On Wednesday, June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three significant security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are actively being exploited in the wild and pose serious risks to affected systems.
Added Vulnerabilities
AMI MegaRAC SPx Authentication Bypass (CVE-2024-54085)
This is an authentication bypass by spoofing vulnerability in the Redfish Host Interface of AMI MegaRAC SPx, which is commonly used in server Baseboard Management Controllers (BMCs). It allows a remote attacker to impersonate an authorized user and gain privileged access to the system. Attackers can potentially deploy malware, tamper with firmware, or even “brick” servers, compromising confidentiality, integrity, and availability.
D-Link DIR-859 Router Path Traversal (CVE-2024-0769)
This is a critical path traversal vulnerability affecting the D-Link DIR-859 WiFi router. It allows remote attackers to access sensitive configuration files and extract account information, including user passwords, by manipulating the service argument in a crafted request to the /hedwig.cgi file. Attackers can collect user credentials and take full control of the router, potentially compromising the entire network. The DIR-859 is now at end-of-life and will not receive patches from the vendor, increasing risk for users. It is recommended to discontinue use of affected routers, isolate or replace them if still in use, and ensure network segmentation.
Fortinet FortiOS Hard-Coded Credentials (CVE-2019-6693)
This vulnerability involves the use of hard-coded cryptographic keys in Fortinet FortiOS, FortiManager, and FortiAnalyzer. Attackers with access to the CLI configuration or backup files can decrypt sensitive data, bypassing authentication controls. Malicious actors can gain unauthorized access, modify firewall rules, and intercept or redirect sensitive traffic, undermining network security.
| Vulnerability ID | Affected Product | Type of Flaw | Main Risk/Impact |
|---|---|---|---|
| CVE-2024-54085 | AMI MegaRAC SPx | Authentication bypass by spoofing | Server compromise, malware deployment |
| CVE-2024-0769 | D-Link DIR-859 router | Path traversal, info disclosure | Credential theft, device takeover |
| CVE-2019-6693 | Fortinet FortiOS | Hard-coded credentials/keys | Unauthorized access, traffic interception |
