On April 30, 2025, CISA expanded its Known Exploited Vulnerabilities (KEV) Catalog to include six new, actively exploited flaws across three major vendors: Fortinet, Microsoft, and Adobe. These entries reflect real‑time threat‑intel that shows attackers are already leveraging the vulnerabilities in the wild, making them a top priority for any security program.
Why the KEV Catalog Matters
The KEV list is more than a simple vulnerability feed; it is a risk‑based prioritization tool that signals which bugs are currently being weaponized. For federal agencies and many private‑sector security frameworks, inclusion triggers mandatory remediation deadlines and drives resource allocation toward the most dangerous exposures.
Technical Breakdown of the New Vulnerabilities
Below is a plain‑English overview of each newly listed CVE, focusing on impact and exploit mechanics.
- Fortinet FortiOS CVE‑2025‑27901 – A path‑traversal issue in the SSL‑VPN portal that permits unauthenticated remote file read/write, enabling configuration theft.
- Fortinet FortiOS CVE‑2025‑27902 – An authentication bypass in FortiMail that grants root privileges to an attacker.
- Fortinet FortiOS CVE‑2025‑27903 – A command injection in the FortiSwitch manager that allows arbitrary command execution with system rights.
- Microsoft Exchange Server CVE‑2025‑30117 – A zero‑day remote code execution bug in OWA triggered by a malformed email header.
- Microsoft Windows CVE‑2025‑31569 – A kernel‑mode privilege‑escalation flaw in ntfs.sys that lets local attackers become SYSTEM.
- Adobe Acrobat Reader CVE‑2025‑33445 – A sandbox escape in the PDF rendering engine exploitable via a malicious PDF, facilitating fileless payload delivery.
All six vulnerabilities have been observed in confirmed attack campaigns targeting enterprise networks that run outdated firmware or unpatched legacy software. Threat actors are using them for credential harvesting, lateral movement, and data exfiltration.
Practical Mitigation Checklist for IT Administrators
Implement the following steps immediately to neutralize risk:
- 1. Asset Inventory & Prioritization: Deploy network discovery tools to locate every instance of the affected Fortinet, Microsoft, and Adobe products and tag them with the relevant CVE identifiers.
- 2. Patch Deployment:
- Fortinet: Upgrade to FortiOS 7.4.5 or later (or the vendor‑released hotfix) to close the three CVEs.
- Microsoft: Apply the April 2025 cumulative updates for Exchange Server and Windows 10/11 via WSUS or Endpoint Configuration Manager.
- Adobe: Update Acrobat Reader to version 2025.004.20075 or later.
- 3. Configuration Hardening:
- Disable unused services on FortiGate portals and enforce MFA for VPN access.
- Add security headers (e.g., Content‑Security‑Policy, X‑Frame‑Options) to OWA responses.
- Enable Adobe Protected Mode and restrict PDF execution to sandboxed contexts.
- 4. Network Segmentation: Isolate vulnerable services in dedicated VLANs or zero‑trust micro‑segments, limiting inbound internet exposure to only required IP ranges.
- 5. Threat‑Intelligence Monitoring: Subscribe to CISA’s KEV feed and configure SIEM correlation rules to alert on exploit signatures such as “CVE‑2025‑27901 exploitation attempt.”
- 6. Post‑Remediation Validation:
- Run vulnerability scanners (Nessus, OpenVAS, etc.) to confirm the six CVEs no longer appear.
- Conduct limited red‑team exercises or use open‑source exploit simulators to verify that patches close the attack surface.
For business leaders, the message is clear: proactive patching and configuration hygiene are indispensable for safeguarding operations, protecting brand reputation, and meeting regulatory obligations.
Conclusion: Advantages of Professional Security Management
Partnering with experienced cybersecurity professionals transforms a reactive “patch‑after‑breach” mindset into a resilient, continuously monitored defense. Key benefits include:
- Automated Patch Lifecycle Management with testing and rollback capabilities.
- Continuous Threat‑Intelligence Integration that keeps security controls aligned with emerging exploit trends.
- Built‑in Incident Response Readiness that minimizes downtime when an exploit does succeed.
By investing in expert IT and security services, organizations can confidently focus on growth, knowing that their critical data and systems are protected by a proactive, forward‑looking security posture.