[Vulnerability Alert] CISA Adds 10 Known Exploited Vulnerabilities to KEV Catalog (2025/09/29-2025/10/05)

Date Posted: 2025/10/09

Subject: [Vulnerability Alert] CISA Adds 10 Known Exploited Vulnerabilities to KEV Catalog (2025/09/29-2025/10/05)

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000003
1. [CVE-2025-32463] Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVSS v3.1: 9.3)
  - [Exploited by ransomware: Unknown] Sudo versions before 1.9.17p1 have a vulnerability that allows a local user to gain root privileges because the /etc/nsswitch.conf file from a user-controllable directory is used when the –chroot option is specified.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://www.sudo.ws/security/advisories/chroot_bug/
2. [CVE-2025-59689] Libraesva Email Security Gateway Command Injection Vulnerability (CVSS v3.1: 6.1)
  - [Exploited by ransomware: Unknown] Libraesva Email Security Gateway (ESG) has a command injection vulnerability that allows a command injection attack to be executed via a compressed email attachment.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
3. [CVE-2025-10035] Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 10.0)
  - [Exploited by ransomware: Known] Fortra GoAnywhere MFT has a Deserialization of Untrusted Data vulnerability that allows an attacker to forge a legitimate authorized response signature and deserialize an arbitrary object under their control, which may lead to command injection.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://www.fortra.com/security/advisories/product-security/fi-2025-012
4. [CVE-2025-20352] Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (CVSS v3.1: 7.7)
  - [Exploited by ransomware: Unknown] Cisco IOS and IOS XE have a stack buffer overflow vulnerability in the SNMP subsystem that may lead to Denial of Service (DoS) or Remote Code Execution.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
5. [CVE-2021-21311] Adminer Server-Side Request Forgery Vulnerability (CVSS v3.1: 7.2)
  - [Exploited by ransomware: Unknown] Adminer has a Server-Side Request Forgery (SSRF) vulnerability that, if exploited, allows a remote attacker to obtain potentially sensitive information.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
6. [CVE-2014-6278] GNU Bash OS Command Injection Vulnerability (CVSS v3.1: 8.8)
  - [Exploited by ransomware: Unknown] GNU Bash has an OS Command Injection vulnerability that allows a remote attacker to execute arbitrary commands via a specially crafted environment variable.
  - [Affected Platforms] GNU Bash versions 1.14 through 4.3 (inclusive)
7. [CVE-2017-1000353] Jenkins Remote Code Execution Vulnerability (CVSS v3.1: 9.8)
  - [Exploited by ransomware: Unknown] Jenkins has a Remote Code Execution vulnerability. This vulnerability allows an attacker to transmit a serialized Java SignedObject via the remote-communication based Jenkins CLI, which will be deserialized through a new ObjectInputStream, thereby bypassing existing blocklist-based protection mechanisms.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://www.jenkins.io/security/advisory/2017-04-26/
8. [CVE-2015-7755] Juniper ScreenOS Improper Authentication Vulnerability (CVSS v3.1: 9.8)
  - [Exploited by ransomware: Unknown] Juniper ScreenOS has an Improper Authentication vulnerability that may allow unauthorized remote administrative access to the device.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756
9. [CVE-2025-21043] Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
  - [Exploited by ransomware: Unknown] Samsung Mobile Devices have an Out-of-Bounds Write vulnerability in libimagecodec.quram.so, allowing a remote attacker to execute arbitrary code.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://security.samsungmobile.com/securityUpdate.smsb
10. [CVE-2025-4008] Smartbedded Meteobridge Command Injection Vulnerability (CVSS v3.1: 8.8)
  - [Exploited by ransomware: Unknown] Smartbedded Meteobridge has a Command Injection vulnerability that may allow an unauthenticated remote attacker to execute arbitrary commands with elevated privileges (root) on the affected device.
  - [Affected Platforms] Please refer to the official list of affected versions
  - https://forum.meteohub.de/index.php
Affected Platforms:
- Details are in the Affected Platforms section of the Content Description
Recommended Action:
1. [CVE-2025-32463] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://www.sudo.ws/security/advisories/chroot_bug/
2. [CVE-2025-59689] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
3. [CVE-2025-10035] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://www.fortra.com/security/advisories/product-security/fi-2025-012
4. [CVE-2025-20352] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
5. [CVE-2021-21311] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
6. [CVE-2014-6278] The vulnerability may affect open-source components, third-party libraries, protocols, or specific implementations. Please apply the mitigation measures released by the product vendor for patching.
7. [CVE-2017-1000353] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://www.jenkins.io/security/advisory/2017-04-26/
8. [CVE-2015-7755] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756
9. [CVE-2025-21043] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://security.samsungmobile.com/securityUpdate.smsb
10. [CVE-2025-4008] The official vendor has released a fix for the vulnerability. Please update to the relevant version.
  - https://forum.meteohub.de/index.php

Computer and Communications Center
Network Systems Group