CISA Urges Immediate Patching of Exploited Vulnerabilities in Apple, Craft CMS, and Laravel Livewire
On March 21, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five critical security vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have been directed to apply patches by April 3, 2026, to mitigate potential threats.
Details of the Vulnerabilities:
1. CVE-2025-31277 (CVSS score: 8.8): A flaw in Apple WebKit that can lead to memory corruption when processing malicious web content. Apple addressed this issue in July 2025.
2. CVE-2025-43510 (CVSS score: 7.8): A memory corruption vulnerability in Apple’s kernel, allowing malicious applications to alter shared memory unexpectedly. Fixed in December 2025.
3. CVE-2025-43520 (CVSS score: 8.8): Another memory corruption issue in Apple’s kernel that could cause system termination or kernel memory writes. Resolved in December 2025.
4. CVE-2025-32432 (CVSS score: 10.0): A code injection vulnerability in Craft CMS enabling remote code execution. Patched in April 2025.
5. CVE-2025-54068 (CVSS score: 9.8): A code injection flaw in Laravel Livewire that could allow unauthenticated attackers to execute remote commands under certain conditions. Fixed in July 2025.
Exploitation and Threat Landscape:
The inclusion of these Apple vulnerabilities in the KEV catalog follows reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit kit named DarkSword. This kit exploits these vulnerabilities to deploy malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER, facilitating data theft.
CVE-2025-32432 has been exploited as a zero-day since February 2025 by unidentified threat actors. The intrusion set known as Mimo (also referred to as Hezb) has utilized this vulnerability to deploy cryptocurrency miners and residential proxyware.
CVE-2025-54068 has been exploited by the Iranian state-sponsored hacking group MuddyWater (also known as Boggy Serpens). Palo Alto Networks Unit 42 highlighted the group’s consistent targeting of diplomatic and critical infrastructure sectors, including energy, maritime, and finance, across the Middle East and other strategic regions.
Recommendations:
CISA’s directive underscores the critical need for organizations to promptly apply patches to these vulnerabilities. Delaying updates could expose systems to potential exploits, leading to data breaches, system compromises, and other security incidents.
Organizations are advised to:
– Assess Vulnerability Exposure: Determine if their systems are affected by these vulnerabilities.
– Apply Patches Promptly: Implement the necessary updates as per the provided timelines.
– Monitor for Indicators of Compromise (IoCs): Stay vigilant for any signs of exploitation related to these vulnerabilities.
– Enhance Security Posture: Review and strengthen security measures to prevent potential attacks.
By adhering to these recommendations, organizations can bolster their defenses against potential threats and ensure the integrity and security of their systems.
