THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2022-0492, a Linux Kernel Improper Authentication flaw with a CVSS score of 7.0, and CVE-2025-48595, an Android Framework Integer Overflow Vulnerability with a CVSS score of 8.4.
The Linux flaw can allow attackers to escape containers and execute arbitrary commands on the host, while the Android flaw can enable code execution and privilege escalation on affected devices. Both vulnerabilities are currently being exploited, and federal agencies are required to address them by June 5, 2026. Organizations are also advised to review the KEV catalog and implement necessary fixes.