THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four flaws from Samsung, SimpleHelp and D-Link to its Known Exploited Vulnerabilities (KEV) catalog. The newly listed CVEs are CVE-2024-7399 for Samsung MagicINFO 9 Server (CVSS 8.8), CVE-2024-57726 for SimpleHelp (CVSS 9.9), CVE-2024-57728 for SimpleHelp (CVSS 7.2) and CVE-2025-29635 for D-Link DIR-823X (no CVSS shown in the article).
The Samsung flaw enables unauthenticated attackers to upload JSP files and execute code with system-level access, while the SimpleHelp flaws involve low-privileged API key elevation and a zip-slip path traversal that could lead to remote code execution. Akamai researchers have reported Mirai botnet activity targeting CVE-2025-29635 via crafted POST requests, and the article notes that the vulnerability was addressed by Samsung with a server update in August 2024.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must fix these issues by May 8, 2026, and private organisations are urged to review the KEV catalog and remediate accordingly.