Appleからリリースあり。 CVE-2025-66516(Apache TikaのXXE)について、Akamaiが対応したらしいのでどんなルールにしたのか気になる。

1. CVE-2025-14503｜Harmonix on AWS
   • https://aws.amazon.com/jp/security/security-bulletins/rss/aws-2025-031/
   • https://nvd.nist.gov/vuln/detail/CVE-2025-14503
   • 権限昇格。条件あり。
2. CVE-2025-14174｜Chrome
   • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
   • https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
   • https://support.apple.com/en-asia/125886
   • https://nvd.nist.gov/vuln/detail/CVE-2025-14174
   • https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174
   • https://www.security-next.com/178427
3. CVE-2025-66430｜Plesk
   • https://support.plesk.com/hc/en-us/articles/36261922405015--CVE-2025-66430-Security-vulnerability-in-Password-Protected-Directories-allows-Plesk-users-to-gain-root-level-access-to-a-Plesk-server
   • https://nvd.nist.gov/vuln/detail/CVE-2025-66430
   • https://www.security-next.com/178415
   • 権限昇格かな？条件あり。
4. CVE-2025-55184｜React Server Components
   • https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
   • DoS。
5. CVE-2025-43529｜Apple
   • https://support.apple.com/en-asia/125886
   • コード実行。