The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities catalog. The agency issued a directive requiring federal agencies to implement patches by April 3, 2026.
The vulnerabilities are confirmed to be under active exploitation, prompting CISA's inclusion in the KEV catalog. One identified flaw is CVE-2025-31277, which affects Apple products and carries a CVSS score of 8.8, indicating high severity. The complete list includes security issues across the three affected platforms.