[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/11/17-2025/11/23)(CVE-2025-58034)(CVE-2025-13223)(CVE-2025-61757)
Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/11/17-2025/11/23)(CVE-2025-58034)(CVE-2025-13223)(CVE-2025-61757)
Content:
Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000017
[CVE-2025-58034] Fortinet FortiWeb OS Command Injection Vulnerability (CVSS v3.1: 7.2)
[Exploited by Ransomware: Unknown] Fortinet FortiWeb has an OS Command Injection vulnerability, allowing an authenticated attacker to execute unauthorized code on the underlying system via specially crafted HTTP requests or CLI commands.
[CVE-2025-13223] Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 8.8)
[Exploited by Ransomware: Unknown] Google Chromium V8 has a Type Confusion vulnerability, which may lead to heap memory corruption.
[CVE-2025-61757] Apple Multiple Products Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
[Exploited by Ransomware: Unknown] Apple macOS, iOS, tvOS, Safari, and watchOS contain an Out-of-Bounds Write vulnerability in WebKit, which may lead to arbitrary code execution when processing maliciously crafted web content.
Affected Platforms:
[CVE-2025-58034] FortiWeb version 7.0.0 through 7.0.11
[CVE-2025-58034] Please update FortiWeb to the following versions: FortiWeb version 7.0.12, FortiWeb version 7.2.12, FortiWeb version 7.4.10
[CVE-2025-13223] Please update Google Chrome to version 120.0.6099.199 and later
[CVE-2025-61757] Please update the relevant products to the following versions: macOS Ventura 13.4.1, iOS 16.5.1, iPadOS 16.5.1, tvOS 16.5.1, Safari 16.5.2, and watchOS 9.5.2