CISA Top 20 CVEs Exploited by People's Republic of...

Question

CISA Top 20 CVEs Exploited by People's Republic of China State-Sponsored Threat ActorsOn October 6, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory detailing the top 20 CVEs exploited by the People’s Republic of China (PRC) state-sponsored threat actors since 2020. These vulnerabilities have been used to target a variety of U.S. and allied networks, including software and hardware companies with the explicit goal to “steal intellectual property and develop access into sensitive networks.” This advisory follows a similar advisory in October 2020, where the NSA published a list of 25 known vulnerabilities exploited by Chinese state-sponsored actors.For more information about the 20 vulnerabilities, including Tenable product coverage, please visit our blog.

soconnor · Answer

Could we get a plugin created that addresses these as a group.  Makes it easier than hunting and creating our own.

snarang · Answer

Hi @Sean OConnor​&nbsp;-- Looking into this for you. I'll get back to you once I know more. Thanks for your patience.

Vulnerability Watch

Forum Discussion

CISA Top 20 CVEs Exploited by People's Republic of...

2 Replies

Recent Discussions

Oracle E-Business Suite Zero-Day Exploited by Cl0p Ransomware Group (CVE-2025-61882)

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

Americas

Europe

Asia / Australia