Posted Date: 2025/08/26

[Vulnerability Alert] CISA Added 2 Known Exploited Vulnerabilities to KEV Catalog (2025/08/18-2025/08/24)

  • Subject: [Vulnerability Alert] CISA Added 2 Known Exploited Vulnerabilities to KEV Catalog (2025/08/18-2025/08/24)
  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000013
    1. [CVE-2025-54948] Trend Micro Apex One OS Command Injection Vulnerability (CVSS v3.1: 9.4)
      • [Exploited by ransomware: Unknown] Trend Micro Apex One on-premise version has an OS command injection vulnerability. An unauthenticated remote attacker can upload malicious code on the management console to achieve remote arbitrary code execution.
      • [Affected Platforms] Please refer to the affected versions listed by the official source
      • https://success.trendmicro.com/en-US/solution/KA-0020652
    2. [CVE-2025-43300] Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
      • [Exploited by ransomware: Unknown] Apple iOS, iPadOS, and macOS have an out-of-bounds write vulnerability in the Image I/O framework.
      • [Affected Platforms]
      • iPad OS before version 17.7.10
      • iPad OS versions 18.0 to 18.6.2 (exclusive)
      • iOS before version 18.6.2
      • macOS versions 13.0.0 to 13.7.8 (exclusive)
      • macOS versions 14.0 to 14.7.8 (exclusive)
      • macOS versions 15.0 to 15.6.1 (exclusive)
  • Affected Platforms:
    • Please refer to the Affected Platforms section in the content description.
  • Recommended Measures:
    1. [CVE-2025-54948] The official source has released a patch for the vulnerability; please update to the relevant version.
    2. [CVE-2025-43300] The official source has released a patch for the vulnerability; please update to the relevant version.

Computer and Communications Center
Network Systems Group