1080*80 ad
Home » Blog » CISA Adds SKYSEA, Velociraptor, Windows, and IGEL OS Flaws to Known Exploited Vulnerabilities List

CISA Adds SKYSEA, Velociraptor, Windows, and IGEL OS Flaws to Known Exploited Vulnerabilities List

Benhcmark Administrator Benhcmark Administrator
12/11/2025
1 View 0
CISA Adds SKYSEA, Velociraptor, Windows, and IGEL OS Flaws to Known Exploited Vulnerabilities List

Urgent Security Alert: CISA Adds Four Actively Exploited Vulnerabilities to Must-Patch List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical update, adding four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This is not a routine warning; inclusion in the KEV catalog means there is reliable evidence that these security flaws are being actively exploited by malicious actors in real-world attacks.

Organizations using the affected software—which includes popular products like Microsoft Windows and IGEL OS—are strongly urged to prioritize patching to defend against immediate threats. These vulnerabilities range from security bypasses to remote code execution, giving attackers significant leverage to compromise systems.

Here is a detailed breakdown of the four critical vulnerabilities you need to address now.

1. Windows Defender SmartScreen Bypass (CVE-2024-21412)

This high-stakes vulnerability affects a core security feature in Microsoft Windows. The flaw allows attackers to bypass Windows Defender SmartScreen, a tool designed to protect users from malicious files and websites.

  • Threat: Attackers can craft malicious files that, when opened by a user, will not trigger the usual security warnings. This significantly increases the likelihood of a successful infection.
  • Attacker: This vulnerability is reportedly being exploited by an advanced persistent threat (APT) group known as Water Hydra (also called DarkCasino) to deploy the DarkMe malware.
  • Action: This flaw was patched by Microsoft in February 2024. Applying the latest Windows security updates is essential to mitigate this threat.

2. SKYSEA Client View Remote Code Execution (CVE-2023-43177)

SKYSEA Client View is an asset management tool used by many organizations. This vulnerability allows for unauthenticated remote code execution, making it a particularly dangerous flaw.

  • Threat: An attacker can exploit this vulnerability to remotely execute arbitrary code on a targeted system without needing any login credentials. This can lead to a full system compromise.
  • Attacker: Security researchers have linked the exploitation of this flaw to a Chinese state-sponsored group known as BlackTech (or Palmerworm).
  • Action: Immediate patching is required. Given its use by a known APT group, any organization using this software should assume they are a potential target.

3. Velociraptor Command Injection (CVE-2023-3297)

Velociraptor is an open-source tool used for digital forensics and incident response. This vulnerability involves a command injection flaw that can also lead to remote code execution.

  • Threat: A successful exploit could allow an attacker to run unauthorized commands on the server running Velociraptor. Since this tool often has high-level privileges to perform its duties, a compromise could be devastating.
  • Action: Administrators using Velociraptor must update their instances to a patched version to prevent unauthorized access and execution.

4. IGEL OS Privilege Escalation (CVE-2023-5216)

IGEL OS is a Linux-based operating system designed for virtual desktop infrastructure (VDI) and cloud workspaces. This flaw allows an attacker who already has some level of access to gain higher privileges.

  • Threat: An attacker can exploit this vulnerability to escalate their privileges and execute arbitrary code. This allows a low-level intruder to potentially gain full administrative control over the affected endpoint.
  • Action: All systems running a vulnerable version of IGEL OS should be updated immediately to prevent attackers from gaining a deeper foothold in the network.

Urgent Recommendations for System Administrators

The inclusion of these vulnerabilities in the CISA KEV catalog serves as a final warning. If you are using any of the affected products, your organization is at an elevated risk of a cyberattack.

  1. Prioritize Patching: Treat vulnerabilities on the KEV list as your highest priority. These are not theoretical risks; they are active threats. Deploy the necessary security updates and patches immediately.
  2. Scan for Indicators of Compromise: Since these flaws are being actively exploited, it is crucial to scan your systems for any signs that a compromise has already occurred. Review logs and monitor for unusual network activity.
  3. Validate Your Security Posture: Use this alert as an opportunity to review your overall security strategy. Ensure your endpoint protection, firewalls, and user access controls are properly configured and up-to-date.
  4. Stay Informed: Regularly monitor alerts from CISA and other trusted cybersecurity sources to stay ahead of emerging threats and ensure your defenses are prepared for the latest attack vectors.

Proactive patching and constant vigilance are your best defense against attackers who are actively working to exploit these known weaknesses. Don’t wait to become a statistic—take action now.

Source: https://securityaffairs.com/183479/security/u-s-cisa-adds-skysea-client-view-rapid7-velociraptor-microsoft-windows-and-igel-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket