【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to the KEV Catalog (2025/03/31

【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to the KEV Catalog (2025/03/31–2025/04/06)

publish date : 2025-04-08 update date : 2025-04-08

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025040803044949	Publication Time	2025/04/08 15:15
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/04/08 15:15
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to the KEV Catalog (2025/03/31–2025/04/06)
[Content] Forwarded from TWCERTCC-200-202504-00000002 [CVE-2024-20439] Cisco Smart Licensing Utility Static Credential Vulnerability (CVSS v3.1: 9.8) Ransomware Involvement: Unknown A static credential vulnerability exists in Cisco Smart Licensing Utility, allowing unauthenticated remote attackers to log into affected systems and obtain administrative credentials. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw [CVE-2025-24813] Apache Tomcat Path Equivalence Vulnerability (CVSS v3.1: 9.8) Ransomware Involvement: Unknown A path equivalence vulnerability exists in Apache Tomcat, allowing remote attackers to execute code, leak information, or inject malicious content via certain PUT requests. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq [CVE-2025-22457] Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability (CVSS v3.1: 9.0) Ransomware Involvement: Unknown A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, allowing unauthenticated remote attackers to achieve remote code execution. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Please refer to the affected platforms listed in the “Content Description” section above.
[Recommended Actions] [CVE-2024-20439] A patch has been released by the official source. Please update to the relevant version: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw [CVE-2025-24813] A patch has been released by the official source. Please update to the relevant version: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq [CVE-2025-22457] A patch has been released by the official source. Please update to the relevant version: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center