[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/07/14-2025/07/20)

• Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/07/14-2025/07/20)

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000020
  1. [CVE-2025-47812] Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability (CVSS v3.1: 10.0)
     • [Exploited by ransomware: Unknown] Wing FTP Server has an improper neutralization of null byte or NUL character vulnerability that may allow arbitrary Lua code injection into a user's session file. An attacker can use this to execute arbitrary system commands with the privileges of the FTP service (defaulting to root or SYSTEM privileges).
     • [Affected Platforms] Wing FTP Server versions prior to 7.4.4 (exclusive)
  2. [CVE-2025-25257] Fortinet FortiWeb SQL Injection Vulnerability (CVSS v3.1: 9.8)
     • [Exploited by ransomware: Unknown] Fortinet FortiWeb has a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands through a specially crafted HTTP or HTTPS request.
     • [Affected Platforms] Please refer to the official list of affected versions
     • https://fortiguard.fortinet.com/psirt/FG-IR-25-151
  3. [CVE-2025-53770] Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.8)
     • [Exploited by ransomware: Unknown] On-premises Microsoft SharePoint Server has a deserialization of untrusted data vulnerability that may allow an unauthenticated attacker to execute code over the network.
     • [Affected Platforms] Please refer to the official list of affected versions
     • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
• Affected Platforms:
  • Details are in the Affected Platforms section of the Content Description
• Recommended Action:
  1. [CVE-2025-47812] Upgrade the corresponding product to Wing FTP Server 7.4.4 or a higher version.
  2. [CVE-2025-25257] The official site has released a patch for the vulnerability, please update to the relevant version.
     • https://fortiguard.fortinet.com/psirt/FG-IR-25-151
  3. [CVE-2025-53770] The official site has released a patch for the vulnerability, please update to the relevant version.
     • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

Computer and Communications Center
Network Systems Group