<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog.</li><li>Two CVEs related to GeoVision Devices OS Command Injection Vulnerability with high CVSS scores (9.8) have been exploited by attackers, impacting certain EOL GeoVision devices.</li><li>The vulnerabilities have been used by a botnet for DDoS or cryptomining attacks, with around 17,000 Internet-facing GeoVision devices vulnerable to one of the CVEs.</li><li>CISA issued a directive for federal agencies to address the vulnerabilities by May 28, 2025, and experts advise private organizations to review and fix vulnerabilities in their infrastructure.</li></ul>

U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog

Discover more