The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has recently identified eight new vulnerabilities that are being actively exploited. Among these vulnerabilities, three affect the Cisco Catalyst SD-WAN Manager, indicating ongoing exploitation activities.
The vulnerabilities that have been added to the list include:
- CVE-2023-27351 – This vulnerability in PaperCut NG/MF allows attackers to bypass authentication on affected installations.
- CVE-2024-27199 – A relative path traversal flaw in JetBrains TeamCity that enables limited admin actions by attackers.
- CVE-2025-2749 – A path traversal vulnerability in Kentico Xperience that permits uploading of arbitrary data to relative locations.
- CVE-2025-32975 – An improper authentication issue in Quest KACE Systems Management Appliance (SMA) that allows impersonation of legitimate users.
- CVE-2025-48700 – A cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that leads to unauthorized access to sensitive information.
- CVE-2026-20122 – A vulnerability in Cisco Catalyst SD-WAN Manager that enables attackers to upload and overwrite files on the system.
- CVE-2026-20128 – A flaw in Cisco Catalyst SD-WAN Manager that allows gaining DCA user privileges.
- CVE-2026-20133 – An exposure of sensitive information issue in Cisco Catalyst SD-WAN Manager that permits viewing sensitive data on affected systems.
One of the vulnerabilities, CVE-2024-27198, affecting JetBrains TeamCity was added to the catalog earlier, but it is unclear if both vulnerabilities are being exploited together.
The exploitation of CVE-2023-27351 has been linked to Lace Tempest in connection with ransomware attacks.
Arctic Wolf has observed threat actors using CVE-2025-32975 to target unpatched SMA systems, although the exact objectives of the campaign are unknown.
CERT-UA has reported that threat actor UAC-0233 exploited vulnerabilities in ZCS to execute arbitrary code without user interaction, gaining access to sensitive information.
Cisco has acknowledged the exploitation of certain vulnerabilities in the Cisco Catalyst SD-WAN Manager and has urged agencies to address these issues promptly.
It is crucial for Federal Civilian Executive Branch agencies to address the Cisco vulnerabilities by specific deadlines to mitigate the risks associated with these exploits.
