U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog.Below are the flaws added to the catalog:CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal VulnerabilityCVE-2024-57726 SimpleHelp Missing Authorization VulnerabilityCVE-2024-57728 SimpleHelp Path Traversal VulnerabilityCVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability The vulnerability CVE-2024-7399 (CVSS score of 8.8) is an improper limitation of a pathname to a restricted directory issue in Samsung MagicINFO 9 Server version before 21.1050. An attacker can exploit the flaw to write arbitrary file as system authority.In May 2025, Arctic Wolf researchers observed threat actors exploiting this vulnerability (CVSS score: 8.8) in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released.CVE-2024-7399 is a flaw in Samsung MagicINFO 9 Server’s input validation, it allows unauthenticated attackers to upload JSP files and execute code with system-level access.Samsung first disclosed the flaw in August 2024, and at the time, there were no signs of it being exploited. However, just days after a proof-of-concept (PoC) was published on April 30, 2025, threat actors began taking advantage of it. Given how easy it is to exploit, and the public availability of the PoC, experts believe that the attacks are likely to continue.Samsung addressed the vulnerability with the release of MagicINFO 9 Server version 21.1050 in August 2024.The second vulnerability, tracked as CVE-2025-29635, allows attackers to inject commands because an attacker-controlled value is copied without proper validation.This week, Akamai researchers reported that a Mirai botnet is targeting CVE-2025-29635 via crafted POST requests after public PoC disclosure.The remaining two flaws added to the catalog are: CVE-2024-57726 (CVSS 9.9) – An authorization flaw in SimpleHelp lets low-privileged technicians generate API keys with elevated rights, enabling escalation to full server admin access. CVE-2024-57728 (CVSS 7.2) – A path traversal issue (zip slip) allows admin users to upload crafted ZIP files that place arbitrary files on the system, potentially leading to remote code execution as the SimpleHelp server user.According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.CISA orders federal agencies to fix the vulnerabilities by May 8, 2026.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, CISA)