. Recently, CISA identified two new additions that pose immediate threats to both enterprise infrastructure and mobile endpoints. The agency mandates that Federal Civilian Executive Branch agencies address these flaws before established deadlines, with private sector organizations strongly encouraged to follow the same timeline.


Linux Kernel Namespace Isolation Bypass


CVE-2022-0492 represents a privilege escalation vulnerability in the Linux Kernel's cgroups v1 feature. The flaw exists in the cgroup_release_agent_write function within the subsystem code and carries a CVSS severity score of 7.8. Attackers exploit this by misusing the cgroups v1 release agent feature under specific operational conditions.


The vulnerability allows local attackers to escalate their privileges unexpectedly and bypass container namespace isolation boundaries entirely. This means adversaries can break out of containerized environments and gain direct access to the host system. Organizations running containerized workloads or cloud infrastructure using namespace isolation face significant risk if systems remain unpatched.


Android Framework Privilege Escalation


CVE-2025-48595 impacts Android devices running version 14 or later and represents a high-severity integer overflow vulnerability in the Android Framework. With a CVSS score of 8.4, the flaw allows local attackers to execute arbitrary code with elevated system privileges without requiring additional user permissions.


Google confirmed limited, targeted exploitation is already occurring in the wild. The June 2026 Android security update addresses this vulnerability alongside 123 other flaws across the mobile ecosystem. Organizations managing Android devices in corporate environments must deploy these patches urgently to prevent unauthorized system access.


Enforcement and Remediation Requirements


Federal agencies face strict compliance deadlines under Binding Operational Directive 22-01. All identified vulnerabilities must be remediated by June 5, 2026. These flaws represent frequent attack vectors used by malicious actors to gain initial system access and bypass security protections.


Private sector organizations should treat these deadlines as industry best practices rather than optional guidelines. Unpatched systems expose enterprise networks to severe operational disruption and unauthorized access to sensitive data. Prompt patching remains the most effective mitigation strategy against active exploitation campaigns.


Sources


  • https://securityonline.info/cisa-kev-actively-exploited-vulnerabilities/

  • https://securityaffairs.com/193067/security/u-s-cisa-adds-android-and-linux-kernel-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://securityaffairs.com/193027/security/u-s-cisa-adds-oracle-weblogic-flaw-to-its-known-exploited-vulnerabilities-catalog.html

  • https://www.cisa.gov/news-events/alerts/2026/06/01/cisa-adds-one-known-exploited-vulnerability-catalog

  • https://x.com/the_yellow_fall/status/2061993101330432383

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page