Print - 【Vulnerability Alert】CISA has added 10 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/09/29

【Vulnerability Alert】CISA has added 10 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/09/29–2025/10/05).

publish date : 2025-10-09 update date : 2025-10-09

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025100803105858	Publication Time	2025/10/08 15:41
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/10/08 15:41
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA has added 10 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/09/29–2025/10/05).
[Content] Forwarded from TWCERTCC-200-202510-00000003 1.【CVE-2025-32463】Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVSS v3.1: 9.3) 【Ransomware Exploitation: Unknown】 A vulnerability exists in versions of Sudo prior to 1.9.17p1 that allows local users to gain root privileges. The flaw occurs when the --chroot option causes Sudo to use the /etc/nsswitch.conf file from a user-controlled directory. 【Affected Platforms】 Refer to the official advisory: https://www.sudo.ws/security/advisories/chroot_bug/ 2.【CVE-2025-59689】Libraesva Email Security Gateway Command Injection Vulnerability (CVSS v3.1: 6.1) 【Ransomware Exploitation: Unknown】 A command injection vulnerability exists in Libraesva Email Security Gateway (ESG), allowing attackers to perform command injection through compressed email attachments. 【Affected Platforms】 Refer to the official advisory: https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ 3.【CVE-2025-10035】Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 10.0) 【Ransomware Exploitation: Known】 Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows attackers to forge valid authorization response signatures and deserialize arbitrary objects, potentially leading to command injection. 【Affected Platforms】sRefer to the official advisory: https://www.fortra.com/security/advisories/product-security/fi-2025-012 4.【CVE-2025-20352】Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (CVSS v3.1: 7.7) 【Ransomware Exploitation: Unknown】 A stack buffer overflow vulnerability exists in the SNMP subsystem of Cisco IOS and IOS XE, which could lead to denial of service (DoS) or remote code execution. 【Affected Platforms】 Refer to the official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte 5.【CVE-2021-21311】Adminer Server-Side Request Forgery Vulnerability (CVSS v3.1: 7.2) 【Ransomware Exploitation: Unknown】 A server-side request forgery (SSRF) vulnerability in Adminer could allow remote attackers to obtain potentially sensitive information. 【Affected Platforms】Refer to the official advisory: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 6.【CVE-2014-6278】GNU Bash OS Command Injection Vulnerability (CVSS v3.1: 8.8) 【Ransomware Exploitation: Unknown】 GNU Bash contains an OS command injection vulnerability allowing remote attackers to execute arbitrary commands via specially crafted environment variables. 【Affected Platforms】GNU Bash versions 1.14 through 4.3 (inclusive) 7.【CVE-2017-1000353】Jenkins Remote Code Execution Vulnerability (CVSS v3.1: 9.8) 【Ransomware Exploitation: Unknown】 A remote code execution vulnerability in Jenkins allows attackers to send serialized Java SignedObject instances to the Jenkins CLI over remote communication, bypassing existing blacklist-based protection mechanisms. 【Affected Platforms】 Refer to the official advisory: https://www.jenkins.io/security/advisory/2017-04-26/ 8.【CVE-2015-7755】Juniper ScreenOS Improper Authentication Vulnerability (CVSS v3.1: 9.8) 【Ransomware Exploitation: Unknown】 An improper authentication vulnerability in Juniper ScreenOS may allow unauthorized remote administrative access. 【Affected Platforms】 Refer to the official advisory: https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 9.【CVE-2025-21043】Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8) 【Ransomware Exploitation: Unknown】 An out-of-bounds write vulnerability exists in libimagecodec.quram.so on Samsung mobile devices, allowing remote attackers to execute arbitrary code. 【Affected Platforms】 Refer to the official advisory: https://security.samsungmobile.com/securityUpdate.smsb 10.【CVE-2025-4008】Smartbedded Meteobridge Command Injection Vulnerability (CVSS v3.1: 8.8) 【Ransomware Exploitation: Unknown】 A command injection vulnerability in Smartbedded Meteobridge may allow unauthenticated remote attackers to execute arbitrary commands with elevated (root) privileges on affected devices. 【Affected Platforms】 Refer to the official advisory: https://forum.meteohub.de/index.php Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Detailed information on affected platforms can be found in the “Description” section of the advisory.
[Recommended Actions] 1.【CVE-2025-32463】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://www.sudo.ws/security/advisories/chroot_bug/ 2.【CVE-2025-59689】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ 3.【CVE-2025-10035】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://www.fortra.com/security/advisories/product-security/fi-2025-012 4.【CVE-2025-20352】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte 5.【CVE-2021-21311】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 6.【CVE-2014-6278】 This vulnerability may affect open-source components, third-party libraries, protocols, or specific implementations. Please apply the mitigation measures provided by your product vendor. 7.【CVE-2017-1000353】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://www.jenkins.io/security/advisory/2017-04-26/ 8.【CVE-2015-7755】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 9.【CVE-2025-21043】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://security.samsungmobile.com/securityUpdate.smsb 10.【CVE-2025-4008】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions: https://forum.meteohub.de/index.php"
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center