The Cybersecurity and Infrastructure Security Agency (CISA) has released several important security advisories, which address critical vulnerabilities across a range of platforms, including industrial control systems (ICS).
These advisories are important for users and administrators in mitigating risks associated with exploitable vulnerabilities. CISA’s proactive approach ensures organizations are well-informed on the latest threats and the necessary defenses to protect against them.
Schneider Electric EcoStruxure Power Monitoring Expert (PME) Advisory
One of the important advisories released by CISA on March 27, 2025, is ICSA-25-037-01, which concerns a vulnerability in Schneider Electric’s EcoStruxure Power Monitoring Expert (PME), specifically Update A. Schneider Electric’s PME is widely used for monitoring and managing power systems across various industries. This vulnerability could have serious consequences if exploited, potentially allowing remote code execution, a risk that could jeopardize sensitive infrastructure systems.
The flaw, identified as a deserialization of untrusted data (CWE-502), exists due to unsafe deserialization when data is posted to the PME’s web server. This vulnerability, tracked as CVE-2024-9005, has a CVSS v3 base score of 7.1 and a CVSS v4 score of 7.3. A successful attack could give malicious actors the ability to remotely execute code, undermining the integrity of the system and compromising security.
Schneider Electric has responded with mitigations for affected users. Users of PME 2022 and prior can obtain a hotfix from Schneider Electric’s Customer Care Center. Additionally, users are urged to upgrade to the latest PME versions and follow industry-standard cybersecurity best practices, including network isolation and ensuring systems are protected behind firewalls.
CISA Adds New Vulnerability to the Known Exploited Vulnerabilities Catalog
In addition to the advisories, CISA also updated its Known Exploited Vulnerabilities Catalog with new vulnerabilities that have been actively exploited in the wild. This catalog is a critical resource for agencies and enterprises, helping them prioritize patches for vulnerabilities that are already being targeted by malicious actors.
The latest entry in this catalog is CVE-2025-2783, a high-severity vulnerability affecting Google Chrome. This flaw, discovered in the Mojo component, allows attackers to bypass Chrome’s sandboxing mechanisms on Windows versions prior to 134.0.6998.177.
The vulnerability is a result of incorrect handle management in Mojo, and it could allow an attacker to escape the sandbox and execute arbitrary code on the system. Chrome users are advised to update their browsers to version 134.0.6998.177 or later to mitigate the risk.
Deserialization Vulnerabilities in Sitecore CMS and Experience Platform
CISA also added two deserialization vulnerabilities, CVE-2019-9874 and CVE-2019-9875, to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, found in the Sitecore CMS and Sitecore Experience Platform (XP), could allow attackers to execute arbitrary code through unsafely deserialized data.
CVE-2019-9874 affects Sitecore CMS versions 7.0 to 7.2 and Sitecore XP versions 7.5 to 8.2, while CVE-2019-9875 impacts versions up to Sitecore 9.1. Both flaws are in the anti-CSRF module of Sitecore, and attackers can exploit them by sending a specially crafted serialized .NET object in an HTTP POST parameter.
These vulnerabilities are critical because they can allow unauthenticated attackers (in the case of CVE-2019-9874) or authenticated attackers (in CVE-2019-9875) to execute arbitrary code, compromising the security of affected systems.
The Importance of Mitigating Known Exploited Vulnerabilities
CISA’s updates to the Known Exploited Vulnerabilities Catalog emphasize the critical need for organizations to address vulnerabilities that are actively being targeted by cybercriminals. By keeping systems updated with the latest security patches and mitigating known risks, organizations can reduce the likelihood of successful attacks.
For instance, the CVE-2025-2783 vulnerability in Google Chrome could lead to attackers bypassing security features designed to protect users, while the vulnerabilities in Sitecore CMS and XP could allow attackers to compromise web applications and gain unauthorized access to sensitive data. Both of these are prime examples of how seemingly minor vulnerabilities can be exploited to devastating effect.
Conclusion
Users of Schneider Electric’s EcoStruxure Power Monitoring Expert (PME), Google Chrome, and Sitecore CMS/XP are strongly encouraged to implement the recommended patches and mitigations. By doing so, they can reduce the likelihood of falling victim to cyberattacks that exploit these critical vulnerabilities.
The growing number of vulnerabilities added to the CISA Known Exploited Vulnerabilities Catalog—including CVE-2025-2783, CVE-2019-9874, and CVE-2019-9875—serves as a reminder of the ongoing threat posed by cybercriminals targeting known flaws in widely used software and hardware. As always, CISA urges all entities to stay informed and act promptly to protect their systems.
