一、漏洞簡述
CISA 於 2025/09/22 至 2025/09/28 在 Known Exploited Vulnerabilities Catalog(KEV)中發布 3 個已遭駭客利用之漏洞,請所有使用相關產品或負責維運的同仁務必注意:
CVE-2025-10585
CVE-2025-20333
CVE-2025-20362
二、設備/版本影響
-
Cisco|Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
-
Google|Chromium V8
三、建議處置(原文複製)
修補說明請參考以下官方連結:
Cisco|Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
https://www.cisa.gov/news-events/directives/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions
https://www.cisa.gov/eviction-strategies-tool/create-from-template
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
https://sec.cloudapps.cisco.com/security/center/private/resources/asa_ftd_continued_attacks#Details
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
Google|Chromium V8
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
四、相關連結
CVE-2025-10585
CVE-2025-20333
CVE-2025-20362
參考資料: