【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/06/16-2025/06/22)

• Subject: 【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/06/16-2025/06/22)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000020
  1. 【CVE-2023-33538】TP-Link Multiple Routers Command Injection Vulnerability (CVSS v3.1: 8.8)
     • 【Exploited by Ransomware: Unknown】 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 have a command injection vulnerability through the /userRpm/WlanNetworkRpm component.
     • 【Affected Platforms】 TP-Link TL-WR940N V2/V4 TP-Link TL-WR841N V8/V10 TP-Link TL-WR740N V1/V2
  2. 【CVE-2025-43200】Apple Multiple Products Unspecified Vulnerability (CVSS v3.1: 4.8)
     • 【Exploited by Ransomware: Unknown】 Apple iOS, iPadOS, macOS, watchOS, and visionOS have a security vulnerability when handling maliciously crafted photos or videos shared via iCloud links.
     • 【Affected Platforms】 Please refer to the officially listed affected versions https://support.apple.com/en-us/100100
  3. 【CVE-2023-0386】Linux Kernel Improper Ownership Management Vulnerability (CVSS v3.1: 7.8)
     • 【Exploited by Ransomware: Unknown】 The Linux kernel has an improper privilege management vulnerability in the OverlayFS subsystem, allowing local attackers with general privileges to execute otherwise restricted setuid files under specific conditions, leading to privilege escalation to administrator privileges.
     • 【Affected Platforms】 Linux kernel 6.2-rc6
• Affected Platforms:
  • Detailed content in the affected platforms section of the content description
• Suggested Measures:
  • 【CVE-2023-33538】 Affected products may have reached End of Life (EoL) and/or End of Service (EoS). Users are advised to stop using these products.
  • 【CVE-2025-43200】 Official updates have been released for the vulnerability, please update to the relevant versions
    • https://support.apple.com/en-us/122346
    • https://support.apple.com/en-us/122901
    • https://support.apple.com/en-us/122900
    • https://support.apple.com/en-us/122173
    • https://support.apple.com/en-us/122903
    • https://support.apple.com/en-us/122345
    • https://support.apple.com/en-us/122902
    • https://support.apple.com/en-us/122174
    • https://support.apple.com/en-us/122904
  • 【CVE-2023-0386】 Official updates have been released for the vulnerability, please update to the relevant versions
    • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a

Computer and Communications Center
Network Systems Division Respectfully