Posted Date: 2025/12/03

[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/11/17-2025/11/23)(CVE-2025-58034)(CVE-2025-13223)(CVE-2025-61757)

  • Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2025/11/17-2025/11/23)(CVE-2025-58034)(CVE-2025-13223)(CVE-2025-61757)
  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000017
    • [CVE-2025-58034] Fortinet FortiWeb OS Command Injection Vulnerability (CVSS v3.1: 7.2)
    • [Exploited by Ransomware: Unknown] Fortinet FortiWeb has an OS Command Injection vulnerability, allowing an authenticated attacker to execute unauthorized code on the underlying system via specially crafted HTTP requests or CLI commands.
    • [CVE-2025-13223] Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 8.8)
    • [Exploited by Ransomware: Unknown] Google Chromium V8 has a Type Confusion vulnerability, which may lead to heap memory corruption.
    • [CVE-2025-61757] Apple Multiple Products Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
    • [Exploited by Ransomware: Unknown] Apple macOS, iOS, tvOS, Safari, and watchOS contain an Out-of-Bounds Write vulnerability in WebKit, which may lead to arbitrary code execution when processing maliciously crafted web content.
  • Affected Platforms:
  • Recommended Measures:
    • [CVE-2025-58034] Please update FortiWeb to the following versions: FortiWeb version 7.0.12, FortiWeb version 7.2.12, FortiWeb version 7.4.10
    • [CVE-2025-13223] Please update Google Chrome to version 120.0.6099.199 and later
    • [CVE-2025-61757] Please update the relevant products to the following versions: macOS Ventura 13.4.1, iOS 16.5.1, iPadOS 16.5.1, tvOS 16.5.1, Safari 16.5.2, and watchOS 9.5.2
  • References:
    1. https://www.twcert.org.tw/tw/cp-132-10516-75f11-1.html

Computer and Communications Center
Network Systems Group