SonicWall 產品阻斷服務漏洞

發佈日期: 2025年07月31日

風險: 中度風險

類型: 操作系統 - Network

於 SonicWall Products 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發阻斷服務狀況。

---

影響

• 阻斷服務

---

受影響之系統或技術

• Gen7 hardware Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 7.2.0-7015 (7.0.1 版本分支不受影響) 及之前的版本。

• Gen7 virtual Firewalls (NSv) - NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) 7.2.0-7015 (7.0.1 版本分支不受影響) 及之前的版本。

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

---

漏洞識別碼

• CVE-2025-40600

---

資料來源

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

---

相關連結

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

SonicWall Products Denial of Service Vulnerability

Release Date: 31 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Sonicwall Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

---

Impact

• Denial of Service

---

System / Technologies affected

• Gen7 hardware Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 version prior to 7.2.0-7015 (7.0.1 branch is not affected).

• Gen7 virtual Firewalls (NSv) - NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) version prior to 7.2.0-7015 (7.0.1 branch is not affected).

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

---

Vulnerability Identifier

• CVE-2025-40600

---

Source

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

---

Related Link

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

蘋果產品多個漏洞

發佈日期: 2025年07月30日

風險: 中度風險

類型: 操作系統 - 流動裝置及操作系統

於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、彷冒、遠端執行任意程式碼、洩露敏感資料、跨網站指令碼、篡改及繞過保安限制。

 

---

影響

• 阻斷服務
• 遠端執行程式碼
• 權限提升
• 繞過保安限制
• 資料洩露
• 仿冒
• 篡改
• 跨網站指令碼

---

受影響之系統或技術

• iOS 18.6 及 iPadOS 18.6 以前的版本
• iPadOS 17.7.9 以前的版本
• macOS Sequoia 15.6 以前的版本
• macOS Sonoma 14.7.7 以前的版本
• macOS Ventura 13.7.7 以前的版本
• tvOS 18.6 以前的版本
• visionOS 2.6 以前的版本
• WatchOS 11.6 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式：

 

• iOS 18.6 及 iPadOS 18.6
• iPadOS 17.7.9
• macOS Sequoia 15.6
• macOS Sonoma 14.7.7
• macOS Ventura 13.7.7
• tvOS 18.6
• visionOS 2.6
• watchOS 11.6

---

漏洞識別碼

• CVE-2025-6558
• CVE-2025-7424
• CVE-2025-7425
• CVE-2025-24119
• CVE-2025-24188
• CVE-2025-24220
• CVE-2025-24224
• CVE-2025-31229
• CVE-2025-31243
• CVE-2025-31273
• CVE-2025-31275
• CVE-2025-31276
• CVE-2025-31277
• CVE-2025-31278
• CVE-2025-31279
• CVE-2025-31280
• CVE-2025-31281
• CVE-2025-43184
• CVE-2025-43185
• CVE-2025-43186
• CVE-2025-43187
• CVE-2025-43188
• CVE-2025-43189
• CVE-2025-43191
• CVE-2025-43192
• CVE-2025-43193
• CVE-2025-43194
• CVE-2025-43195
• CVE-2025-43196
• CVE-2025-43197
• CVE-2025-43198
• CVE-2025-43199
• CVE-2025-43202
• CVE-2025-43206
• CVE-2025-43209
• CVE-2025-43210
• CVE-2025-43211
• CVE-2025-43212
• CVE-2025-43213
• CVE-2025-43214
• CVE-2025-43215
• CVE-2025-43216
• CVE-2025-43217
• CVE-2025-43218
• CVE-2025-43219
• CVE-2025-43220
• CVE-2025-43221
• CVE-2025-43222
• CVE-2025-43223
• CVE-2025-43224
• CVE-2025-43225
• CVE-2025-43226
• CVE-2025-43227
• CVE-2025-43228
• CVE-2025-43229
• CVE-2025-43230
• CVE-2025-43232
• CVE-2025-43233
• CVE-2025-43234
• CVE-2025-43235
• CVE-2025-43236
• CVE-2025-43237
• CVE-2025-43238
• CVE-2025-43239
• CVE-2025-43240
• CVE-2025-43241
• CVE-2025-43243
• CVE-2025-43244
• CVE-2025-43245
• CVE-2025-43246
• CVE-2025-43247
• CVE-2025-43248
• CVE-2025-43249
• CVE-2025-43250
• CVE-2025-43251
• CVE-2025-43252
• CVE-2025-43253
• CVE-2025-43254
• CVE-2025-43255
• CVE-2025-43256
• CVE-2025-43257
• CVE-2025-43259
• CVE-2025-43260
• CVE-2025-43261
• CVE-2025-43264
• CVE-2025-43265
• CVE-2025-43266
• CVE-2025-43267
• CVE-2025-43268
• CVE-2025-43270
• CVE-2025-43273
• CVE-2025-43274
• CVE-2025-43275
• CVE-2025-43276
• CVE-2025-43277

---

資料來源

• Apple

---

相關連結

• https://support.apple.com/en-us/124147
• https://support.apple.com/en-us/124148
• https://support.apple.com/en-us/124149
• https://support.apple.com/en-us/124150
• https://support.apple.com/en-us/124151
• https://support.apple.com/en-us/124153
• https://support.apple.com/en-us/124154
• https://support.apple.com/en-us/124155

Apple Products Multiple Vulnerabilities

Release Date: 30 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, cross-site scripting, data manipulation and security restriction bypass on the targeted system.

 

---

Impact

• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Spoofing
• Data Manipulation
• Cross-Site Scripting

---

System / Technologies affected

• Versions prior to iOS 18.6 and iPadOS 18.6
• Versions prior to iPadOS 17.7.9
• Versions prior to macOS Sequoia 15.6
• Versions prior to macOS Sonoma 14.7.7
• Versions prior to macOS Ventura 13.7.7
• Versions prior to tvOS 18.6
• Versions prior to visionOS 2.6
• Versions prior to watchOS 11.6

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• iOS 18.6 and iPadOS 18.6
• iPadOS 17.7.9
• macOS Sequoia 15.6
• macOS Sonoma 14.7.7
• macOS Ventura 13.7.7
• tvOS 18.6
• visionOS 2.6
• watchOS 11.6

---

Vulnerability Identifier

• CVE-2025-6558
• CVE-2025-7424
• CVE-2025-7425
• CVE-2025-24119
• CVE-2025-24188
• CVE-2025-24220
• CVE-2025-24224
• CVE-2025-31229
• CVE-2025-31243
• CVE-2025-31273
• CVE-2025-31275
• CVE-2025-31276
• CVE-2025-31277
• CVE-2025-31278
• CVE-2025-31279
• CVE-2025-31280
• CVE-2025-31281
• CVE-2025-43184
• CVE-2025-43185
• CVE-2025-43186
• CVE-2025-43187
• CVE-2025-43188
• CVE-2025-43189
• CVE-2025-43191
• CVE-2025-43192
• CVE-2025-43193
• CVE-2025-43194
• CVE-2025-43195
• CVE-2025-43196
• CVE-2025-43197
• CVE-2025-43198
• CVE-2025-43199
• CVE-2025-43202
• CVE-2025-43206
• CVE-2025-43209
• CVE-2025-43210
• CVE-2025-43211
• CVE-2025-43212
• CVE-2025-43213
• CVE-2025-43214
• CVE-2025-43215
• CVE-2025-43216
• CVE-2025-43217
• CVE-2025-43218
• CVE-2025-43219
• CVE-2025-43220
• CVE-2025-43221
• CVE-2025-43222
• CVE-2025-43223
• CVE-2025-43224
• CVE-2025-43225
• CVE-2025-43226
• CVE-2025-43227
• CVE-2025-43228
• CVE-2025-43229
• CVE-2025-43230
• CVE-2025-43232
• CVE-2025-43233
• CVE-2025-43234
• CVE-2025-43235
• CVE-2025-43236
• CVE-2025-43237
• CVE-2025-43238
• CVE-2025-43239
• CVE-2025-43240
• CVE-2025-43241
• CVE-2025-43243
• CVE-2025-43244
• CVE-2025-43245
• CVE-2025-43246
• CVE-2025-43247
• CVE-2025-43248
• CVE-2025-43249
• CVE-2025-43250
• CVE-2025-43251
• CVE-2025-43252
• CVE-2025-43253
• CVE-2025-43254
• CVE-2025-43255
• CVE-2025-43256
• CVE-2025-43257
• CVE-2025-43259
• CVE-2025-43260
• CVE-2025-43261
• CVE-2025-43264
• CVE-2025-43265
• CVE-2025-43266
• CVE-2025-43267
• CVE-2025-43268
• CVE-2025-43270
• CVE-2025-43273
• CVE-2025-43274
• CVE-2025-43275
• CVE-2025-43276
• CVE-2025-43277

---

Source

• Apple

---

Related Link

• https://support.apple.com/en-us/124147
• https://support.apple.com/en-us/124148
• https://support.apple.com/en-us/124149
• https://support.apple.com/en-us/124150
• https://support.apple.com/en-us/124151
• https://support.apple.com/en-us/124153
• https://support.apple.com/en-us/124154
• https://support.apple.com/en-us/124155

Google Chrome 遠端執行程式碼漏洞

發佈日期: 2025年07月30日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。

---

影響

• 遠端執行程式碼
• 阻斷服務

---

受影響之系統或技術

• Google Chrome 138.0.7204.183 (Linux) 之前的版本
• Google Chrome 138.0.7204.183/.184 (Mac) 之前的版本
• Google Chrome 138.0.7204.183/.184 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 升級 138.0.7204.183 (Linux) 或之後的版本
• 升級 138.0.7204.183/.184 (Mac) 或之後的版本
• 升級 138.0.7204.183/.184 (Windows) 或之後的版本

---

漏洞識別碼

• CVE-2025-8292

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html

Google Chrome Remote Code Execution Vulnerability

Release Date: 30 Jul 2025

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution and denial of service condition on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service

---

System / Technologies affected

• Google Chrome prior to 138.0.7204.183 (Linux)
• Google Chrome prior to 138.0.7204.183/.184 (Mac)
• Google Chrome prior to 138.0.7204.183/.184 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 138.0.7204.183 (Linux) or later
• Update to version 138.0.7204.183/.184 (Mac) or later
• Update to version 138.0.7204.183/.184 (Windows) or later

---

Vulnerability Identifier

• CVE-2025-8292

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html

PaperCut 多個漏洞

發佈日期: 2025年07月29日

風險: 高度風險

類型: 伺服器 - 其他伺服器

在PaperCut發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行程式碼、敏感資料洩露及繞過保安限制。

 

注意:

CVE-2023-2533 正被廣泛利用。遠端攻擊者可誘使管理員點擊經過特殊設計的惡意連結，可能導致遠端程式碼執行。因此，風險等級被評為高度風險。

---

影響

• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

• PaperCut NG/MF 22.1.1 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

 

• PaperCut NG/MF 22.1.1 或之後版本

---

漏洞識別碼

• CVE-2023-2533
• CVE-2023-31046
• CVE-2023-39469

---

資料來源

• PaperCut

---

相關連結

• https://www.papercut.com/kb/Main/SecurityBulletinJune2023

PaperCut Multiple Vulnerabilities

Release Date: 29 Jul 2025

RISK: High Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in PaperCut. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Note:

CVE-2023-2533 is being exploited in the wild. A remote attacker could deceive an admin into clicking a specially crafted malicious link, potentially leading to remote code execution. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• Versions prior to PaperCut NG/MF version 22.1.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

• PaperCut NG/MF 22.1.1 or later versions

---

Vulnerability Identifier

• CVE-2023-2533
• CVE-2023-31046
• CVE-2023-39469

---

Source

• PaperCut

---

Related Link

• https://www.papercut.com/kb/Main/SecurityBulletinJune2023

ChromeOS 多個漏洞

發佈日期: 2025年07月24日

風險: 極高度風險

類型: 用戶端 - 瀏覽器

於 ChromeOS 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過保安限制。

 

注意：

CVE-2025-6558 正在被廣泛利用。ANGLE 和 GPU 中不受信任的輸入驗證不正確。

---

影響

• 遠端執行程式碼
• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

• 16238.62.0 之前的 ChromeOS 版本（瀏覽器版本 136.0.7103.150）

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式，詳情請參閱以下連結：

• https://chromereleases.googleblog.com/2025/07/stable-chanel-update-for-chromeos.html

---

漏洞識別碼

• CVE-2025-6044
• CVE-2025-6555
• CVE-2025-6556
• CVE-2025-6558
• CVE-2025-7656
• CVE-2025-7657

---

資料來源

• Chrome

---

相關連結

• https://chromereleases.googleblog.com/2025/07/stable-chanel-update-for-chromeos.html

ChromeOS Multiple Vulnerabilities

Release Date: 24 Jul 2025

RISK: Extremely High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and security restriction bypass on the targeted system.

 

Note:

CVE-2025-6558 is being exploited in the wild. Incorrect validation of untrusted input in ANGLE and GPU.

---

Impact

• Remote Code Execution
• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

• ChromeOS version 16238.62.0 （Browser version 136.0.7103.150）

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor. For detail, please refer to the link below:

• https://chromereleases.googleblog.com/2025/07/stable-chanel-update-for-chromeos.html

---

Vulnerability Identifier

• CVE-2025-6044
• CVE-2025-6555
• CVE-2025-6556
• CVE-2025-6558
• CVE-2025-7656
• CVE-2025-7657

---

Source

• Chrome

---

Related Link

• https://chromereleases.googleblog.com/2025/07/stable-chanel-update-for-chromeos.html

SonicWall 產品多個漏洞

發佈日期: 2025年07月24日

風險: 中度風險

類型: 操作系統 - Network

於 SonicWall Products 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及跨網站指令碼。

---

影響

• 遠端執行程式碼
• 阻斷服務
• 跨網站指令碼

---

受影響之系統或技術

• SMA 100 Series (SMA 210, 410, 500v) 10.2.1.15-81sv 及之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

---

漏洞識別碼

• CVE-2025-40596
• CVE-2025-40597
• CVE-2025-40598

---

資料來源

• SonicWall

---

相關連結

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

SonicWall Products Multiple Vulnerabilities

Release Date: 24 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in SonicWall Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and cross-site scripting on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Cross-Site Scripting

---

System / Technologies affected

• SMA 100 Series (SMA 210, 410, 500v) 10.2.1.15-81sv and earlier versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

---

Vulnerability Identifier

• CVE-2025-40596
• CVE-2025-40597
• CVE-2025-40598

---

Source

• SonicWall

---

Related Link

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012

Google Chrome 多個漏洞

發佈日期: 2025年07月23日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。

---

影響

• 遠端執行程式碼
• 阻斷服務

---

受影響之系統或技術

• Google Chrome 138.0.7204.168 (Linux) 之前的版本
• Google Chrome 138.0.7204.168/.169 (Mac) 之前的版本
• Google Chrome 138.0.7204.168/.169 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 138.0.7204.168 (Linux) 或之後版本
• 更新至 138.0.7204.168/.169 (Mac) 或之後版本
• 更新至 138.0.7204.168/.169 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2025-8010
• CVE-2025-8011

---

資料來源

• Chrome

---

相關連結

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html

Google Chrome Multiple Vulnerabilities

Release Date: 23 Jul 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service

---

System / Technologies affected

• Google Chrome prior to 138.0.7204.168 (Linux)
• Google Chrome prior to 138.0.7204.168/.169 (Mac)
• Google Chrome prior to 138.0.7204.168/.169 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 138.0.7204.168 (Linux) or later
• Update to version 138.0.7204.168/.169 (Mac) or later
• Update to version 138.0.7204.168/.169 (Windows) or later

---

Vulnerability Identifier

• CVE-2025-8010
• CVE-2025-8011

---

Source

• Chrome

---

Related Link

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html

Mozilla 產品多個漏洞

發佈日期: 2025年07月23日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

---

影響

• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 141
• Firefox ESR 115.26
• Firefox ESR 128.13
• Firefox ESR 140.1
• Firefox for iOS 141
• Thunderbird 128.13
• Thunderbird 140.1
• Thunderbird 141

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 141
• Firefox ESR 115.26
• Firefox ESR 128.13
• Firefox ESR 140.1
• Firefox for iOS 141
• Thunderbird 128.13
• Thunderbird 140.1
• Thunderbird 141

---

漏洞識別碼

• CVE-2025-8027
• CVE-2025-8028
• CVE-2025-8029
• CVE-2025-8030
• CVE-2025-8031
• CVE-2025-8032
• CVE-2025-8033
• CVE-2025-8034
• CVE-2025-8035
• CVE-2025-8036
• CVE-2025-8037
• CVE-2025-8038
• CVE-2025-8039
• CVE-2025-8040
• CVE-2025-8041
• CVE-2025-8042
• CVE-2025-8043
• CVE-2025-8044
• CVE-2025-54143
• CVE-2025-54144
• CVE-2025-54145

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/

Mozilla Products Multiple Vulnerabilities

Release Date: 23 Jul 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

Versions prior to:

 

• Firefox 141
• Firefox ESR 115.26
• Firefox ESR 128.13
• Firefox ESR 140.1
• Firefox for iOS 141
• Thunderbird 128.13
• Thunderbird 140.1
• Thunderbird 141

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 141
• Firefox ESR 115.26
• Firefox ESR 128.13
• Firefox ESR 140.1
• Firefox for iOS 141
• Thunderbird 128.13
• Thunderbird 140.1
• Thunderbird 141

---

Vulnerability Identifier

• CVE-2025-8027
• CVE-2025-8028
• CVE-2025-8029
• CVE-2025-8030
• CVE-2025-8031
• CVE-2025-8032
• CVE-2025-8033
• CVE-2025-8034
• CVE-2025-8035
• CVE-2025-8036
• CVE-2025-8037
• CVE-2025-8038
• CVE-2025-8039
• CVE-2025-8040
• CVE-2025-8041
• CVE-2025-8042
• CVE-2025-8043
• CVE-2025-8044
• CVE-2025-54143
• CVE-2025-54144
• CVE-2025-54145

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/

Sophos 防火牆多個漏洞

發佈日期: 2025年07月22日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於 Sophos 防火牆發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Sophos Firewall v21.5 GA (21.5.0) 及之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

---

漏洞識別碼

• CVE-2024-13973
• CVE-2024-13974
• CVE-2025-6704
• CVE-2025-7382
• CVE-2025-7624

---

資料來源

• Sophos

---

相關連結

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Sophos Firewall Multiple Vulnerabilities

Release Date: 22 Jul 2025

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Sophos Firewall. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Sophos Firewall version prior to v21.5 GA (21.5.0)

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

---

Vulnerability Identifier

• CVE-2024-13973
• CVE-2024-13974
• CVE-2025-6704
• CVE-2025-7382
• CVE-2025-7624

---

Source

• Sophos

---

Related Link

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

F5 產品阻斷服務漏洞

發佈日期: 2025年07月18日

風險: 高度風險

類型: 操作系統 - Network

於 F5 產品發現一個漏洞。遠端攻擊者可利用這漏洞，於目標系統觸發阻斷服務狀況。

 

注意：

暫無可修補 CVE-2025-48976 的修補程式。因此，風險等級被評為高度風險。

 

 

---

影響

• 阻斷服務

---

受影響之系統或技術

BIG-IP

 

• 15.1.0 - 15.1.10
• 16.1.0 - 16.1.6
• 17.1.0 - 17.1.2
• 17.5.0 - 17.5.1

 

Traffix SDC

 

• 5.2.0

 

---

解決方案

處理方法：

透過以下方法以緩解此漏洞的影響：

 

1. 阻止通過自身 IP 地址訪問配置工具和 SSH
2. 阻止通過管理介面訪問配置工具和 SSH

請瀏覽供應商之網站，以獲得更多詳細資料。

 

應用供應商提供的臨時處理方法：

• https://my.f5.com/manage/s/article/K000152614

---

漏洞識別碼

• CVE-2025-48976

---

資料來源

• F5

---

相關連結

https://my.f5.com/manage/s/article/K000152614

F5 Products Denial of Service Vulnerability

Release Date: 18 Jul 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

 

Note:

No patch is currently available for CVE-2025-48976 of the affected products. Hence, the risk level is rated as High Risk.

 

 

---

Impact

• Denial of Service

---

System / Technologies affected

BIG-IP

 

• 15.1.0 - 15.1.10
• 16.1.0 - 16.1.6
• 17.1.0 - 17.1.2
• 17.5.0 - 17.5.1

 

Traffix SDC

 

• 5.2.0

 

 

 

---

Solutions

Workaround:

Mitigate the vulnerability by the following workaround:

 

1. Block Configuration utility and SSH access through self IP addresses
2. Block Configuration utility and SSH access through the management interface

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

• https://my.f5.com/manage/s/article/K000152614

---

Vulnerability Identifier

• CVE-2025-48976

---

Source

• F5

---

Related Link

https://my.f5.com/manage/s/article/K000152614

IBM WebSphere 產品多個漏洞

發佈日期: 2025年07月18日

風險: 中度風險

類型: 伺服器 - 互聯網應用伺服器

於 IBM WebSphere 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及繞過保安限制。

---

影響

• 繞過保安限制
• 阻斷服務

---

受影響之系統或技術

• IBM WebSphere Application Server 9.0
• IBM WebSphere Application Server Liberty 17.0.0.3-25.0.0.7

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.ibm.com/support/pages/node/7239856
• https://www.ibm.com/support/pages/node/7239955

---

漏洞識別碼

• CVE-2024-56339
• CVE-2025-36097

---

資料來源

• IBM

---

相關連結

• https://www.ibm.com/support/pages/node/7239856
• https://www.ibm.com/support/pages/node/7239955

IBM WebSphere Products Multiple Vulnerabilities

Release Date: 18 Jul 2025

RISK: Medium Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in IBM WebSphere Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

---

Impact

• Security Restriction Bypass
• Denial of Service

---

System / Technologies affected

• IBM WebSphere Application Server 9.0
• IBM WebSphere Application Server Liberty 17.0.0.3-25.0.0.7

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.ibm.com/support/pages/node/7239856
• https://www.ibm.com/support/pages/node/7239955

---

Vulnerability Identifier

• CVE-2024-56339
• CVE-2025-36097

---

Source

• IBM

---

Related Link

• https://www.ibm.com/support/pages/node/7239856
• https://www.ibm.com/support/pages/node/7239955

Google Chrome 多個漏洞

發佈日期: 2025年07月16日

風險: 極高度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。

 

注意：

CVE-2025-6558 正在被廣泛利用。ANGLE 和 GPU 中不受信任的輸入驗證不正確。

---

影響

• 遠端執行程式碼
• 阻斷服務

---

受影響之系統或技術

• Google Chrome prior to 138.0.7204.157 (Linux) 之前的版本
• Google Chrome 138.0.7204.157/.158 (Mac) 之前的版本
• Google Chrome 138.0.7204.157/.158 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

 

• 更新至 138.0.7204.157 (Linux) 或之後版本
• 更新至 138.0.7204.157/.158 (Mac) 或之後版本
• 更新至 138.0.7204.157/.158 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2025-6558
• CVE-2025-7656
• CVE-2025-7657

---

資料來源

• Chrome

---

相關連結

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

Google Chrome Multiple Vulnerabilities

Release Date: 16 Jul 2025

RISK: Extremely High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

 

Note:

CVE-2025-6558 is being exploited in the wild. Incorrect validation of untrusted input in ANGLE and GPU. 

---

Impact

• Remote Code Execution
• Denial of Service

---

System / Technologies affected

• Google Chrome prior to 138.0.7204.157 (Linux)
• Google Chrome prior to 138.0.7204.157/.158 (Mac)
• Google Chrome prior to 138.0.7204.157/.158 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Update to version 138.0.7204.157 (Linux) or later
• Update to version 138.0.7204.157/.158 (Mac) or later
• Update to version 138.0.7204.157/.158 (Windows) or later

---

Vulnerability Identifier

• CVE-2025-6558
• CVE-2025-7656
• CVE-2025-7657

---

Source

• Chrome

---

Related Link

• https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

Node.js 多個漏洞

發佈日期: 2025年07月16日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 Node.js 發現一些漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及繞過保安限制。

---

影響

• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

• Node.js 20.19.4 (LTS) 以前的版本
• Node.js 22.17.1 (LTS) 以前的版本
• Node.js 24.4.1 (Current) 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 更新至 Node.js 20.19.4 (LTS) 版本
• 更新至 Node.js 22.17.1 (LTS) 版本
• 更新至 Node.js 24.4.1 (Current) 版本

---

漏洞識別碼

• CVE-2025-27209
• CVE-2025-27210

---

資料來源

• Node.js

---

相關連結

• https://nodejs.org/en/blog/vulnerability/july-2025-security-releases
• https://nodejs.org/en/blog/release/v20.19.4
• https://nodejs.org/en/blog/release/v22.17.1
• https://nodejs.org/en/blog/release/v24.4.1

Node.js Multiple Vulnerabilities

Release Date: 16 Jul 2025

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

• Node.js versions prior to 20.19.4 (LTS)
• Node.js versions prior to 22.17.1 (LTS)
• Node.js versions prior to 24.4.1 (Current)

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to Node.js version 20.19.4 (LTS)
• Update to Node.js version 22.17.1 (LTS)
• Update to Node.js version 24.4.1 (Current)

---

Vulnerability Identifier

• CVE-2025-27209
• CVE-2025-27210

---

Source

• Node.js

---

Related Link

• https://nodejs.org/en/blog/vulnerability/july-2025-security-releases
• https://nodejs.org/en/blog/release/v20.19.4
• https://nodejs.org/en/blog/release/v22.17.1
• https://nodejs.org/en/blog/release/v24.4.1

甲骨文產品多個漏洞

發佈日期: 2025年07月16日

風險: 中度風險

類型: 伺服器 - 數據庫伺服器

於甲骨文產品發現多個漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露、篡改及繞過保安限制。

 

---

影響

• 阻斷服務
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露
• 權限提升
• 篡改

---

受影響之系統或技術

• Oracle MySQL
• Java SE
• Oracle Database Server
• WebLogic Server
• VirtualBox

 

 

有關其他 甲骨文 產品，請參閱以下連結:

https://www.oracle.com/security-alerts/cpujul2025.html

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

 

https://www.oracle.com/security-alerts/cpujul2025.html

---

漏洞識別碼

• https://www.oracle.com/security-alerts/cpujul2025.html

---

資料來源

• Oracle

---

相關連結

https://www.oracle.com/security-alerts/cpujul2025.html

Oracle Products Multiple Vulnerabilities

Release Date: 16 Jul 2025

RISK: Medium Risk

TYPE: Servers - Database Servers

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Elevation of Privilege
• Data Manipulation

---

System / Technologies affected

• Oracle MySQL
• Java SE
• Oracle Database Server
• WebLogic Server
• VirtualBox

 

 

For other Oracle products, please refer to the link below:

https://www.oracle.com/security-alerts/cpujul2025.html

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

https://www.oracle.com/security-alerts/cpujul2025.html

---

Vulnerability Identifier

• https://www.oracle.com/security-alerts/cpujul2025.html

---

Source

• Oracle

---

Related Link

https://www.oracle.com/security-alerts/cpujul2025.html

Apache 產品多個漏洞

發佈日期: 2025年07月14日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、資料篡改及繞過保安限制。

---

影響

• 阻斷服務
• 繞過保安限制
• 篡改

---

受影響之系統或技術

• Apache HTTP Server 2.4.64 之前的版本
• Apache Tomcat 9.0.107 之前的版本
• Apache Tomcat 10.1.43 之前的版本
• Apache Tomcat 11.0.9 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• Apache HTTP Server 2.4.64 版本
• Apache Tomcat 9.0.107 版本
• Apache Tomcat 10.1.43 版本
• Apache Tomcat 11.0.9 版本

---

漏洞識別碼

• CVE-2023-38709
• CVE-2024-42516
• CVE-2024-43204
• CVE-2024-43394
• CVE-2024-47252
• CVE-2025-23048
• CVE-2025-49630
• CVE-2025-49812
• CVE-2025-52434
• CVE-2025-52520
• CVE-2025-53020
• CVE-2025-53506

---

資料來源

• Apache

---

相關連結

• https://httpd.apache.org/security/vulnerabilities_24.html
• https://tomcat.apache.org/security-9.html
• https://tomcat.apache.org/security-10.html
• https://tomcat.apache.org/security-11.html