CISA Flags Multiple Vulnerabilities Including Microsoft Power Pages, Adobe ColdFusion, and CVE-2025-27364 as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities catalog, including flaws in Microsoft Power Pages, Adobe ColdFusion (CVE-2017-3066), and Oracle Agile Product Lifecycle Management (CVE-2024-20953). These vulnerabilities are actively exploited, prompting CISA and the FBI to urge security teams to implement patches and segment their networks. Additionally, a zero-day vulnerability in Parallels Desktop has been reported, allowing for root privilege escalation. Other critical vulnerabilities, such as CVE-2024-56171 and CVE-2025-24928 in Libxml2, and CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279 in Mattermost, have also been flagged for their potential to expose systems to serious security threats, including remote code execution. The FBI has expressed concern over the 'Ghost' cyberattacks affecting organizations in over 70 countries, highlighting the urgency of addressing these security issues.