[Security Vulnerability Alert] CISA adds three known vulnerabilities to the KEV catalog (September 22-28, 2025)

 
2025/10/1 ~ 2026/4/1
View Count:27

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202510-00000001)

[Description]
1. [CVE-2025-10585] Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 9.8)
[Exploited by ransomware: Unknown] Google Chromium has a type confusion vulnerability in its V8 JavaScript and WebAssembly engines. A remote attacker could exploit this vulnerability to execute arbitrary code remotely or cause the program to crash.
[Affected Platforms] Please refer to the official list of affected versions.

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

2. [CVE-2025-20362] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability (CVSS v3.1: 6.5)
[Exploited by ransomware: Unknown] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) devices contain a missing authorization vulnerability in their VPN web server. This vulnerability may be exploited in conjunction with CVE-2025-20333.
[Affected Platforms] Please refer to the official list of affected versions.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

3. [CVE-2025-20333] Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability (CVSS v3.1: 9.9)
[Exploited by Ransomware: Unknown] A buffer overflow vulnerability exists in the VPN web server of the Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD), potentially leading to remote code execution. This vulnerability could be exploited in conjunction with CVE-2025-20362.
[Affected Platforms] Please refer to the official list of affected versions.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

[Affected Platforms]
For details, refer to the affected platforms in the description section.

[Recommended Actions]
1. [CVE-2025-10585] A fix has been released for this vulnerability. Please update to the relevant version.
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

2. [CVE-2025-20362] A fix has been released for this vulnerability. Please update to the relevant version.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

3. [CVE-2025-20333] A fix has been released for this vulnerability. Please update to the relevant version.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Files
None
【Back】
Top↑