Well, CySA+ 002 came out in Aug 2020, so I would probably expect the launch of the 003 exam to be somewhere in third quarter of 2023. From there, I would think the accompanying Train the Trainer to be, maybe September of 2023.
Since CompTIA doesn't update an exam once it's released in terms of content and objective, until then, I would probably say that instructors would bridge the gap and add that content in.
Now, I don't especially recall a lot of information regarding specific CVE's but more "approaches" that lead to those CVEs.
/r