Fact-check: The article is based on a direct CISA alert, a verified government source, and aligns with CISA's established practices for managing known exploited vulnerabilities under the Critical Infrastructure situation. The claims about the vulnerabilities and remediation requirements are consistent with CISA's Binding Operational Directive 22-01, with no evident contradictions in verified reporting.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0556, a Microsoft Office PowerPoint code injection flaw, and CVE-2025-37164, an HPE OneView code injection vulnerability. Both are being actively exploited and pose significant risks to federal and enterprise networks. Federal Civilian Executive Branch agencies are required to remediate these vulnerabilities by the specified due dates under Binding Operational Directive 22-01.