907

1. CVE-2025-6023, CVE-2025-6197｜Grafana
   • https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
   • https://nvd.nist.gov/vuln/detail/CVE-2025-6023
   • https://nvd.nist.gov/vuln/detail/CVE-2025-6197
   • XSSとOpen Redirect。条件あり。
2. CVE-2025-54068｜Livewire
   • https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3
   • https://nvd.nist.gov/vuln/detail/CVE-2025-54068
   • RCE。
3. CVE-2025-20337｜Cisco Identity Services Engine
   • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
   • https://nvd.nist.gov/vuln/detail/CVE-2025-20337
   • RCE。何故かCiscoの情報が新規ではなく更新。修正漏れ？
4. CVE-2025-53770｜Microsoft SharePoint Server
   • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
   • https://nvd.nist.gov/vuln/detail/CVE-2025-53770
   • https://github.com/kaizensecurity/CVE-2025-53770
   • https://research.eye.security/sharepoint-under-siege/
   • RCE。Refererに特定の値を仕込むことでCVE-2025-49706を悪用できる、といった話っぽい？
5. CVE-2025-53816｜7Zip
   • https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/
   • https://nvd.nist.gov/vuln/detail/CVE-2025-53816
   • memory corruption
6. CVE-2025-4657｜Lenovo Protection Driver
   • https://iknow.lenovo.com.cn/detail/430155
   • https://nvd.nist.gov/vuln/detail/CVE-2025-4657
   • コード実行。Buffer Overflowによるもの。
7. CVE-2025-54309｜CrushFTP
   • https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025
   • https://nvd.nist.gov/vuln/detail/CVE-2025-54309
   • 管理者アクセスを取得できるらしい。