CISA Adds Critical Cisco, Chrome, and Arista Flaws to KEV Catalog

CISA expanded its Known Exploited Vulnerabilities Catalog with critical flaws in Cisco IOS XE (CVE-2025-20292), Google Chrome (CVE-2025-4782), and Arista EOS (CVE-2025-6114), all actively targeted by threat actors. The update urges organizations to patch promptly to reduce risks to network infrastructure and user systems.
CISA Adds Critical Cisco, Chrome, and Arista Flaws to KEV Catalog
Written by Juan Vasquez

The Cybersecurity and Infrastructure Security Agency recently expanded its catalog of known vulnerabilities that pose significant threats to federal networks by adding several high-profile security issues affecting products from Cisco, Google, and Arista Networks. This update to the agency's Known Exploited Vulnerabilities Catalog reflects ongoing efforts to prioritize remediation of flaws that adversaries have already begun targeting in real-world attacks.

The addition of these specific vulnerabilities underscores the persistent challenges organizations face in maintaining secure network infrastructure and web browsing environments. CISA's catalog serves as a critical resource for government agencies and private sector entities alike, highlighting bugs that have been confirmed as actively exploited by threat actors. By listing these issues, the agency aims to compel organizations to address them promptly rather than allowing them to linger as potential entry points for attackers.

Among the newly cataloged flaws is a command injection vulnerability in Cisco's IOS XE software, tracked as CVE-2025-20292. This particular weakness affects the web management interface of affected devices and could allow unauthenticated attackers to execute arbitrary commands with elevated privileges. Security researchers have observed multiple threat groups attempting to exploit this bug to gain persistent access to network equipment, often as part of larger campaigns targeting critical infrastructure. The vulnerability's inclusion in the catalog comes after evidence emerged showing its use in attacks against both government and commercial networks throughout late 2025 and early 2026.

Cisco has already released patches for this issue, but the company's advisory notes that many organizations have yet to apply the necessary updates. The flaw's severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System highlights its potential for widespread impact. Attackers can trigger the vulnerability by sending specially crafted HTTP requests to the device's management interface, bypassing normal authentication mechanisms in the process. Once exploited, the bug grants attackers shell access, enabling them to install backdoors, exfiltrate configuration data, or use the compromised device as a launchpad for further attacks within the network.

The catalog update also includes a high-severity flaw in Google's Chrome browser, identified as CVE-2025-4782. This use-after-free vulnerability in the browser's V8 JavaScript engine has been linked to multiple exploit chains observed in the wild. Threat actors, including state-sponsored groups, have incorporated this bug into watering hole attacks and malicious advertising campaigns designed to compromise users' systems without requiring any interaction beyond visiting a compromised website.

Google addressed the vulnerability through its regular Chrome update cycle, but the lag between patch availability and widespread adoption has created opportunities for attackers. The company's security team worked with external researchers to identify and mitigate the issue after detecting active exploitation attempts. This Chrome vulnerability represents a particularly concerning class of browser flaws because successful exploitation can lead to full system compromise, allowing attackers to bypass sandbox protections and access sensitive data stored on users' devices.

Organizations that rely heavily on Chrome for both employee productivity and customer-facing applications face heightened risks until all instances of the browser receive the security updates. The vulnerability's presence in the Known Exploited Vulnerabilities Catalog should prompt system administrators to verify that automatic update mechanisms are functioning correctly across their managed endpoints. Browser vulnerabilities like this one often serve as initial access vectors in sophisticated attack chains that eventually lead to ransomware deployment or intellectual property theft.

Arista Networks also finds its products featured in the latest catalog addition with CVE-2025-6114, a privilege escalation vulnerability affecting the company's EOS network operating system. This flaw impacts certain versions of the software running on Arista switches and routers commonly deployed in data centers and enterprise environments. The vulnerability allows authenticated users with limited privileges to elevate their access rights to administrator level, potentially compromising the entire network infrastructure under their control.

Security analysts have documented cases where insider threats and compromised accounts have exploited this weakness to modify network configurations, disable security controls, or redirect traffic for eavesdropping purposes. While the bug requires initial authentication, many organizations maintain legacy accounts with basic access levels that could be leveraged by attackers who have already breached perimeter defenses through other means. Arista has provided updated firmware versions that address the issue, though the complexity of updating core network equipment often delays implementation in production environments.

The timing of these additions to CISA's catalog coincides with increased scrutiny of supply chain risks and third-party software dependencies across federal agencies. Network equipment from vendors like Cisco and Arista forms the backbone of many government communications systems, making vulnerabilities in these products especially concerning from a national security perspective. Similarly, the ubiquity of Chrome across both personal and professional computing environments amplifies the potential reach of any successfully exploited browser vulnerability.

This latest catalog expansion brings the total number of tracked vulnerabilities to well over 1,000, with new entries being added on a regular basis as exploitation data becomes available. The catalog's criteria focus specifically on vulnerabilities that have been weaponized by threat actors rather than theoretical weaknesses that exist only in laboratory conditions. This distinction helps security teams focus their limited resources on the issues most likely to impact their environments in the immediate term.

Federal agencies receiving CISA directives must remediate cataloged vulnerabilities within specified timeframes, typically ranging from a few days for the most critical issues to several weeks for those deemed slightly less urgent. Noncompliance can result in formal reporting to oversight bodies and potential impacts on an agency's authority to operate its information systems. Private sector organizations are encouraged to follow the same remediation timelines as a best practice, though they face no direct regulatory enforcement from CISA regarding the catalog.

The inclusion of these particular vulnerabilities highlights several trends in contemporary cybersecurity threats. First, the continued targeting of network infrastructure components suggests that adversaries recognize the strategic value of controlling the underlying plumbing of digital communications. Compromised routers and switches provide attackers with unparalleled visibility into network traffic and the ability to maintain persistence even when endpoint detection tools flag suspicious activity.

Second, browser vulnerabilities remain a favored attack vector due to their potential to reach millions of users with minimal effort. As web-based applications continue to handle increasingly sensitive transactions, the stakes associated with client-side exploits grow correspondingly higher. The fact that sophisticated actors have already developed reliable exploits for this Chrome vulnerability indicates that the technical barriers to weaponizing such flaws continue to decrease.

Third, the persistence of privilege escalation vulnerabilities in network operating systems points to ongoing challenges in implementing least-privilege principles within complex enterprise environments. Many organizations struggle to balance operational requirements with security best practices, resulting in accounts that possess more access than necessary for their intended functions.

Security experts recommend several concrete steps organizations should take in response to these catalog additions. For Cisco devices, administrators should immediately audit their IOS XE deployments to identify any systems still running vulnerable versions. Where possible, they should implement the available patches and consider additional hardening measures such as restricting access to management interfaces through access control lists or moving management functions to dedicated out-of-band networks.

Chrome users and administrators should verify that all browser instances are receiving automatic updates and consider implementing enterprise policies that prevent users from disabling update mechanisms. Additional layers of protection, including web filtering solutions and endpoint detection tools capable of identifying exploit behavior, can provide defense in depth while patches are being deployed across large environments.

For Arista equipment, network teams should review user account privileges and implement multifactor authentication wherever feasible. The privilege escalation vulnerability becomes significantly less dangerous when attackers cannot easily obtain even limited access to affected systems. Regular firmware updates should be incorporated into change management processes to prevent similar issues from accumulating over time.

Beyond immediate remediation activities, these vulnerabilities serve as reminders of the need for comprehensive vulnerability management programs that extend beyond simply applying patches when they become available. Organizations should invest in continuous monitoring capabilities that can detect exploitation attempts even when patches have not yet been deployed. Such capabilities might include network traffic analysis tools looking for anomalous HTTP requests or behavioral monitoring systems that flag unusual command execution patterns.

The threat intelligence community has contributed significantly to CISA's understanding of these vulnerabilities through responsible disclosure practices and ongoing monitoring of underground forums where exploit code often first appears. This collaborative approach between researchers, vendors, and government agencies has proven essential in identifying which flaws require urgent attention amid the constant stream of newly discovered security issues.

As organizations work to address these latest additions to the catalog, they should also consider broader architectural changes that might reduce their exposure to similar vulnerabilities in the future. Network segmentation, zero-trust access models, and increased use of software-defined networking can all help limit the potential impact of any single compromised device or application. Similarly, moving toward browser architectures that further restrict the capabilities available to web content can make client-side exploits more difficult to execute successfully.

The addition of these Cisco, Chrome, and Arista vulnerabilities to CISA's Known Exploited Vulnerabilities Catalog represents more than just another bureaucratic update. It signals that real adversaries have developed and deployed functional exploits against these specific weaknesses, creating immediate risks for any organization whose systems remain unpatched. The coming weeks will likely see increased scanning activity targeting these flaws as both criminal and nation-state actors seek to capitalize on organizations that have not yet responded to the updated guidance.

Security teams would be wise to treat this catalog update as a call to action rather than simply another item to add to their already lengthy to-do lists. The difference between organizations that successfully weather current threat conditions and those that fall victim to compromise often comes down to their ability to rapidly identify and address exactly these types of actively exploited vulnerabilities. By maintaining visibility into their exposure to cataloged issues and treating remediation as a non-negotiable priority, enterprises and government agencies can substantially reduce their risk of becoming the next headline in a security breach report.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us