[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/09/22-2025/09/28)

• Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/09/22-2025/09/28)

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000001
  1. [CVE-2025-10585] Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 9.8)
     • [Exploited by ransomware: Unknown] Google Chromium has a type confusion vulnerability in its V8 JavaScript and WebAssembly engine, which a remote attacker can exploit to achieve arbitrary code execution or cause a crash.
     • [Affected Platforms] Please refer to the official list of affected versions
     • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
  2. [CVE-2025-20362] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability (CVSS v3.1: 6.5)
     • [Exploited by ransomware: Unknown] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) have a Missing Authorization vulnerability in the VPN Web services. This vulnerability may be exploited in conjunction with CVE-2025-20333.
     • [Affected Platforms] Please refer to the official list of affected versions
     • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
  3. [CVE-2025-20333] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability (CVSS v3.1: 9.9)
     • [Exploited by ransomware: Unknown] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) have a buffer overflow vulnerability in the VPN Web services, which may lead to remote code execution. This vulnerability may be exploited in conjunction with CVE-2025-20362.
     • [Affected Platforms] Please refer to the official list of affected versions
     • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

• Affected Platforms:
  • Details are in the Affected Platforms section of the Content Description
• Recommended Action:
  1. [CVE-2025-10585] The vendor has released a fix for the vulnerability. Please update to the relevant version.
     • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
  2. [CVE-2025-20362] The vendor has released a fix for the vulnerability. Please update to the relevant version.
     • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
  3. [CVE-2025-20333] The vendor has released a fix for the vulnerability. Please update to the relevant version.
     • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Computer and Communications Center
Network Systems Group