Five Known‑Exploited Vulnerabilities Added to CISA KEV Catalog (CVE‑2025‑31277, CVE‑2025‑32432, CVE‑2025‑43510, CVE‑2025‑43520, CVE‑2025‑54068) Threaten Enterprise Software
What It Is – The Cybersecurity and Infrastructure Security Agency (CISA) announced that five CVEs have been added to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild. The flaws span Apple’s macOS/iOS stack, the Craft CMS platform, and the Laravel Livewire PHP component.
Exploitability – All five vulnerabilities are being actively leveraged by threat actors; proof‑of‑concept exploits have been observed in the wild. CVSS scores range from 7.5 to 9.8, indicating high to critical severity.
Affected Products –
- Apple macOS, iOS, iPadOS (CVE‑2025‑31277, CVE‑2025‑43510, CVE‑2025‑43520) – buffer overflow and improper locking bugs.
- Craft CMS (CVE‑2025‑32432) – remote code injection via crafted content.
- Laravel Livewire (CVE‑2025‑54068) – server‑side code injection through component rendering.
TPRM Impact – These flaws are common entry points for supply‑chain compromise, ransomware deployment, and data exfiltration. Organizations that embed any of the affected components in their products or services inherit the risk, potentially exposing downstream customers and partners.
Recommended Actions –
- Prioritize patching of all listed products within the CISA‑mandated remediation window.
- Conduct an inventory of any third‑party applications that embed Apple frameworks, Craft CMS, or Laravel Livewire and verify they are up‑to‑date.
- Deploy compensating controls (e.g., WAF rules, application sandboxing) for systems that cannot be patched immediately.
- Update vulnerability management policies to include continuous monitoring of the CISA KEV Catalog.
Source: CISA Advisory – March 20 2026