CISA Adds Two Known Exploited Vulnerabilities to Catalog

Key Points:

• CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2022-37055 and CVE-2025-66644.
• The vulnerabilities include a buffer overflow in D-Link routers and a command injection vulnerability in Array Networks ArrayOS, both of which are actively exploited.
• Organizations should prioritize patching these vulnerabilities to mitigate the risk of exploitation.

Technical Details: CVE-2022-37055 is a buffer overflow vulnerability affecting D-Link routers, while CVE-2025-66644 pertains to command injection in Array Networks' ArrayOS. Both vulnerabilities have been confirmed to be actively exploited in the wild.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned