HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Advisory

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Flagging Lantronix and Ubiquiti Devices

CISA has added four CVEs—affecting Lantronix EDS5000 and Ubiquiti UniFi OS—to its Known Exploited Vulnerabilities catalog, indicating active exploitation. Organizations must prioritize remediation to satisfy SOC 2 vulnerability‑management controls and maintain audit‑ready evidence.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 cisa.gov
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog (CVE‑2025‑67038, CVE‑2026‑34908‑34910) – Immediate Risk to Network Devices

What It Is — The Cybersecurity and Infrastructure Security Agency (CISA) has placed four CVEs into its Known Exploited Vulnerabilities (KEV) Catalog, confirming that threat actors are actively exploiting these flaws in publicly‑exposed assets.

Exploitability — All four vulnerabilities have documented evidence of live exploitation; no public proof‑of‑concept is required to demonstrate risk. CISA’s inclusion in the KEV catalog signals a high likelihood of successful compromise.

Affected Products

  • CVE‑2025‑67038 – Lantronix EDS5000 – Code Injection
  • CVE‑2026‑34908 – Ubiquiti UniFi OS – Improper Access Control
  • CVE‑2026‑34909 – Ubiquiti UniFi OS – Path Traversal
  • CVE‑2026‑34910 – Ubiquiti UniFi OS – Improper Input Validation

Why It Matters for Compliance & Audit Readiness

  • SOC 2 Control Mapping – These flaws map directly to CC6.1 (Vulnerability Management) and CC7.1 (System Operations); failure to remediate can be cited as a control deficiency during a SOC 2 audit.
  • Continuous Evidence – Demonstrating timely patching and verification provides audit‑ready evidence that your organization is exercising due diligence on high‑risk assets.
  • Enterprise Buyer Expectations – Federal agencies and large enterprises now reference the KEV catalog when evaluating vendors; showing a documented remediation process can be a decisive factor in winning contracts.

Recommended Actions

  • Identify all Lantronix EDS5000 and Ubiquiti UniFi OS instances in your asset inventory.
  • Prioritize patching of the four CVEs in accordance with CISA’s BOD 26‑04 risk‑based timeline.
  • Capture remediation evidence (patch logs, configuration snapshots) in a tamper‑evident repository for SOC 2 audit review.
  • Validate that the patches close the attack surface by conducting targeted penetration tests or vulnerability scans.
  • Update your vulnerability‑management policy to reference the KEV catalog as a source of high‑priority findings.

Source: CISA Advisory – June 23 2026

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →