The US Cyber Security and Infrastructure Security Agency (CISA) on Monday added four security flaws to its known exploited weaknesses (KEV) catalogs, cited evidence of active exploitation in the wild.
The list of flaws is as follows –
- Cve-2014-3931 (CVSS Score: 9.8) – A buffer overflow vulnerability in multi -router looking glass (MRLG) that can cause remote attackers to cause an arbitrary memory right and memory corruption to corruption.
- Cve-2016-10033 ,
- Cve-2019-5418 (CVSS Score: 7.5) – A path traversal vulnerability in ruby on the action view of the rail that can highlight the content of arbitrary files on the file system of the target system
- Cve-2019-9621 ,
Currently there is no public report on how the first three weaknesses are being exploited in real -world attacks. On the other hand, misuse of CVE-2019-9621, a threat-fed actor by Trend Micro was known as Prithvi Laska in September 2023, which was abandoned by web shell and cobalt strikes.
In light of active exploitation, the federal civil executive branch (FCB) agencies are recommended to apply the required updates by July 28, 2025 to secure their network.
Technical details of Citrix bleed 2 out
This development comes in the form of Watchtower Labs and Horizon.
“We are both watching the active exploitation of both CVE-2025-5777 and CVE-2025-6543,” told Hacar News, Watchtower CEO Benjamin Harris. “This vulnerability allows memory to read the memory, which we believe that attackers are using sensitive information (for example, information sent within http requests that are then processed in-memory), credentials, valid Citrix sessions tokens, and more.”
Conclusions show that regardless of success or failure, it is possible to send a login request at the “/p/doOuthentication.do” closing point to reflect the login value presented by the user in response and the reason (and blames other closing points).
Horizon.
The deficiency, explained by the Watchtower, stems from the use of the SNPRINTF function, with a format string with “%.*S” format.
” %.*The format tells SNPRINTF: ‘Print the characters, or stop at the first disabled byte (\\ 0) – whatever comes first.’ This zero byte eventually appears somewhere in the memory, so when the leak does not last indefinitely, you still get a handful of bytes with each call, “the company said.
“So, every time you hit that endpoint without any =, you draw more uninitialized stack data in response. Repeat it enough time, and eventually, you can get down on something valuable.”
