10/13至10/19 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 10/13 至 10/19 在 Known Exploited Vulnerabilities Catalog（KEV）中新增 6 個已遭駭客利用之漏洞。受影響平台涵蓋 Adobe AEM Forms、IGEL OS、Microsoft Windows、Rapid7 Velociraptor 以及 SKYSEA Client View。
由於此為已被攻擊者利用之弱點，建議各機關儘速確認是否受影響並進行修補。

---

二、設備／版本影響

受影響平台如下：

• Adobe｜Experience Manager (AEM) Forms

• IGEL｜IGEL OS

• Microsoft｜Windows

• Rapid7｜Velociraptor

• SKYSEA｜Client View

---

三、建議處置

修補說明請參考以下官方連結：

Adobe｜Experience Manager (AEM) Forms
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

IGEL｜IGEL OS
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827

Microsoft｜Windows
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230

Rapid7｜Velociraptor
https://docs.velociraptor.app/announcements/advisories/cve-2025-6264/

SKYSEA｜Client View
https://www.skyseaclientview.net/news/161221/

---

四、相關連結

CVE 編號：

CVE-2016-7836
CVE-2025-6264
CVE-2025-24990
CVE-2025-47827
CVE-2025-54253
CVE-2025-59230

參考資料：

1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

2. https://nvd.nist.gov/vuln/detail/CVE-2016-7836

3. https://nvd.nist.gov/vuln/detail/CVE-2025-6264

4. https://nvd.nist.gov/vuln/detail/CVE-2025-24990

5. https://nvd.nist.gov/vuln/detail/CVE-2025-47827

6. https://nvd.nist.gov/vuln/detail/CVE-2025-54253

7. https://nvd.nist.gov/vuln/detail/CVE-2025-59230