The U.S. Cybersecurity and Infrastructure Security Agency has added two CVSS 9.8 vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The flaws are CVE-2017-7921, an improper authentication issue affecting Hikvision IP cameras and video surveillance products, and CVE-2025-1449, a path traversal vulnerability in Rockwell Automation ThinManager.
CISA added both flaws to the KEV catalog on March 6, 2026, which means Federal Civilian Executive Branch agencies must apply mitigations by March 26, 2026, or discontinue use of the affected products if fixes are unavailable. The requirement falls under Binding Operational Directive 22-01, which governs how federal agencies respond to vulnerabilities listed in KEV.
According to the advisory, CVE-2017-7921 can allow an attacker to bypass authentication on affected Hikvision devices. Reports of exploitation tied to the flaw surfaced months ago, and the issue has remained a concern because many vulnerable internet-exposed camera systems continued to be reachable after disclosure.
CVE-2025-1449 affects Rockwell Automation ThinManager and can allow attackers to access files on the underlying operating system via crafted input. The flaw impacts multiple ThinManager releases, and Rockwell has published remediation guidance for affected customers.
CISA’s latest KEV update follows other catalog additions Cyberwarzone has covered, including CISA adding two Roundcube flaws to the KEV catalog and the broader challenge of triaging and patching critical CVEs.
The inclusion of both issues in KEV signals that the flaws are not theoretical risks. CISA reserves the catalog for vulnerabilities with credible evidence of exploitation in the wild, and the list is widely used by defenders to prioritize patching and exposure reduction.
