The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding newly identified security flaws affecting the Linux kernel and Android operating system. In addition, the agency recently included vulnerabilities impacting Windows Shell and ConnectWise ScreenConnect.
The latest entries in the KEV catalog include:
- CVE-2022-0492 (CVSS score: 7.0) – a Linux kernel vulnerability involving improper authentication
- CVE-2025-48595 (CVSS score: 8.4) – an integer overflow flaw within the Android Framework
The Linux kernel issue, CVE-2022-0492, allows a malicious actor to break out of a containerized environment and execute arbitrary commands directly on the host system. This vulnerability stems from a privilege escalation weakness in the Linux kernel's control groups (cgroups) feature, which is designed to allocate and manage system resources such as CPU, memory, disk I/O, and network usage across groups of processes.
More specifically, the flaw exists in the cgroups v1 release_agent mechanism, which is triggered when a process within a group terminates. Due to inadequate access controls in the implementation, attackers with local access can exploit this feature to gain elevated (root-level) privileges on the system. The vulnerability was originally identified by security researchers Yiqi Sun and Kevin Wang.
The second vulnerability, CVE-2025-48595, affects devices running Android versions 14, 15, 16, and Android 16 QPR2. According to Google’s Android Security Bulletin, the flaw is caused by an integer overflow condition that may enable arbitrary code execution and privilege escalation. An attacker could leverage this issue to obtain elevated system access without requiring prior special permissions.
Google has acknowledged that there are signs this Android vulnerability is already being exploited in real-world attacks, although the activity appears to be limited and highly targeted. The advisory notes that the exploitation is not widespread but remains a serious concern.
In line with Binding Operational Directive (BOD) 22-01, which focuses on mitigating risks associated with known exploited vulnerabilities, all Federal Civilian Executive Branch (FCEB) agencies are required to remediate these issues within the specified timeframe. Addressing these vulnerabilities promptly is critical to safeguarding federal networks from active threats.
CISA has set a remediation deadline of June 5, 2026, for federal agencies to patch the identified flaws. In addition, cybersecurity professionals strongly encourage private-sector organizations to review the KEV catalog regularly and apply necessary updates to reduce their exposure to active exploits.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
