Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】CISA has added 3 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/09/22–2025/09/28).

publish date : 2025-10-03 update date : 2025-10-03

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025100101104444 Publication Time 2025/10/01 13:39
Incident Type ANA-Vulnerability Alert Discovery Time 2025/10/01 13:39
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA has added 3 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/09/22–2025/09/28).

[Content]
Forwarded from TWCERTCC-200-202510-00000001

1.【CVE-2025-10585】Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 9.8)

【Ransomware Exploitation: Unknown】 A type confusion vulnerability exists in the V8 JavaScript and WebAssembly engine of Google Chromium. A remote attacker could exploit this vulnerability to execute arbitrary code remotely or cause program crashes. 【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

2.【CVE-2025-20362】Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability (CVSS v3.1: 6.5)

【Ransomware Exploitation: Unknown】 A missing authorization vulnerability exists in the VPN web servers of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD). This vulnerability may be chained with CVE-2025-20333.

【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

3.【CVE-2025-20333】Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability (CVSS v3.1: 9.9)

【Ransomware Exploitation: Unknown】 A buffer overflow vulnerability exists in the VPN web servers of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD). This may allow remote code execution. The vulnerability may be chained with CVE-2025-20362.

【Affected Platforms】Please refer to the affected versions listed in the official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Detailed information on affected platforms can be found in the “Description” section of the advisory.

[Recommended Actions]
1. 【CVE-2025-10585】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions:

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

2. 【CVE-2025-20362】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

3. 【CVE-2025-20333】 The vendor has released security updates to address this vulnerability. Please update to the relevant versions:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
[Reference]
 
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print