[Vulnerability Alert] CISA Added 4 Known Exploited Vulnerabilities to KEV Catalog (2025/10/27-2025/11/02)

Posted Date: 2025/11/05

Subject: [Vulnerability Alert] CISA Added 4 Known Exploited Vulnerabilities to KEV Catalog (2025/10/27-2025/11/02)

Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202511-00000001
1. [CVE-2025-6204] Dassault Systèmes DELMIA Apriso Code Injection Vulnerability (CVSS v3.1: 8.0)
  - [Exploited by Ransomware: Unknown] Dassault Systèmes DELMIA Apriso has a code injection vulnerability, which may allow an attacker to execute arbitrary code.
2. [CVE-2025-6205] Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability (CVSS v3.1: 9.1)
  - [Exploited by Ransomware: Unknown] Dassault Systèmes DELMIA Apriso has a missing authorization vulnerability, which may allow an attacker to obtain privileged access to the corresponding program.
3. [CVE-2025-41244] Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability (CVSS v3.1: 7.8)
  - [Exploited by Ransomware: Unknown] Broadcom VMware Aria Operations and VMware Tools have a local privilege escalation vulnerability. A malicious local user with non-administrator privileges, who can access a virtual machine with VMware Tools installed, managed by Aria Operations, and with SDMP enabled, can exploit this vulnerability to escalate privileges to root on that virtual machine.
4. [CVE-2025-24893] XWiki Platform Eval Injection Vulnerability (CVSS v3.1: 9.8)
  - [Exploited by Ransomware: Known] XWiki Platform has an eval injection vulnerability, which may allow any visitor to execute arbitrary remote code by sending a request to SolrSearch.
Affected Platforms:
1. [CVE-2025-6204] Please refer to the official listed affected versions
  - https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204
2. [CVE-2025-6205] Please refer to the official listed affected versions
  - https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205
3. [CVE-2025-41244] Please refer to the official listed affected versions https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
4. [CVE-2025-24893] Please refer to the official listed affected versions https://jira.xwiki.org/browse/XWIKI-22149
Recommended Measures:
1. [CVE-2025-6204] The official source has released a fix update for the vulnerability; please update to the relevant version https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204
2. [CVE-2025-6205] The official source has released a fix update for the vulnerability; please update to the relevant version https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205
3. [CVE-2025-41244] The official source has released a fix update for the vulnerability; please update to the relevant version https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
4. [CVE-2025-24893] The official source has released a fix update for the vulnerability; please update to the relevant version https://jira.xwiki.org/browse/XWIKI-22149

Computer and Communications Center
Network Systems Group