Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】CISA has added 3 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/11/17–2025/11/23) (CVE-2025-58034) (CVE-2025-13223) (CVE-2025-61757)

publish date : 2025-11-28 update date : 2025-11-28

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025112701110707 Publication Time 2025/11/27 13:34
Incident Type ANA-Vulnerability Alert Discovery Time 2025/11/27 13:34
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA has added 3 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/11/17–2025/11/23) (CVE-2025-58034) (CVE-2025-13223) (CVE-2025-61757)

[Content]
Forwarded from TWCERTCC-200-202511-00000017

【CVE-2025-58034】Fortinet FortiWeb OS Command Injection Vulnerability (CVSS v3.1: 7.2)

【Whether it has been exploited by ransomware: Unknown】Fortinet FortiWeb contains an operating system command injection vulnerability. An authenticated attacker can execute unauthorized code on the underlying system through specially crafted HTTP requests or CLI commands.

【CVE-2025-13223】Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 8.8)

【Whether it has been exploited by ransomware: Unknown】Google Chromium V8 contains a type confusion vulnerability that may lead to heap memory corruption.

【CVE-2025-61757】Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 9.8)

【Whether it has been exploited by ransomware: Unknown】Oracle Fusion Middleware contains a missing authentication vulnerability for critical functions, allowing an unauthenticated remote attacker to take over the identity management system.

Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
【CVE-2025-58034】Please refer to the affected versions listed by the vendor:

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

【CVE-2025-13223】Please refer to the affected versions listed by the vendor:

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

【CVE-2025-61757】Please refer to the affected versions listed by the vendor:

https://www.oracle.com/security-alerts/cpuoct2025.html

[Recommended Actions]
【CVE-2025-58034】The vendor has released security updates to address this vulnerability. Please update to the corresponding version:

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

【CVE-2025-13223】The vendor has released security updates to address this vulnerability. Please update to the corresponding version:

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

【CVE-2025-61757】The vendor has released security updates to address this vulnerability. Please update to the corresponding version:

https://www.oracle.com/security-alerts/cpuoct2025.html
[Reference]
 
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print