11/10至11/16 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 11/10 至 11/16 在 Known Exploited Vulnerabilities Catalog（KEV）中新增 5 個已遭駭客利用之漏洞。
受影響平台涵蓋 Fortinet FortiWeb、Gladinet Triofox、Microsoft Windows、Samsung 行動裝置及 WatchGuard Firebox。
這些漏洞已被確認遭到攻擊者利用，影響範圍涉及 Web 應用防火牆、雲端檔案分享平台、行動設備安全更新以及防火牆設備等，建議應儘速採取修補。

---

二、設備／版本影響

影響平台如下：

Fortinet｜FortiWeb
Gladinet｜Triofox
Microsoft｜Windows
Samsung｜Mobile Devices
WatchGuard｜Firebox

---

三、建議處置

修補說明請參考以下官方連結：

Fortinet｜FortiWeb
https://www.fortiguard.com/psirt/FG-IR-25-910

Gladinet｜Triofox
https://access.triofox.com/releases_history

Microsoft｜Windows
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215

Samsung｜Mobile Devices
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04

WatchGuard｜Firebox
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015

---

四、相關連結

參考資料：

1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

2. https://nvd.nist.gov/vuln/detail/CVE-2025-9242

3. https://nvd.nist.gov/vuln/detail/CVE-2025-12480

4. https://nvd.nist.gov/vuln/detail/CVE-2025-21042

5. https://nvd.nist.gov/vuln/detail/CVE-2025-62215

6. https://nvd.nist.gov/vuln/detail/CVE-2025-64446