Posted Date: 2025/08/26

[Vulnerability Alert] CISA Added 2 Known Exploited Vulnerabilities to KEV Catalog (2025/08/18-2025/08/24)

Subject: [Vulnerability Alert] CISA Added 2 Known Exploited Vulnerabilities to KEV Catalog (2025/08/18-2025/08/24)
Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000013
1. [CVE-2025-54948] Trend Micro Apex One OS Command Injection Vulnerability (CVSS v3.1: 9.4)
  - [Exploited by ransomware: Unknown] Trend Micro Apex One on-premise version has an OS command injection vulnerability. An unauthenticated remote attacker can upload malicious code on the management console to achieve remote arbitrary code execution.
  - [Affected Platforms] Please refer to the affected versions listed by the official source
  - https://success.trendmicro.com/en-US/solution/KA-0020652
2. [CVE-2025-43300] Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
  - [Exploited by ransomware: Unknown] Apple iOS, iPadOS, and macOS have an out-of-bounds write vulnerability in the Image I/O framework.
  - [Affected Platforms]
  - iPad OS before version 17.7.10
  - iPad OS versions 18.0 to 18.6.2 (exclusive)
  - iOS before version 18.6.2
  - macOS versions 13.0.0 to 13.7.8 (exclusive)
  - macOS versions 14.0 to 14.7.8 (exclusive)
  - macOS versions 15.0 to 15.6.1 (exclusive)
Affected Platforms:
- Please refer to the Affected Platforms section in the content description.
Recommended Measures:
1. [CVE-2025-54948] The official source has released a patch for the vulnerability; please update to the relevant version.
  - https://success.trendmicro.com/en-US/solution/KA-0020652
2. [CVE-2025-43300] The official source has released a patch for the vulnerability; please update to the relevant version.

Computer and Communications Center
Network Systems Group