一、漏洞簡述
CISA 於 8/25 至 8/31 在 Known Exploited Vulnerabilities Catalog (KEV) 中發布 5 個已遭駭客利用之漏洞,請所有使用相關產品或負責維運的同仁務必注意。
CVE-2024-8068
CVE-2024-8069
CVE-2025-7775
CVE-2025-48384
CVE-2025-57819
二、影響平台
Sangoma|FreePBX
Citrix|NetScaler
Git|Git
Citrix|Session Recording
三、建議處置
修補說明請參考以下官方連結:
Sangoma|FreePBX
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
Citrix|NetScaler
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
Citrix|Session Recording
https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html
Git|Git
https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
https://access.redhat.com/errata/RHSA-2025:13933
https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html
https://linux.oracle.com/errata/ELSA-2025-11534.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384