Zero-Day
CISA added two actively exploited flaws to the KEV catalog in April 2025
On April 8, 2025, CISA warned that CVE-2025-29824 and CVE-2025-30406 were being actively exploited and urged organizations to patch quickly.
Incident summary
In its April 8, 2025 alert, CISA added CVE-2025-29824, a Microsoft Windows CLFS driver use-after-free flaw, and CVE-2025-30406, a Gladinet CentreStack hard-coded crypto key issue, to the Known Exploited Vulnerabilities catalog.
Why it matters
Once a flaw enters the KEV catalog, it becomes a top remediation priority because there is evidence of active exploitation. CISA explicitly urged rapid remediation.
- High-impact exploitation risk on Windows environments
- Potential exposure for CentreStack-based file sharing deployments
- Urgent need for patching and exposure review