CISA adds 4 exploited flaws
- The Cybersecurity and Infrastructure Security Agency on April 24 added four actively exploited bugs to its Known Exploited Vulnerabilities catalog, naming Samsung MagicINFO 9 Server, SimpleHelp, and D-Link DIR-823X devices. - The four CVEs are CVE-2024-7399, CVE-2024-57726, CVE-2024-57728, and CVE-2025-29635, and CISA set a May 8, 2026 remediation deadline for federal civilian agencies to fix or mitigate them. - KEV listings trigger Binding Operational Directive 22-01 deadlines for federal agencies and often shape patching priorities across private networks too. (cisa.gov)
CISA on April 24 added four newly exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, putting them on the federal government’s priority patch list. (cisa.gov) The additions are CVE-2024-7399 in Samsung MagicINFO 9 Server, CVE-2024-57726 and CVE-2024-57728 in SimpleHelp, and CVE-2025-29635 in D-Link DIR-823X routers. (cisa.gov) CISA’s catalog is the federal list of flaws that have been exploited in the wild, not just disclosed in theory. Under Binding Operational Directive 22-01, federal civilian executive branch agencies have to remediate listed bugs by the assigned due date. (cisa.gov 1) (cisa.gov 2) For all four vulnerabilities added on April 24, CISA set the same due date: May 8, 2026. That gives federal agencies 14 days to patch, mitigate, or discontinue use if fixes are unavailable. (cisa.gov) Two of the four entries hit SimpleHelp, a remote support platform used by information technology teams and managed service providers. One flaw lets low-privileged technicians create overpowered application programming interface keys and escalate to server administrator. (cisa.gov) The second SimpleHelp flaw is a path traversal bug, sometimes called a “zip slip,” that lets an administrator upload crafted files outside intended folders. CISA says that can lead to arbitrary code execution on the host running the SimpleHelp server. (cisa.gov) The Samsung entry covers MagicINFO 9 Server, software used to manage digital signage displays. CISA says the path traversal vulnerability can let an attacker write arbitrary files with system-level authority. (cisa.gov) (nvd.nist.gov) The D-Link entry covers CVE-2025-29635, a command injection flaw in DIR-823X routers. CISA says an authorized attacker can send a crafted POST request and execute arbitrary commands on the device. (cisa.gov) Akamai said this week that it saw active exploitation of CVE-2025-29635 in early March 2026 in honeypots, with a Mirai campaign targeting exposed D-Link devices. That public reporting landed days before CISA added the flaw to KEV. (akamai.com) (cisa.gov) CISA says the KEV catalog is meant to steer defenders toward the smaller set of vulnerabilities causing immediate harm. The agency says private companies, state and local governments, and other organizations should use the list to prioritize patching even though the federal deadline rule does not formally apply to them. (cisa.gov)
