<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog.</li><li>The vulnerabilities added to the catalog include Zyxel DSL CPE OS Command Injection and Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow.</li><li>The Zyxel flaw allows unauthenticated attackers to execute arbitrary commands, potentially leading to device takeover, data exfiltration, or network infiltration.</li><li>The two zero-day flaws in Microsoft Windows being actively exploited in the wild were addressed through security updates in February 2025.</li></ul>

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

Discover more