CISA Adds Four Actively Exploited Vulnerabilities (CVE‑2024‑7399, CVE‑2024‑57726, CVE‑2024‑57728, CVE‑2025‑29635) to KEV Catalog – Immediate Remediation Required
What It Is – The Cybersecurity & Infrastructure Security Agency (CISA) announced that four CVEs have been added to its Known Exploited Vulnerabilities (KEV) catalog. The flaws affect Samsung MagicINFO 9 Server (path traversal), SimpleHelp (missing authorization and path traversal), and D‑Link DIR‑823X router (command injection).
Exploitability – All four vulnerabilities are confirmed to be under active exploitation in the wild. No public proof‑of‑concept is required; threat actors are already leveraging them. CVSS scores range from 7.5 to 9.8, indicating high to critical severity.
Affected Products –
- Samsung MagicINFO 9 Server (digital signage management) – CVE‑2024‑7399
- SimpleHelp remote‑support suite – CVE‑2024‑57726 (auth bypass) & CVE‑2024‑57728 (path traversal)
- D‑Link DIR‑823X Wi‑Fi router – CVE‑2025‑29635 (command injection)
TPRM Impact – Vendors that embed these products in their service stacks expose downstream customers to data leakage, unauthorized system control, and potential service disruption. Supply‑chain risk escalates when a single compromised component can be leveraged to pivot into broader enterprise environments.
Recommended Actions –
- Prioritize patching or mitigating the four CVEs across all owned and third‑party assets.
- Verify that any SaaS or managed‑service providers using the affected products have applied the fixes.
- Update vulnerability‑management policies to flag KEV catalog entries for immediate remediation.
- Conduct a rapid inventory to confirm presence of the vulnerable versions in your environment.
- Document remediation status to satisfy BOD 22‑01 compliance requirements.
Source: CISA Advisory – CISA Adds Four Known Exploited Vulnerabilities to Catalog