regscale-cli 6.20.4.1__py3-none-any.whl → 6.20.6.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -7,9 +7,13 @@ from __future__ import annotations
 import json
 import math
 import re
+import shutil
+import tempfile
 from collections import Counter
 from concurrent.futures import as_completed
 from concurrent.futures.thread import ThreadPoolExecutor
+from datetime import datetime
+from pathlib import Path
 from threading import Thread
 from types import ModuleType
 from typing import TYPE_CHECKING, Any, Callable, Dict, List, Literal, Optional, Tuple, TypeVar
@@ -18,7 +22,7 @@ import click
 
 from regscale.core.app.api import Api
 from regscale.core.app.utils.api_handler import APIInsertionError, APIUpdateError
-from regscale.core.app.utils.app_utils import create_progress_object, error_and_exit, get_current_datetime
+from regscale.core.app.utils.app_utils import compute_hash, create_progress_object, error_and_exit, get_current_datetime
 from regscale.core.utils.graphql import GraphQLQuery
 from regscale.integrations.public.fedramp.parts_mapper import PartMapper
 from regscale.integrations.public.fedramp.ssp_logger import SSPLogger
@@ -229,19 +233,17 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
         status = next(iter(status_counts))
         return STATUS_MAPPING.get(status, ControlImplementationStatus.NotImplemented)
 
-    # Priority-based status determination
-    if any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
-        status_ret = ControlImplementationStatus.NA
-
     implemented_count = status_counts.get("Implemented", 0)
     total_count = sum(status_counts.values())
 
     if implemented_count == total_count:
-        status_ret = ControlImplementationStatus.FullyImplemented
+        return ControlImplementationStatus.FullyImplemented
     elif implemented_count > 0 or any(status == "Partially Implemented" for status in status_counts):
         status_ret = ControlImplementationStatus.PartiallyImplemented
     elif any(status == "Planned" for status in status_counts):
         status_ret = ControlImplementationStatus.Planned
+    elif any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
+        status_ret = ControlImplementationStatus.NA
 
     return status_ret
 
@@ -271,7 +273,9 @@ def map_origination(control_id: str, cis_data: dict) -> dict:
 
     # Find matching CIS records
     matching_records = [
-        record for record in cis_data.values() if gen_key(record["regscale_control_id"]).lower() == control_id.lower()
+        record
+        for record in cis_data.values()
+        if record.get("regscale_control_id") and gen_key(record["regscale_control_id"]).lower() == control_id.lower()
     ]
 
     # Process each matching record
@@ -421,6 +425,7 @@ def update_imp_objective(
             ex_obj = next((obj for obj in existing_imp_obj if obj.objectiveId == objective.id), None)
             if ex_obj:
                 ex_obj.status = get_multi_status(cis_record)
+                ex_obj.responsibility = responsibility
                 if cloud_responsibility.strip():
                     logger.debug(
                         f"Updating Implementation Objective #{ex_obj.id} with responsibility: {responsibility}"
@@ -796,6 +801,12 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
     :rtype Tuple[List[str], Optional[ImplementationObjective]]
     :returns A list of errors and the Implementation Objective if successful, otherwise None
     """
+    # for pytest
+    if not part_mapper_rev5.data:
+        part_mapper_rev5.load_fedramp_version_5_mapping()
+    if not part_mapper_rev4.data:
+        part_mapper_rev4.load_fedramp_version_4_mapping()
+
     errors = []
     version = kwargs.get("version")
     leveraged_auth_id: int = kwargs.get("leveraged_auth_id")
@@ -879,6 +890,9 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
         warn_extra_headers=False,
     )
 
+    if validator.data.empty:
+        return {}
+
     # find index of row where the first column == Control ID
     skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
 
@@ -942,15 +956,18 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
         clean_control_id = re.sub(r"\W+", "", control_id)
         clean_control_id = re.sub("([a-z0-9])([A-Z])", r"\1_\2", clean_control_id).lower()
 
+        # Handle NaN values for the specific inheritance field
+        inheritance_field = row["Specific Inheritance and Customer Agency/CSP Responsibilities"]
+        if get_pandas().isna(inheritance_field):
+            inheritance_field = ""
+
         # Use clean_control_id as the key to avoid overwriting
         formatted_crm[control_id] = {
             "control_id": control_id,
             "clean_control_id": clean_control_id,
             "regscale_control_id": transform_control(control_id),
             "can_be_inherited_from_csp": row[CAN_BE_INHERITED_CSP],
-            "specific_inheritance_and_customer_agency_csp_responsibilities": row[
-                "Specific Inheritance and Customer Agency/CSP Responsibilities"
-            ],
+            "specific_inheritance_and_customer_agency_csp_responsibilities": inheritance_field,
         }
 
     return formatted_crm
@@ -979,6 +996,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         worksheet_name=cis_sheet_name,
         warn_extra_headers=False,
     )
+    if validator.data.empty:
+        return {}
+
     skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
 
     # Parse the worksheet named 'CIS GovCloud U.S.+DoD (H)', skipping the initial rows
@@ -1128,14 +1148,14 @@ def _drop_rows_nan(instructions_df: "pd.DataFrame") -> "pd.DataFrame":
 
 
 def parse_instructions_worksheet(
-    df: "pd.DataFrame",
+    df: Dict[str, "pd.DataFrame"],
     version: Literal["rev4", "rev5"],
     instructions_sheet_name: str = "Instructions",
 ) -> list[dict]:
     """
     Function to parse the instructions sheet from the FedRAMP Rev5 CIS/CRM workbook
 
-    :param pd.DataFrame df: The dataframe to parse
+    :param Dict[str, "pd.DataFrame"] df: The dataframe to parse
     :param Literal["rev4", "rev5"] version: The version of the FedRAMP CIS CRM workbook
     :param str instructions_sheet_name: The name of the instructions sheet to parse, defaults to "Instructions"
     :return: List of formatted instructions content as a dictionary
@@ -1143,6 +1163,8 @@ def parse_instructions_worksheet(
     """
     pd = get_pandas()
     df = df[instructions_sheet_name].iloc[2:]
+    if len(df) == 0:
+        return []
     instructions_df = df.dropna(axis=1, how="all")
 
     if version == "rev5":
@@ -1356,6 +1378,25 @@ def build_implementations_dict(security_plan_id) -> None:
     logger.debug("Built %s implementations", len(imps))
 
 
+def create_backup_file(security_plan_id: int):
+    """
+    Create a backup file for the given security plan ID.
+
+    :param int security_plan_id: The security plan ID
+    """
+    logger.info("Creating a CIS/CRM Backup file of the current SSP state ..")
+    # Export CIS/CRM to file system, and save to artifacts folder
+    res = SecurityPlan.export_cis_crm(security_plan_id)
+    status = res.get("status")
+    if status and status == "complete":
+        file_name = res.get("trustedDisplayName")
+        logger.info(f"A CIS/CRM Backup file saved to SSP# {security_plan_id} file subsystem as {file_name}!")
+        return
+    continue_anyway = click.prompt("Unable to create a backup file. Would you like to continue?", type=bool)
+    if not continue_anyway:
+        error_and_exit("Backup file creation failed.")
+
+
 def create_new_security_plan(profile_id: int, system_name: str):
     """
     Create a new FedRamp security plan and map controls based on the profile id.
@@ -1425,6 +1466,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
         INITIAL_IMPORT = False
         ret = next((plan for plan in existing_plan), None)
         logger.info(f"Found existing SSP# {ret.id}")
+        create_backup_file(ret.id)
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)
         for imp in existing_imps:
             EXISTING_IMPLEMENTATIONS[imp.controlID] = imp
@@ -1503,6 +1545,43 @@ def _check_sheet_names_exist(
     return df
 
 
+def copy_and_rename_file(file_path: Path, new_name: str) -> Path:
+    """
+    Copy and rename a file.
+    """
+    temp_folder = Path(tempfile.gettempdir()) / "regscale"
+    temp_folder.mkdir(exist_ok=True)  # Ensure directory exists
+
+    new_file_path = temp_folder / new_name
+    shutil.copy(file_path, new_file_path)
+    return new_file_path
+
+
+def upload_file(file_path: Path, ssp_id: int, parent_module: str, api: Api) -> None:
+    """
+    Upload a file to RegScale
+
+    :param Path file_path: The path to the file to upload
+    :param int ssp_id: The ID of the SSP to upload the file to
+    :param str parent_module: The module to upload the file to
+    :param Api api: The API object to use to upload the file
+    :rtype: None
+    """
+    file_hash = None
+    with open(file_path, "rb") as f:
+        file_hash = compute_hash(f)
+    existing_files = File.get_files_for_parent_from_regscale(ssp_id, parent_module)
+    identical_file = next((file for file in existing_files if file.shaHash == file_hash), None)
+    if file_hash and identical_file:
+        logger.info(
+            f"An identical file {identical_file.trustedDisplayName} already exists in RegScale, skipping upload."
+        )
+        return
+    File.upload_file_to_regscale(
+        file_name=file_path.absolute(), parent_id=ssp_id, parent_module=parent_module, api=api, tags="cis-crm"
+    )
+
+
 def parse_and_import_ciscrm(
     file_path: click.Path,
     version: Literal["rev4", "rev5", "4", "5"],
@@ -1595,11 +1674,10 @@ def parse_and_import_ciscrm(
         crm_data=crm_data,
         version=version,  # type: ignore
     )
-
-    # upload workbook to the SSP
-    File.upload_file_to_regscale(
-        file_name=str(file_path),
-        parent_id=ssp.id,
-        parent_module="securityplans",
-        api=api,
-    )
+    file_path = Path(file_path)
+    file_name = f"{file_path.stem}_update_{datetime.now().strftime('%Y%m%d')}{file_path.suffix}"
+    if INITIAL_IMPORT:
+        file_name = f"{file_path.stem}_initial_import{file_path.suffix}"
+        # upload workbook to the SSP
+    file_path = copy_and_rename_file(file_path, file_name)
+    upload_file(file_path, ssp.id, "securityplans", api)

regscale/integrations/public/fedramp/fedramp_docx.py

@@ -12,6 +12,7 @@ from ssp import SSP  # type: ignore
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
+from regscale.core.app.utils.app_utils import error_and_exit
 from regscale.integrations.public.fedramp.fedramp_common import (
     get_profile_info_by_id,
     logger,
@@ -38,10 +39,8 @@ from regscale.integrations.public.fedramp.fedramp_common import (
     post_ports,
     post_links,
     post_implementations,
-    debug_logger,
     post_leveraged_authorizations,
 )
-from regscale.core.app.utils.app_utils import error_and_exit
 from regscale.models import ProfileMapping
 
 
@@ -365,7 +364,7 @@ def process_fedramp_docx(
             load_missing=load_missing,
         )
     except Exception as e:
-        debug_logger.info(e, exc_info=True)
+        logger.info(e)
         logger.error(
             f"Unable to gather implementations: {e}",
             record_type="implementations",

regscale/integrations/scanner_integration.py

@@ -247,6 +247,7 @@ class IntegrationAsset:
     mac_address: Optional[str] = None
     fqdn: Optional[str] = None
     ip_address: Optional[str] = None
+    ipv6_address: Optional[str] = None
     component_names: List[str] = dataclasses.field(default_factory=list)
     is_virtual: bool = True
 
@@ -1112,6 +1113,7 @@ class ScannerIntegration(ABC):
             azureIdentifier=asset.azure_identifier,
             location=asset.location,
             ipAddress=asset.ip_address,
+            iPv6Address=asset.ipv6_address,
             fqdn=asset.fqdn,
             macAddress=asset.mac_address,
             diskStorage=asset.disk_storage,
@@ -1651,6 +1653,7 @@ class ScannerIntegration(ABC):
         issue.riskAdjustment = finding.risk_adjustment
         issue.operationalRequirement = finding.operational_requirements
         issue.deviationRationale = finding.deviation_rationale
+        issue.dateLastUpdated = get_current_datetime()
 
         if finding.cve:
             issue = self.lookup_kev_and_upate_issue(cve=finding.cve, issue=issue, cisa_kevs=self._kev_data)
@@ -2323,7 +2326,7 @@ class ScannerIntegration(ABC):
             or finding.observations,  # or finding.evidence, whichever is more appropriate
             port=finding.port if hasattr(finding, "port") else None,
             protocol=finding.protocol if hasattr(finding, "protocol") else None,
-            operatingSystem=asset.operating_system if hasattr(asset, "operating_system") else None,
+            operatingSystem=asset.operatingSystem if hasattr(asset, "operatingSystem") else None,
             fixedVersions=finding.fixed_versions,
             buildVersion=finding.build_version,
             fixStatus=finding.fix_status,
@@ -2339,7 +2342,7 @@ class ScannerIntegration(ABC):
             vulnerabilityId=vulnerability.id,
             assetId=asset.id,
             scanId=scan_history.id,
-            securityPlansId=self.plan_id if not self.is_component else None,
+            securityPlanId=self.plan_id if not self.is_component else None,
             createdById=self.assessor_id,
             tenantsId=self.tenant_id,
             isPublic=True,
@@ -2347,6 +2350,7 @@ class ScannerIntegration(ABC):
             firstSeen=finding.first_seen,
             lastSeen=finding.last_seen,
             status=finding.status,
+            dateLastUpdated=get_current_datetime(),
         ).create_unique()
         return vulnerability
 
@@ -2534,6 +2538,7 @@ class ScannerIntegration(ABC):
             f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
         )
         issue.changes = f"{issue.changes}\n{changes_text}" if issue.changes else changes_text
+        issue.dateLastUpdated = get_current_datetime()
         issue.save()
 
         with count_lock:

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,191 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.25",
-    "dateReleased": "2025-06-25T16:52:26.9744Z",
-    "count": 1370,
+    "catalogVersion": "2025.07.20",
+    "dateReleased": "2025-07-20T19:06:00.8332Z",
+    "count": 1382,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-53770",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-07-20",
+            "shortDescription": "Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.",
+            "requiredAction": "CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.  ",
+            "dueDate": "2025-07-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-25257",
+            "vendorProject": "Fortinet",
+            "product": "FortiWeb",
+            "vulnerabilityName": "Fortinet FortiWeb SQL Injection Vulnerability",
+            "dateAdded": "2025-07-18",
+            "shortDescription": "Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-151 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-25257",
+            "cwes": [
+                "CWE-89"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-47812",
+            "vendorProject": "Wing FTP Server",
+            "product": "Wing FTP Server",
+            "vulnerabilityName": "Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability",
+            "dateAdded": "2025-07-14",
+            "shortDescription": "Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.wftpserver.com\/serverhistory.htm ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47812",
+            "cwes": [
+                "CWE-158"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-5777",
+            "vendorProject": "Citrix",
+            "product": "NetScaler ADC and Gateway",
+            "vulnerabilityName": "Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability",
+            "dateAdded": "2025-07-10",
+            "shortDescription": "Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX693420 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5777",
+            "cwes": [
+                "CWE-125"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-9621",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Security_Advisories ; https:\/\/wiki.zimbra.com\/wiki\/Security_Center ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9621",
+            "cwes": [
+                "CWE-918",
+                "CWE-807"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-5418",
+            "vendorProject": "Rails",
+            "product": "Ruby on Rails",
+            "vulnerabilityName": "Rails Ruby on Rails Path Traversal Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/web.archive.org\/web\/20190313201629\/https:\/\/weblog.rubyonrails.org\/2019\/3\/13\/Rails-4-2-5-1-5-1-6-2-have-been-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-5418",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2016-10033",
+            "vendorProject": "PHP",
+            "product": "PHPMailer",
+            "vulnerabilityName": "PHPMailer Command Injection Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/github.com\/PHPMailer\/PHPMailer\/releases\/tag\/v5.2.18 ; https:\/\/github.com\/advisories\/GHSA-5f37-gxvh-23v6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10033",
+            "cwes": [
+                "CWE-77",
+                "CWE-88"
+            ]
+        },
+        {
+            "cveID": "CVE-2014-3931",
+            "vendorProject": "Looking Glass",
+            "product": "Multi-Router Looking Glass (MRLG)",
+            "vulnerabilityName": "Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/mrlg.op-sec.us\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-3931",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6554",
+            "vendorProject": "Google",
+            "product": "Chromium V8",
+            "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
+            "dateAdded": "2025-07-02",
+            "shortDescription": "Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read\/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/06\/stable-channel-update-for-desktop_30.html?m=1 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6554",
+            "cwes": [
+                "CWE-843"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48928",
+            "vendorProject": "TeleMessage",
+            "product": "TM SGNL",
+            "vulnerabilityName": "TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability",
+            "dateAdded": "2025-07-01",
+            "shortDescription": "TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48928",
+            "cwes": [
+                "CWE-528"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48927",
+            "vendorProject": "TeleMessage",
+            "product": "TM SGNL",
+            "vulnerabilityName": "TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability",
+            "dateAdded": "2025-07-01",
+            "shortDescription": "TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a \/heapdump URI.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48927",
+            "cwes": [
+                "CWE-1188"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6543",
+            "vendorProject": "Citrix",
+            "product": "NetScaler ADC and Gateway",
+            "vulnerabilityName": "Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability",
+            "dateAdded": "2025-06-30",
+            "shortDescription": "Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX694788 ; https:\/\/www.netscaler.com\/blog\/news\/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777\/ ;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6543",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
         {
             "cveID": "CVE-2019-6693",
             "vendorProject": "Fortinet",
@@ -13,7 +195,7 @@
             "shortDescription": "Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. ",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-16",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/fortiguard.com\/advisory\/FG-IR-19-007 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-6693",
             "cwes": [
                 "CWE-798"
@@ -18354,7 +18536,7 @@
             "shortDescription": "Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-05-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0708",
             "cwes": [
                 "CWE-416"