CISA on March 5 added five vulnerabilities affecting Advantive VeraCore, Ivanti Endpoint Manager, Microsoft .NET Framework, and D-Link DIR-859 routers to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation in the wild. The agency said the additions were made under Binding Operational Directive 22-01, which requires Federal Civilian Executive Branch agencies to remediate listed flaws by specified deadlines.
According to CISA’s alert, the newly added vulnerabilities are CVE-2024-57968 and CVE-2025-25181 in Advantive VeraCore, CVE-2025-22467 in Ivanti Endpoint Manager, CVE-2025-24043 in Microsoft .NET Framework, and CVE-2024-0769 in D-Link DIR-859 routers. CISA described the VeraCore issues as unrestricted file upload and OS command injection bugs, the Ivanti issue as an absolute path traversal flaw, the Microsoft bug as an information disclosure vulnerability, and the D-Link issue as an operating system command injection vulnerability.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” — CISA alert, March 5, 2026
CISA set a remediation due date of March 26, 2026 for CVE-2024-57968, CVE-2025-25181, CVE-2025-22467, and CVE-2025-24043. The agency gave federal agencies until May 21, 2026 to remediate CVE-2024-0769 in D-Link DIR-859 routers.
Five exploited flaws affect enterprise software and edge hardware
The two VeraCore vulnerabilities affect warehouse management and fulfillment software used in supply-chain environments, while the Ivanti Endpoint Manager flaw impacts enterprise systems management deployments. The Microsoft .NET Framework issue broadens the KEV update beyond edge and appliance software, and the D-Link DIR-859 entry shows that internet-facing router weaknesses continue to make the catalog when exploitation is observed.
CISA’s bulletin does not provide exploitation details, indicators of compromise, or victim counts for the five additions. The agency instead directs defenders to the KEV catalog entry for each CVE and reiterates that all organizations should prioritize timely remediation of vulnerabilities listed as actively exploited.
The batch KEV update extends a pattern Cyberwarzone has already tracked in recent CISA activity, including the n8n remote code execution flaw that CISA added to the KEV catalog after active exploitation and broader coverage of high-impact vendor security updates affecting enterprise environments.
