【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to the KEV Catalog (2025/03/31–2025/04/06)
publish date :
2025-04-08
update date :
2025-04-08
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025040803044949 | Publication Time | 2025/04/08 15:15 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/04/08 15:15 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to the KEV Catalog (2025/03/31–2025/04/06) |
|||
| [Content] Forwarded from TWCERTCC-200-202504-00000002 [CVE-2024-20439] Cisco Smart Licensing Utility Static Credential Vulnerability (CVSS v3.1: 9.8) Ransomware Involvement: Unknown A static credential vulnerability exists in Cisco Smart Licensing Utility, allowing unauthenticated remote attackers to log into affected systems and obtain administrative credentials. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw [CVE-2025-24813] Apache Tomcat Path Equivalence Vulnerability (CVSS v3.1: 9.8) Ransomware Involvement: Unknown A path equivalence vulnerability exists in Apache Tomcat, allowing remote attackers to execute code, leak information, or inject malicious content via certain PUT requests. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq [CVE-2025-22457] Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability (CVSS v3.1: 9.0) Ransomware Involvement: Unknown A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, allowing unauthenticated remote attackers to achieve remote code execution. [Affected Platforms] Please refer to the affected versions listed in the official advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Please refer to the affected platforms listed in the “Content Description” section above. |
|||
| [Recommended Actions] [CVE-2024-20439] A patch has been released by the official source. Please update to the relevant version: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw [CVE-2025-24813] A patch has been released by the official source. Please update to the relevant version: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq [CVE-2025-22457] A patch has been released by the official source. Please update to the relevant version: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US |
|||
| [Reference] | |||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
