The US cybersecurity agency CISA on Monday warned that recently disclosed vulnerabilities in Windows SMB Client and Kentico Xperience CMS have been exploited in the wild.
The Windows flaw, tracked as CVE-2025-33073 (CVSS score of 8.8), was patched in June, when Microsoft warned that proof-of-concept (PoC) exploit code targeting it existed.
Exploitable over the network, the bug is described as an improper access control issue that could allow authenticated attackers to elevate their privileges to System.
“To exploit this vulnerability, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. This could result in elevation of privilege,” Microsoft’s advisory reads.
On Monday, CISA added the Windows SMB defect to its Known Exploited Vulnerabilities (KEV) list along with two authentication bypass flaws in the Kentico Xperience CMS.
The Kentico bugs, tracked as CVE-2025-2746 and CVE-2025-2747 (CVSS score of 9.6), impact the CMS’s Staging Sync Server password handling and could allow attackers to control administrative objects.
The two vulnerabilities, WatchTowr explained in March, could be chained with an authenticated remote code execution defect to compromise Xperience CMS deployments.
CISA on Monday also warned that CVE-2022-48503 (CVSS score of 8.8), an arbitrary code execution issue in Apple products, has been abused in the wild.
Apple patched the security hole in July 2022 in the JavaScriptCore component of macOS Monterey 12.5, iOS 15.6, iPadOS 15.6, Safari 15.6, tvOS 15.6, and watchOS 8.7.
Kentico resolved the authentication bypass bugs in Xperience versions 13.0.173 and 13.0.178.
Per Binding Operational Directive (BOD) 22-01, now that the flaws were added to the KEV catalog, federal agencies have three weeks to identify vulnerable instances in their environments and apply the available fixes.
There do not appear to be any reports of these bugs’ exploitation prior to CISA’s warning.
Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
Related: Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw
Related: Gladinet Patches Exploited CentreStack Vulnerability
Related: Organizations Warned of Exploited Adobe AEM Forms Vulnerability
