{"id":624,"date":"2025-09-02T12:09:25","date_gmt":"2025-09-02T06:39:25","guid":{"rendered":"https:\/\/www.securis360.com\/blog\/?p=624"},"modified":"2026-02-17T13:33:39","modified_gmt":"2026-02-17T13:33:39","slug":"cisa-adds-one-known-exploited-vulnerability-to-catalog","status":"publish","type":"post","link":"https:\/\/securis360.com\/blog\/cisa-adds-one-known-exploited-vulnerability-to-catalog\/","title":{"rendered":"CISA Adds One Known Exploited Vulnerability to Catalog"},"content":{"rendered":"\n<p>The <strong>Cybersecurity and Infrastructure Security Agency (CISA)<\/strong> has once again updated its <strong>Known Exploited <a href=\"http:\/\/securis360.com\/vulnerability-assessment-and-penetration-testing-VAPT-solutions.shtml\">Vulnerabilities<\/a> (KEV) Catalog<\/strong>, highlighting an urgent security flaw that organizations must address. The newly added vulnerability, <strong>CVE-2025-57819<\/strong>, affects <strong>Sangoma FreePBX<\/strong> and allows <strong>authentication bypass<\/strong>, a flaw that can be exploited by malicious actors to gain unauthorized access.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>This update underscores the importance of proactive vulnerability management, especially since KEV Catalog entries represent vulnerabilities with <strong>confirmed active exploitation in the wild<\/strong>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">CVE-2025-57819: Sangoma FreePBX Authentication Bypass Vulnerability<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>Sangoma <strong>FreePBX<\/strong> is a widely used open-source platform that provides businesses with Voice-over-IP (VoIP) telephony solutions. The vulnerability identified as <strong>CVE-2025-57819<\/strong> involves an <strong>authentication bypass flaw<\/strong>, which attackers can exploit to gain unauthorized access to systems and potentially compromise sensitive communications data.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Since VoIP systems are often directly connected to enterprise networks, such vulnerabilities can serve as an entry point for larger intrusions, making them a <strong>prime target for cybercriminals<\/strong>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Why This Matters<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>Authentication bypass vulnerabilities are among the <strong>most dangerous attack vectors<\/strong> because they allow attackers to impersonate legitimate users without needing valid credentials. This can lead to:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unauthorized access to internal systems<\/li>\n\n\n\n<li>Theft of sensitive communications and data<\/li>\n\n\n\n<li>Potential pivoting into wider enterprise networks<\/li>\n\n\n\n<li>Disruption of telecommunication services<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p>The active exploitation of CVE-2025-57819 places both government agencies and private organizations at <strong>serious risk<\/strong> if timely remediation steps are not taken.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Role of CISA\u2019s KEV Catalog<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>The <strong>Known Exploited Vulnerabilities Catalog<\/strong> was created under <strong>Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/strong>. It serves as a <strong>living list<\/strong> of CVEs that have been proven to be actively exploited and pose a high risk to federal systems.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Under BOD 22-01, <strong>Federal Civilian Executive Branch (FCEB) agencies<\/strong> are mandated to remediate vulnerabilities listed in the KEV Catalog within a specified timeline. Failure to do so could leave federal networks exposed to ongoing cyberattacks.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>While the directive is specifically aimed at federal agencies, CISA strongly urges <strong>all organizations<\/strong>\u2014public and private\u2014to adopt the KEV Catalog as part of their <strong><a href=\"http:\/\/securis360.com\/vulnerability-assessment-and-penetration-testing-VAPT-solutions.shtml\">vulnerability management programs<\/a><\/strong>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Organizations Should Do Next<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>Organizations should treat KEV Catalog vulnerabilities as <strong>high-priority risks<\/strong> and act swiftly to mitigate them. Key steps include:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Patch Immediately<\/strong> \u2013 Apply the latest security updates for Sangoma FreePBX to close the authentication bypass loophole.<\/li>\n\n\n\n<li><strong>Implement Continuous Monitoring<\/strong> \u2013 Monitor systems for signs of suspicious logins or unusual activity.<\/li>\n\n\n\n<li><strong>Adopt Zero Trust Principles<\/strong> \u2013 Restrict access to sensitive systems even if attackers bypass authentication.<\/li>\n\n\n\n<li><strong>Review Incident Response Plans<\/strong> \u2013 Be prepared to respond quickly if indicators of compromise are detected.<\/li>\n\n\n\n<li><strong>Prioritize KEV Catalog Entries<\/strong> \u2013 Integrate KEV Catalog checks into vulnerability management cycles.<\/li>\n<\/ol>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Beyond Federal Agencies: Why Everyone Should Care<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>Although BOD 22-01 legally applies only to U.S. federal agencies, cybercriminals <strong>do not discriminate<\/strong> between government entities and private businesses. The same vulnerabilities exploited in federal systems can\u2014and often do\u2014impact enterprises of all sizes.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>By using the KEV Catalog as a reference point, organizations can ensure they are <strong>patching the most critical vulnerabilities first<\/strong>, reducing their risk exposure significantly.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p>The addition of <strong>CVE-2025-57819 (Sangoma FreePBX Authentication Bypass)<\/strong> to CISA\u2019s KEV Catalog is a reminder that even widely used business communication platforms can become gateways for attackers. Organizations that fail to act swiftly leave themselves exposed to <strong>credential-free intrusions, data theft, and service disruption<\/strong>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Proactive remediation and continuous monitoring are essential not only for federal agencies but for <strong>all businesses that value data security and resilience<\/strong>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>As CISA continues to update the KEV Catalog, security teams must stay alert, integrate these advisories into their <strong>patch management processes<\/strong>, and take timely action to defend against evolving cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Cybersecurity and Infrastructure Security Agency (CISA) has once again updated its Known Exploited Vulnerabilities (KEV) Catalog, highlighting an urgent security flaw that organizations must address. The newly added vulnerability, CVE-2025-57819, affects Sangoma FreePBX and allows authentication bypass, a flaw that can be exploited by malicious actors to gain unauthorized access. This update underscores the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":896,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/comments?post=624"}],"version-history":[{"count":1,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/624\/revisions"}],"predecessor-version":[{"id":897,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/posts\/624\/revisions\/897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media\/896"}],"wp:attachment":[{"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/media?parent=624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/categories?post=624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securis360.com\/blog\/wp-json\/wp\/v2\/tags?post=624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}