CISA Adds Magento and WSUS Vulnerabilities to KEV Catalog
Category:Vulnerabilities / Government
CISA has added two major vulnerabilities—CVE-2025-54236 (Adobe Commerce / Magento) and CVE-2025-59287 (Microsoft WSUS)—to its Known Exploited Vulnerabilities catalog. Agencies are required to patch by November 14, 2025, under BOD 22-01. Both issues are being actively exploited and pose severe threats to e-commerce and enterprise systems.
CORTEX Protocol Intelligence Assessment
Business Impact: These vulnerabilities enable remote code execution and account hijacking. Technical Context: CVE-2025-54236 (SessionReaper) impacts Magento REST API; CVE-2025-59287 affects WSUS deserialization. Combined exploitation could lead to cross-domain compromise.
Strategic Intelligence Guidance
- Ensure compliance with CISA’s KEV patch deadlines.
- Validate remediation for CVE-2025-54236 and CVE-2025-59287.
- Audit exposed services for residual vulnerability indicators.
- Integrate KEV updates into vulnerability management workflows.
CVEs
Vendors
Threats
Targets
Intelligence Source: U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog | Oct 25, 2025