Threat Advisory

CISA Flags Critical Fortinet and Microsoft Vulnerabilities in KEV Catalog

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day vulnerabilities, highlighting the urgency of proactive vulnerability management. The additions include CVE-2024-55591, an authorization bypass in Fortinet FortiOS allowing super-admin access, and three Microsoft Windows Hyper-V NT Kernel Integration vulnerabilities CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 enabling SYSTEM-level privilege escalation via heap-based buffer overflow and use-after-free exploits. Organizations must prioritize mitigation by applying fixes or discontinuing vulnerable products by the specified deadlines to reduce exposure to exploitation and enhance security resilience.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day vulnerabilities, highlighting the urgency of proactive vulnerability management. The additions include CVE-2024-55591, an authorization bypass in Fortinet FortiOS allowing super-admin access, and three Microsoft Windows Hyper-V NT Kernel Integration vulnerabilities CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 enabling SYSTEM-level privilege escalation via heap-based buffer overflow and use-after-free exploits. Organizations must prioritize mitigation by applying fixes or discontinuing vulnerable products by the specified deadlines to reduce exposure to exploitation and enhance security resilience.[emaillocker id="1283"]

 

  • CVE-2024-5559: It is a critical authorization bypass in Fortinet FortiOS, allowing unauthenticated attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module. Classified under CWE-288, it poses a severe threat to enterprise networks. Organizations should apply fixes or stop using affected versions. The CVSS score is 9.8.
  • CVE-2025-21333: It is a heap-based buffer overflow vulnerability in Microsoft Windows Hyper-V NT Kernel Integration VSP, allowing local attackers to escalate privileges to SYSTEM level. This critical flaw is classified under CWE-122 and presents a significant security risk. Organizations are advised to apply available patches or discontinue vulnerable versions. The CVSS score is 9.8.
  • CVE-2025-21334: It is a high-severity vulnerability in Windows Hyper-V's NT Kernel Integration Virtual Service Provider (VSP), assigned a CVSS v3.1 score of 7.8. This flaw allows local attackers with low privileges to elevate their access to SYSTEM-level permissions. Exploitation could lead to unauthorized access, data breaches, and system integrity compromises.
  • CVE-2025-21335: It is a high-severity vulnerability in Windows Hyper-V's NT Kernel Integration Virtual Service Provider (VSP), assigned a CVSS v3.1 score of 7.8. This flaw allows local attackers with low privileges to elevate their access to SYSTEM-level permissions. Exploitation could lead to unauthorized access, data breaches, and system integrity compromises.

Organizations must act swiftly to mitigate vulnerabilities listed in CISA's KEV catalog, particularly those affecting Fortinet and Microsoft Windows Hyper-V, to safeguard against potential exploits.

RECOMMENDATION:

  • We strongly recommend you update Windows products to below version:
  • For CVE-2025-21333 , download from here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333

  • For CVE-2025-21334 , download from here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334

  • For CVE-2025-21335 , download from here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335

REFERENCES:

The following reports contain further technical details: 
https://cybersecuritynews.com/cisa-adds-fortinet-and-microsoft-zero-day/

[/emaillocker]
crossmenu