10/27至11/2 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 10/27–11/2 在 KEV(Known Exploited Vulnerabilities Catalog)新增 4 個已遭駭客利用之漏洞,影響範圍包含 Broadcom(VMware Aria Operations / VMware Tools)、XWiki Platform 以及 Dassault Systèmes DELMIA Apriso。相關漏洞可能被利用以取得未授權存取、執行任意程式碼或影響系統功能,建議依官方公告儘速修補。

二、設備/版本影響

受影響平台包含:

  • Broadcom|VMware Aria Operations and VMware Tools

  • XWiki|Platform

  • Dassault Systèmes|DELMIA Apriso

三、建議處置

修補說明請參考以下官方連結:

Broadcom|VMware Aria Operations and VMware Tools
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

XWiki|Platform
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j

Dassault Systèmes|DELMIA Apriso
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205

四、相關連結

參考資料:

  1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  2. https://nvd.nist.gov/vuln/detail/CVE-2025-6204

  3. https://nvd.nist.gov/vuln/detail/CVE-2025-6205

  4. https://nvd.nist.gov/vuln/detail/CVE-2025-24893

  5. https://nvd.nist.gov/vuln/detail/CVE-2025-41244