CISA adds Linux and Android flaws to KEV
For federal teams, the important fact is not novelty, but active exploitation and the BOD 22-01 remediation clock.
TL;DR
CISA added CVE-2022-0492, a Linux kernel improper authentication flaw, and CVE-2025-48595, an Android Framework integer overflow, to the Known Exploited Vulnerabilities Catalog based on active exploitation. Binding Operational Directive 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV-listed vulnerabilities by their due dates. Contractors supporting those agencies should treat the listings as access-risk items, not ordinary backlog work.
CISA’s update is a routine Known Exploited Vulnerabilities Catalog entry with the usual non-routine implication: the vulnerabilities are already being used. Federal Civilian Executive Branch agencies now have Binding Operational Directive 22-01 remediation obligations for CVE-2022-0492 and CVE-2025-48595, and contractors supporting those environments should expect agency vulnerability management programs to push the same priority downstream. The alert identifies the flaws and the BOD 22-01 obligation, but not the specific per-CVE deadlines in the text, so teams should verify the catalog entries before treating this as a generic patch advisory.
Published ·Updated ·Deep Fathom