風險: 中度風險
類型: 伺服器 - 數據庫伺服器
於 MongoDB 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Database Servers
A vulnerability was identified in MongoDB. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 伺服器 - 其他伺服器
於 WatchGuard Fireware 發現一個漏洞,遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。
注意:
CVE-2025-14733 正被廣泛利用。WatchGuard Fireware OS 的 iked 進程中存在越界寫入漏洞,可能允許未經驗證的遠端攻擊者執行任意程式碼。此漏洞會影響使用 IKEv2 的行動用戶 VPN 以及配置了動態閘道對等體的使用 IKEv2 的分公司 VPN。因此,風險等級被評為極高度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in WatchGuard Fireware. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2025-14733 is being exploited in the wild. An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer. Hence, the risk level is rated as Extremely High Risk.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於微軟 Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla Firefox 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Firefox. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於思科 AsyncOS 發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。
注意:
CVE-2025-20393 正被廣泛利用。思科已知有一個新的網絡攻擊活動,針對一小部分對互聯網開放特定端口、並運行思科 AsyncOS 軟件的設備,例如思科 Secure Email Gateway 及思科 Secure Email and Web Manager。此攻擊可讓威脅行為者在受影響設備的底層操作系統上,以 root 權限執行任意命令。
因此,風險等級被評為高度風險。
此攻擊活動會影響思科 Secure Email Gateway(包括實體和虛擬設備)以及思科 Secure Email and Web Manager(包括實體和虛擬設備),前提是同時滿足以下兩個條件:
Spam Quarantine 功能預設未啟用。這些產品的部署指南並未要求將此連接埠直接暴露於網際網路。
注意:所有版本的思科 AsyncOS 軟件均受本次攻擊活動影響。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in Cisco AsyncOS. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2025-20393 is being exploited in the wild. Cisco aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
Hence, the risk level is rated as High Risk.
This attack campaign affects Cisco Secure Email Gateway, both physical and virtual, and Cisco Secure Email and Web Manager appliances, both physical and virtual, when both of the following conditions are met:
The Spam Quarantine feature is not enabled by default. Deployment guides for these products do not require this port to be directly exposed to the Internet.
Note: All releases of Cisco AsyncOS Software are affected by this attack campaign.
Before installation of the software, please visit the vendor web-site for more details.
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and data manipulation on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、權限提升、彷冒、洩露敏感資料、資料篡改及繞過保安限制。
注意:
CVE-2025-14174 正被廣泛利用。該漏洞是由 ANGLE 中的越界記憶體存取引起,可能導致記憶體損壞。攻擊者可透過惡意的 HTML 網頁觸發越界記憶體存取,並在瀏覽器中執行任意程式碼。
CVE-2025-43529 正被利用針對特定目標使用者的複雜攻擊。該漏洞為 WebKit 的 use-after-free 遠端程式碼執行漏洞,攻擊者可透過處理惡意製作的網頁內容加以利用。
因此,該漏洞的風險等級被評為極高風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, elevation of privilege, spoofing, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Note:
CVE-2025-14174 is being exploited in the wild. The vulnerability is caused by out of bounds memory access in ANGLE which could lead to memory corruption. It allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers.
CVE-2025-43529 is being exploited in an extremely sophisticated attack against specific targeted individuals. The vulnerability is a WebKit use-after-free remote code execution flaw that can be exploited by processing maliciously crafted web content.
Hence, the risk level is rated as Extremely High Risk.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 React 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。
受影響的 React 版本:
詳情請參閱以下連結:
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in React. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
For affected versions of React:
The vulnerability is present in versions 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.1.1, 19.1.2, 19.1.2, 19.2.0, 19.2.1 and 19.2.2 of:
For detail, please refer to the links below:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 網站伺服器
於Apache Struts發現一個漏洞,遠端使用者可利用此漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。
處理方法:
透過以下方法以緩解此漏洞的影響:
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Apache Struts, a remote user can exploit this vulnerability to trigger Denial of Service condition on the targeted system.
Before installation of the software, please visit the software manufacturer web-site for more details.
Workaround:
Mitigate the vulnerability by the following workaround:
Define a temporary folder used to store uploaded files with limited size or on the dedicated volume which won't affect system files. Or disable file upload support in the framework if not used.
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、阻斷服務狀況、洩露敏感資料及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 Jenkins 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發仿冒、阻斷服務狀況及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, denial of service condition and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla Thunderbird 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發仿冒、權限提升、遠端執行任意程式碼及繞過保安限制。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, elevation of privilege, remote code execution and security restriction bypass on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 辦公室應用
Adobe已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 | 詳情(包括 CVE) |
| Adobe ColdFusion |  中度風險 | 遠端執行程式碼 權限提升 | APSB25-105 | |
| Adobe Experience Manager | 中度風險 | 跨網站指令碼 遠端執行程式碼 資料洩露 | APSB25-115 | |
| Adobe DNG Software Development Kit (SDK) | 中度風險 | 遠端執行程式碼 資料洩露 | APSB25-118 | |
| Adobe Acrobat and Reader | 中度風險 | 遠端執行程式碼 繞過保安限制 | APSB25-119 | |
| Adobe Creative Cloud Desktop Application | 中度風險 | 阻斷服務 | APSB25-120 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:5
「低度風險」產品數目:0
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe ColdFusion | Medium Risk | Remote Code Execution Elevation of Privilege | APSB25-105 | |
| Adobe Experience Manager | Medium Risk | Cross-site Scripting Remote Code Execution Information Disclosure | APSB25-115 | |
| Adobe DNG Software Development Kit (SDK) | Medium Risk | Remote Code Execution Information Disclosure | APSB25-118 | |
| Adobe Acrobat and Reader | Medium Risk | Remote Code Execution Security Restriction Bypass | APSB25-119 | |
| Adobe Creative Cloud Desktop Application | Medium Risk | Denial of Service | APSB25-120 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 5
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
