10/20至10/26 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 10/20–10/26 在 KEV(Known Exploited Vulnerabilities Catalog)中新增 8 個已遭駭客利用 的漏洞,影響 Adobe、Apple、Kentico、Microsoft、Motex、Oracle 等多項產品。多數漏洞可被遠端攻擊者利用以取得未授權存取、執行任意程式碼或危害系統完整性,建議儘速依官方指引更新。

二、設備/版本影響

受影響平台包含:

  • Adobe|Commerce and Magento

  • Apple|Multiple Products

  • Kentico|Xperience CMS

  • Microsoft|Windows

  • Motex|LANSCOPE Endpoint Manager

  • Oracle|E-Business Suite

三、建議處置

修補說明請參考以下官方連結:

Adobe|Commerce and Magento
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397

Apple|Multiple Products
https://support.apple.com/en-us/HT213340
https://support.apple.com/en-us/HT213341
https://support.apple.com/en-us/HT213342
https://support.apple.com/en-us/HT213345
https://support.apple.com/en-us/HT213346

Kentico|Xperience CMS
https://devnet.kentico.com/download/hotfixes

Microsoft|Windows
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287

Motex|LANSCOPE Endpoint Manager
https://www.motex.co.jp/news/notice/2025/release251020/

Oracle|E-Business Suite
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

四、相關連結

參考資料:

  1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  2. https://nvd.nist.gov/vuln/detail/CVE-2022-48503

  3. https://nvd.nist.gov/vuln/detail/CVE-2025-2746

  4. https://nvd.nist.gov/vuln/detail/CVE-2025-2747

  5. https://nvd.nist.gov/vuln/detail/CVE-2025-33073

  6. https://nvd.nist.gov/vuln/detail/CVE-2025-54236

  7. https://nvd.nist.gov/vuln/detail/CVE-2025-59287

  8. https://nvd.nist.gov/vuln/detail/CVE-2025-61884

  9. https://nvd.nist.gov/vuln/detail/CVE-2025-61932