【Vulnerability Alert】CISA has added 5 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/08/25–2025/08/31).
Source: Ministry of education information & communication security contingency platform
"" "" "" ""
| Publication Number | TACERT-ANA-2025090409095555 | Publication Time | 2025/09/04 09:37 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/04 09:37 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】CISA has added 5 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/08/25–2025/08/31). |
|||
|
[Content] 【Ransomware Exploitation: Unknown】 A link following vulnerability exists in Git, caused by inconsistent handling of carriage return characters in configuration files. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 2.【CVE-2024-8068】Citrix Session Recording Improper Privilege Management Vulnerability (CVSS v3.1: 8.0) 【Ransomware Exploitation: Unknown】 An improper privilege management vulnerability exists in Citrix Session Recording, which may lead to privilege escalation to the NetworkService account access level. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://support.citrix.com/support-home/home 3.【CVE-2024-8069】Citrix Session Recording Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.0) 【Ransomware Exploitation: Unknown】 A deserialization of untrusted data vulnerability exists in Citrix Session Recording, which may allow limited remote code execution under the privileges of the NetworkService account. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://support.citrix.com/support-home/home 4.【CVE-2025-7775】Citrix NetScaler Memory Overflow Vulnerability (CVSS v3.1: 9.8) 【Ransomware Exploitation: Unknown】 A memory overflow vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway, which may lead to remote code execution and/or denial-of-service attacks. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://support.citrix.com/support-home/home 5.【CVE-2025-57819】Sangoma FreePBX Authentication Bypass Vulnerability (CVSS v4.0: 10.0) 【Ransomware Exploitation: Unknown】 An authentication bypass vulnerability exists in Sangoma FreePBX. Due to insufficient validation and sanitization of user-supplied input, attackers can access the FreePBX administration interface without authentication, leading to arbitrary database operations and remote code execution. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h |
|||
| [Affected Platform] Detailed information on affected platforms can be found in the “Description” section of the advisories. |
|||
|
[Recommended Actions] https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 2.【CVE-2024-8068】 The vendor has released security updates to fix this vulnerability. Please update to the relevant versions: https://support.citrix.com/support-home/home 3.【CVE-2024-8069】 The vendor has released security updates to fix this vulnerability. Please update to the relevant versions: https://support.citrix.com/support-home/home 4.【CVE-2025-7775】 The vendor has released security updates to fix this vulnerability. Please update to the relevant versions: https://support.citrix.com/support-home/home 5.【CVE-2025-57819】 The vendor has released security updates to fix this vulnerability. Please update to the relevant versions: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h |
|||
| [Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw