The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) catalog by listing critical flaws in SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS. Federal agencies are required to address these vulnerabilities by November 4, 2025.
Critical Vulnerabilities Listed
The SKYSEA Client View vulnerability, present in versions up to 11.221.03, allows remote code execution through improper authentication in TCP connections. In Rapid7 Velociraptor, incorrect default permissions in the Admin.Client.UpdateClientConfig artifact enable arbitrary command execution by unauthorized users.
Microsoft Windows is also affected, with two actively exploited zero-days: CVE-2025-24990 in the Agere Modem Driver and CVE-2025-59230 in RasMan, both leading to privilege escalation. Microsoft plans to eliminate the vulnerable driver to mitigate these threats.
Impact and Recommendations
Another critical issue is found in IGEL OS, affecting versions prior to 11 and identified as CVE-2025-47827. This Secure Boot bypass allows kernel-level rootkits to compromise systems, primarily through physical access. Such vulnerabilities pose significant risks, enabling extensive access and control over affected systems.
CISA mandates that federal entities must rectify these issues by the designated deadline. In addition, cybersecurity experts strongly advise private organizations to assess and address these vulnerabilities to prevent potential exploitation.
