What Happened
Between May 15 and May 21, 2025, CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, is being exploited by MuddyWater, an Iranian state-sponsored group. The second vulnerability affects Trend Micro Apex One, an on-premise endpoint security platform widely used in enterprise environments.
Both additions indicate that threat actors are already exploiting these products. They're deploying malicious code on production systems, not just testing exploits in labs.
Timeline
May 15, 2025: CISA adds CVE-2025-34291 (Langflow) to the KEV catalog after detecting exploitation by MuddyWater.
May 21, 2025: Second vulnerability (Trend Micro Apex One) added to KEV following further evidence of exploitation.
June 4, 2026: Federal Civilian Executive Branch agencies must remediate both vulnerabilities per Binding Operational Directive 22-01.
The gap between May 2025 detection and the June 2026 federal deadline is a critical window. If you wait until next year to patch, you're giving adversaries 13 months of access.
Which Controls Failed or Were Missing
Vulnerability scanning cadence: Organizations using Langflow or Apex One either weren't scanning for these CVEs, or they weren't acting on the results. A 9.4 CVSS score demands immediate action, not a place in a backlog.
Asset inventory gaps: You can't patch what you don't know you have. If your CMDB doesn't track every instance of Langflow or every Apex One agent, you have blind spots. MuddyWater doesn't.
Patch deployment process: The Trend Micro vulnerability specifically affects on-premise deployments. Many organizations have mature cloud patching workflows but treat on-premise systems as "stable" environments where patches wait for quarterly maintenance. State-sponsored groups exploit this delay.
Origin validation controls: CVE-2025-34291 is an origin validation error—requests were trusted when they shouldn't have been. This highlights missing input validation at the application layer, a control that should exist regardless of vendor patches.
Threat intelligence integration: CISA doesn't add vulnerabilities to KEV speculatively. By the time a CVE appears in that catalog, exploitation is confirmed. If your patching process doesn't automatically escalate KEV-listed vulnerabilities, you're treating confirmed threats like theoretical risks.
What the Relevant Standards Require
NIST 800-53 Rev 5 SI-2 (Flaw Remediation) requires organizations to "install security-relevant software and firmware updates within the time period specified in the organization security plan." For KEV-listed vulnerabilities, that time period should be measured in days, not months. SI-2(2) adds automated patch management tools—if you're manually tracking these patches, you're already behind.
PCI DSS v4.0.1 Requirement 6.3.1 mandates that security vulnerabilities are identified and addressed, with critical patches installed within one month of release. A 9.4 CVSS vulnerability qualifies as critical. Requirement 6.3.3 requires an inventory of bespoke and custom software—if you're running Langflow in your environment and it's not in your asset register, you're non-compliant before the vulnerability even matters.
ISO/IEC 27001 Control 8.8 (Management of technical vulnerabilities) requires organizations to obtain timely information about technical vulnerabilities and evaluate exposure. The KEV catalog is that timely information. Control 5.23 (Information security for use of cloud services) addresses cloud versus on-premise risk management—the Apex One vulnerability demonstrates why on-premise systems need the same rigor as cloud assets.
SOC 2 Type II CC7.1 requires detection of anomalies and incidents. If MuddyWater is exploiting CVE-2025-34291 in your environment and your monitoring didn't catch origin validation failures or unusual outbound traffic, your detective controls have gaps your auditor will note.
Lessons and Action Items for Your Team
1. Automate KEV monitoring
Subscribe to CISA's KEV JSON feed and integrate it directly into your vulnerability management platform. When a CVE hits KEV, it should auto-escalate to P1 severity regardless of your internal risk scoring. Set up a Slack or Teams alert that notifies your security team within 15 minutes of any KEV addition.
2. Inventory your on-premise attack surface
List every on-premise security tool, endpoint agent, and management console in your environment. Trend Micro Apex One isn't the only on-premise product threat actors target—it's just the one that made headlines this week. Your CMDB should track version numbers, patch levels, and last update dates for every instance.
3. Implement origin validation checks
CVE-2025-34291 is an origin validation error. Review your applications for similar weaknesses. OWASP ASVS v4.0.3 Section 13.2 covers RESTful web service verification—specifically 13.2.3 requires that RESTful web services that use cookies are protected from Cross-Site Request Forgery. If your internal tools accept requests without validating origin headers or CSRF tokens, you have the same class of vulnerability Langflow had.
4. Create a 72-hour patch window for KEV-listed CVEs
Federal agencies get 13 months. You don't. Establish a policy: any vulnerability CISA adds to KEV gets patched or mitigated within 72 hours. Mitigation might mean network segmentation, WAF rules, or disabling the vulnerable feature—but it can't mean "added to next sprint."
5. Test your threat intelligence integration
Run a tabletop exercise: CISA adds a vulnerability affecting one of your products to KEV at 3pm on a Friday. Who gets notified? What's the approval process for emergency patching? How do you verify the patch deployed successfully? If you don't have answers, MuddyWater has 13 months to find out before you do.
The KEV catalog exists because organizations wait too long to patch known vulnerabilities. By the time CISA adds a CVE to that list, it's not a vulnerability anymore—it's an active intrusion vector. Your patching cadence should reflect that reality.
