CISA KEV Catalog

Introduction

The CISA Known Exploited Vulnerabilities (KEV) Catalog is an authoritative list of vulnerabilities actively exploited in the wild, curated by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Unlike generic vulnerability databases, the KEV Catalog focuses exclusively on vulnerabilities confirmed to be exploited, making it one of the most critical references for patch prioritization and compliance (e.g., U.S. Federal BOD 22-01 mandates remediation based on KEV entries).

This catalog inside AttackMetricx ensures that organizations not only track exposures but also focus remediation on what attackers are actively abusing.

Intelligence Summary (Top Counters)

• Total → The total number of KEV vulnerabilities tracked in the system (e.g., 1,414).

• Known Ransomware → How many of these CVEs are already associated with ransomware campaigns (e.g., 293).

• Due Date This Week → The number of vulnerabilities with remediation deadlines expiring in the current week (e.g., 4).

• Last Update → The date when the catalog was last refreshed (e.g., 2025-09-11).

These counters give teams a high-level operational view of their immediate exposure landscape.

Search & Filters

• Search Bar – Quickly locate vulnerabilities by CVE ID, vendor, or keyword.

• Filters – Narrow results by attributes such as Ransomware Status.

• Sorting – Option to sort vulnerabilities by Alert Date, Due Date, or other criteria.

This enables fast navigation across a very large dataset.

CVE Entries

Each KEV entry includes detailed actionable intelligence to support prioritization and patching:

• Severity (CVSS v3.1 Score) – Risk rating (e.g., 9.0 Critical for CVE-2025-5086).

• CVE ID & Title – Full identifier and short description of the vulnerability.

• Target Vendor – The vendor whose product is affected (e.g., Dassault Systèmes, Linux, Android).

• Action Due Date – The deadline for remediation based on KEV guidance (e.g., 2025-10-02).

• Countdown to Due Date – Clear reminder of days left (e.g., 16 days left to action due).

• Exploit Prediction (%) – EPSS integration that shows likelihood of exploitation (e.g., 68.66%).

• Known Ransomware Use – Whether ransomware actors are leveraging it (Yes / No / Unknown).

• Description – Technical explanation of the weakness and potential impact.

• Actions – Concrete remediation instructions, often referencing BOD 22-01 compliance or vendor mitigations.

• Notes/References – External advisories, vendor patches, and NVD references for further details.

• Alert Date – When this vulnerability was officially flagged in KEV.

Why It Matters

• For Compliance – Many regulations (like BOD 22-01 for U.S. federal agencies) require tracking and patching based on KEV entries.

• For Security Teams – Prioritizes vulnerabilities that attackers are already exploiting, cutting through noise.

• For Executives – Provides visibility into high-risk, time-sensitive threats with clear remediation deadlines.

With AttackMetricx, the KEV Catalog isn’t just a static list it’s contextualized, prioritized, and mapped with exploit prediction, ensuring organizations never miss patching what matters most.