12/1至12/7 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 12/1 至 12/7 在 Known Exploited Vulnerabilities Catalog(KEV)中新增 4 個已遭駭客實際利用之漏洞。這些漏洞分別影響 Android Framework、Meta React Server Components 以及 OpenPLC ScadaBR,已被證實存在實際攻擊行為,建議相關單位儘速檢視受影響系統並完成修補。

二、設備/版本影響

受影響平台如下:

  • Android|Framework

  • Meta|React Server Components

  • OpenPLC|ScadaBR

三、建議處置

修補說明請參考以下官方連結:

Android|Framework
https://source.android.com/docs/security/bulletin/2025-12-01

Meta|React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

OpenPLC|ScadaBR
https://github.com/SCADA-LTS/Scada-LTS/pull/2174

四、相關連結

CVE 編號:

  • CVE-2021-26828

  • CVE-2025-48572

  • CVE-2025-48633

  • CVE-2025-55182

參考資料:

  1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  2. https://nvd.nist.gov/vuln/detail/CVE-2021-26828

  3. https://nvd.nist.gov/vuln/detail/CVE-2025-48572

  4. https://nvd.nist.gov/vuln/detail/CVE-2025-48633

  5. https://nvd.nist.gov/vuln/detail/CVE-2025-55182