CISA Flags Apple, Laravel Livewire, and Craft CMS Flaws as Actively Exploited Vulnerabilities
What Happened — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six high‑severity CVEs affecting Apple iOS/macOS, Laravel Livewire, and Craft CMS to its Known Exploited Vulnerabilities (KEV) catalog. The flaws include multiple buffer overflows, code‑injection bugs, and an improper locking issue, all of which are being leveraged by active exploit kits such as DarkSword and MuddyWater‑linked campaigns.
Why It Matters for TPRM —
- Vendors that embed these components in SaaS or mobile products inherit the same exposure.
- Exploitation can lead to remote code execution, data theft, or malware deployment on downstream customer environments.
- Inclusion in the KEV catalog triggers heightened scrutiny from U.S. federal agencies and may affect procurement decisions.
Who Is Affected — Technology and SaaS providers, mobile‑app developers, web‑application platforms, and any organization that relies on Apple devices, Laravel Livewire, or Craft CMS for content management.
Recommended Actions —
- Verify that all third‑party products have applied the patches released for the listed CVEs.
- Conduct a rapid inventory of any in‑house or vendor‑supplied applications that embed the vulnerable libraries.
- Update security controls to monitor for known exploit‑kit activity (e.g., DarkSword) and enforce strict code‑signing policies.
Technical Notes —
- Attack Vector: Vulnerability exploitation (buffer overflow, code injection).
- CVEs & Scores: CVE‑2025‑31277 (8.8), CVE‑2025‑32432 (10.0), CVE‑2025‑43510 (7.8), CVE‑2025‑43520 (8.8), CVE‑2025‑54068 (9.8).
- Data Types at Risk: Execution of arbitrary code, potential exfiltration of user data, installation of persistent malware.
- Mitigations: Apply vendor patches (Apple iOS/macOS updates, Craft CMS 3.9.15/4.14.15/5.6.17, Laravel Livewire updates, Yii 2.0.52). Deploy endpoint detection for known payloads.
Source: Security Affairs