The Cybersecurity and Infrastructure Security Agency has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch affected systems by July 10, 2025. The additions include two newly disclosed critical flaws in Adobe ColdFusion and Langflow, alongside two vulnerabilities affecting Joomla extensions.
Inclusion in CISA's KEV catalog indicates that threat actors are actively exploiting these vulnerabilities in real-world attacks. The catalog serves as a priority list for federal civilian executive branch agencies under Binding Operational Directive 22-01, though security experts recommend all organizations treat KEV-listed flaws as high-priority remediation targets regardless of sector.
The Adobe ColdFusion and Langflow vulnerabilities represent newly disclosed security issues that have already been weaponized by attackers. ColdFusion, a web application development platform, has historically been a target for exploitation due to its widespread use in enterprise environments. Langflow, a tool for building AI applications, joins the growing list of artificial intelligence and machine learning platforms facing security scrutiny. The Joomla extension flaws affect the popular content management system's third-party components.
Organizations running these platforms face immediate risk of compromise if patches are not applied promptly. Successful exploitation could allow attackers to gain unauthorized access, execute arbitrary code, or compromise sensitive data depending on the specific vulnerability. The rapid addition to the KEV catalog suggests CISA has observed active exploitation attempts or confirmed compromises.
Administrators should immediately identify all instances of Adobe ColdFusion, Langflow, and affected Joomla extensions within their environments. Apply vendor-provided patches as soon as possible, prioritizing internet-facing systems. Organizations unable to patch immediately should implement compensating controls such as network segmentation, enhanced monitoring, or temporary service restrictions until updates can be deployed. Review system logs for indicators of compromise that may have occurred before patching.
Source: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/


