【Vulnerability Alert】CISA has added 4 vulnerabilities known to be exploited by hackers to the Known Exploited Vulnerabilities (KEV) catalog (2025/10/27–2025/11/02).
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025110401111212 | Publication Time | 2025/11/04 13:45 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/11/04 13:45 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】CISA has added 4 vulnerabilities known to be exploited by hackers to the Known Exploited Vulnerabilities (KEV) catalog (2025/10/27–2025/11/02). |
|||
|
[Content] 【Whether exploited by ransomware:Unknown】 A code injection vulnerability exists in Dassault Systèmes DELMIA Apriso, which may allow attackers to execute arbitrary code. 2.【CVE-2025-6205】Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability(CVSS v3.1:9.1) 【Whether exploited by ransomware:Unknown】 A missing authorization vulnerability exists in Dassault Systèmes DELMIA Apriso, which may allow attackers to gain privileged access to affected applications. 3.【CVE-2025-41244】Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability(CVSS v3.1:7.8) 【Whether exploited by ransomware:Unknown】 A local privilege escalation vulnerability exists in Broadcom VMware Aria Operations and VMware Tools. A malicious local user without administrative privileges who has access to a virtual machine running VMware Tools, managed by Aria Operations with SDMP enabled, could exploit this vulnerability to escalate privileges to root on that virtual machine. 4.【CVE-2025-24893】XWiki Platform Eval Injection Vulnerability(CVSS v3.1:9.8) 【Whether exploited by ransomware:Known】 An eval injection vulnerability exists in XWiki Platform, which may allow any unauthenticated visitor to execute arbitrary remote code by sending a crafted request to SolrSearch. |
|||
|
[Affected Platform] https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 2.【CVE-2025-6205】Please refer to the affected versions listed in the official documentation. https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 3.【CVE-2025-41244】Please refer to the affected versions listed in the official documentation. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 4.【CVE-2025-24893】Please refer to the affected versions listed in the official documentation. https://jira.xwiki.org/browse/XWIKI-22149 |
|||
|
[Recommended Actions] https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 2.【CVE-2025-6205】The vendor has released official patches for this vulnerability. Please update to the relevant fixed versions. https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 3.【CVE-2025-41244】The vendor has released official patches for this vulnerability. Please update to the relevant fixed versions. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 4.【CVE-2025-24893】The vendor has released official patches for this vulnerability. Please update to the relevant fixed versions. https://jira.xwiki.org/browse/XWIKI-22149 |
|||
| [Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw