- CISA added four new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
- The affected software includes Multi-Router Looking Glass, PHPMailer, Ruby on Rails Action View, and Zimbra Collaboration Suite.
- Researchers identified active exploitation of two critical vulnerabilities in Citrix NetScaler ADC (CVE-2025-5777 and CVE-2025-6543).
- Attackers exploit the Citrix Bleed 2 flaw to leak sensitive information such as credentials and session tokens.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four software vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on July 8, 2025, after confirming they are under active exploitation. The affected products include Multi-Router Looking Glass (MRLG), PHPMailer, Ruby on Rails Action View, and Zimbra Collaboration Suite.
According to CISA, the newly listed vulnerabilities are: a buffer overflow in MRLG (CVE-2014-3931), a command injection in PHPMailer (CVE-2016-10033), a path traversal in Ruby on Rails Action View (CVE-2019-5418), and a server-side request forgery in Zimbra Collaboration Suite (CVE-2019-9621). These flaws allow various attacks such as remote code execution, memory corruption, sensitive file exposure, and unauthorized system access.
There are currently no public reports describing real-world exploit techniques for the first three vulnerabilities. However, CISA noted that CVE-2019-9621 in Zimbra was previously linked to a China-based group called Earth Lusca, which used it to install persistent threats like web shells and launch attack tools such as Cobalt Strike.
CISA recommends that all Federal Civilian Executive Branch agencies install official updates for affected products no later than July 28, 2025, to mitigate risk.
In a related development, security researchers from watchTowr Labs and Horizon3.ai released technical assessments of an ongoing campaign targeting Citrix NetScaler ADC through a flaw called Citrix Bleed 2 (CVE-2025-5777). Attackers are using this vulnerability to read memory directly, exposing items such as credentials and session tokens.
watchTowr CEO Benjamin Harris stated, “We’re seeing active exploitation of both CVE-2025-5777 and CVE-2025-6543 in the wild.” The vulnerability allows attackers to make crafted requests that reveal uninitialized memory data, which can include sensitive information. Horizon3.ai explained that each exploit attempt can disclose up to 127 bytes, and repeated attempts could eventually yield valuable data.
The flaw stems from an unsafe use of the “snprintf” function, which formats memory into responses based on user input.
These ongoing vulnerabilities highlight the need for organizations to regularly apply security updates and monitor advisories for emerging attack techniques.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Scammers Use Fake Elon Musk to Steal Millions in Crypto Fraud
- AI Models Sorted: 11 Out of 17 Land 100% in Ravenclaw House
- Citi Bank Boosts Nvidia Price Target, Sees 15% Upside on AI Demand
- Ethereum, Ripple, Solana and Cardano: Top Contenders for Next Bitcoin
- Holder Moves $10M Physical Bitcoin After 13 Years for Security
