Principales vulnérabilités de l'été et bonnes pratiques (12 septembre 2025)

Editeur	Produit	Exploitabilité	Identifiant	Score CVSS	Avis/alerte	Semaine
AMI	MegaRAC SPx	Exploitée	CVE-2024-54085	10	https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf	26
Apple	iOS, iPadOS, watchOS, macOS, visionOS	Exploitée	CVE-2025-43200	4.8	https://support.apple.com/en-us/122173 https://support.apple.com/en-us/122174 https://support.apple.com/en-us/122345 https://support.apple.com/en-us/122346 https://support.apple.com/en-us/122900 https://support.apple.com/en-us/122901 https://support.apple.com/en-us/122902 https://support.apple.com/en-us/122903 https://support.apple.com/en-us/122904	25
Apple	iOS, ipadOS, macOS	Exploitée	CVE-2025-43300	8.8	CERTFR-2025-AVI-0716	35
Asterisk	Asterisk	Code d'exploitation public	CVE-2025-1131	6.9 (éditeur)	CERTFR-2025-AVI-0645	31
	Asterisk	Code d'exploitation public	CVE-2025-49832	6.5 (éditeur)	CERTFR-2025-AVI-0645	31
	Certified Asterisk, Asterisk	Code d'exploitation public	CVE-2025-54995	6.5	CERTFR-2025-AVI-0739	35
Canonical	Ubuntu	Code d'exploitation public	CVE-2024-53141	7.8	CERTFR-2025-AVI-0366	34
Canonical	Ubuntu	Exploitée	CVE-2023-0386	7.8	CERTFR-2023-AVI-0488	25
Cisco	Identity Services Engine	Exploitée	CVE-2025-20281	10	CERTFR-2025-AVI-0539	31
Cisco	Identity Services Engine, Identity Services Engine Passive Identity Connector	Exploitée	CVE-2025-20337	10	CERTFR-2025-AVI-0539	30 , 31
Citrix	NetScaler ADC, NetScaler Gateway	Exploitée	CVE-2025-5777	9.3	CERTFR-2025-ALE-009	27
			CVE-2025-6543	9.2	CERTFR-2025-ALE-009	26
			CVE-2025-7775	9.2	CERTFR-2025-ALE-012	35
	Session Recording	Exploitée	CVE-2024-8068	5.1	CERTFR-2024-AVI-0964	35
	Session Recording	Exploitée	CVE-2024-8069	5.1	CERTFR-2024-AVI-0964	35
CrushFTP	CrushFTP	Exploitée	CVE-2025-54309	9.8	https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025	30
Debian	Debian	Code d'exploitation public	CVE-2024-53141	7.8	CERTFR-2025-AVI-0184	34
Debian	Debian Linux	Exploitée	CVE-2023-0386	7.8	CERTFR-2023-AVI-0391	25
Dlink	DIR-859	Exploitée	CVE-2024-0769	9.8	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371	26,27
	Dcs-4622 Firmware, Dcs-4802E Firmware, Dcs-2670L Firmware, Dcs-4603 Firmware, Dcs-2530L Firmware, Dcs-4705E Firmware, Dcs-P703 Firmware, Dcs-4703E Firmware, Dcs-4701E Firmware	Exploitée	CVE-2020-25078	7.5		32
	Dcs-4802E Firmware, Dcs-4622 Firmware, Dcs-2670L Firmware, Dcs-4603 Firmware, Dcs-2530L Firmware, Dcs-4705E Firmware, Dcs-P703 Firmware, Dcs-4703E Firmware, Dcs-4701E Firmware	Exploitée	CVE-2020-25079	8.8		32
	Dnr-322L Firmware	Exploitée	CVE-2022-40799	8.8		32
Docker	Docker Desktop	Code d'exploitation public	CVE-2025-9074	9.3	https://docs.docker.com/desktop/release-notes/#4443	34
Fortinet	FortiClientMac	Preuve de concept	CVE-2025-25251	7.8	CERTFR-2025-AVI-0399	28
	FortiOS	Exploitée	CVE-2019-6693	6.5	CERTFR-2019-AVI-6693	26
	FortiSIEM	Code d'exploitation public	CVE-2025-25256	9.8	CERTFR-2025-AVI-0679	33
	FortiWeb	Code d'exploitation public	CVE-2025-25257	9.6 (Editeur)	CERTFR-2025-AVI-0575	28
		Code d'exploitation public	CVE-2025-52970	8.1	CERTFR-2025-AVI-0679	33
		Exploitée	CVE-2025-25257	9.8	CERTFR-2025-AVI-0575	29
FreePBX	FreePBX	Exploitée	CVE-2025-57819	10.0	https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h	35
Google	Chrome	Exploitée	CVE-2025-6554	8.1	CERTFR-2025-AVI-0549	27
Google	Chrome	Exploitée	CVE-2025-6558	8.8	CERTFR-2025-AVI-0591	29 , 30
Grafana Labs	Greffon Image Renderer, Synthetic Monitoring Agent	Exploitée	CVE-2025-6554	8.1	CERTFR-2025-AVI-0549	27
Ivanti	Endpoint Manager Mobile	Code d'exploitation public	CVE-2025-6771	7.2	CERTFR-2025-AVI-0574	29
Jenkins	Git Parameter	Code d'exploitation public	CVE-2025-53652	8.2	https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3419	33
Joomla	Joomla!	Exploitée	CVE-2016-10033	9.8	https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html	28
Meta	WhatsApp	Exploitée	CVE-2025-55177	8.0	https://www.whatsapp.com/security/advisories/2025/	35
Microsoft	Edge	Exploitée	CVE-2025-6554	8.1	CERTFR-2025-AVI-0549	27
	Edge	Exploitée	CVE-2025-6558	8.8	CERTFR-2025-AVI-0591 CERTFR-2025-AVI-0594	29 , 30
	Excel, Publisher, Word, Powerpoint, Frontpage, Office, Access, Infopath, Excel Viewer, Outlook, Project, Onenote, Visio, Word Viewer	Exploitée	CVE-2007-0671	8.8	CERTA-2007-AVI-083	33
	Internet Explorer	Exploitée	CVE-2013-3893	8.8	CERTA-2013-ALE-006	33
	SharePoint Enterprise Server 2016, SharePoint Enterprise Server 2010, SharePoint Server Subscription Edition, SharePoint Server 2019	Exploitée	CVE-2025-53770	9.8	CERTFR-2025-ALE-010	30
	SharePoint Enterprise Server 2016, SharePoint Server 2019	Exploitée	CVE-2025-49704	8.8	CERTFR-2025-AVI-0579	30
	SharePoint Enterprise Server 2016, SharePoint Server 2019, SharePoint Server Subscription Edition	Exploitée	CVE-2025-49706	6.5	CERTFR-2025-AVI-0579	30
	Visual Studio	Code d'exploitation public	CVE-2025-48384	8	CERTFR-2025-AVI-0579	28
	Windows	Code d'exploitation public	CVE-2025-33073	8.8	CERTFR-2025-AVI-0499	25
		Code d'exploitation public	CVE-2025-48799	7.8	CERTFR-2025-AVI-0577	28
		Preuve de concept	CVE-2025-49689	7.8	CERTFR-2025-AVI-0577	28
Multi-router_looking_glass_project		Exploitée	CVE-2014-3931	9.8		28
N-able	N-central	Exploitée	CVE-2025-8875	9.4	https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/	33
N-able	N-central	Exploitée	CVE-2025-8876	9.4	https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/	33
Netapp	H500S Firmware, H410S Firmware, H300S Firmware, H700S Firmware, H410C Firmware	Exploitée	CVE-2023-0386	7.8	https://security.netapp.com/advisory/ntap-20230420-0004/	25
PHP	PHP	Code d'exploitation public	CVE-2025-1220		CERTFR-2025-AVI-0558	27
PHP	PHP	Code d'exploitation public	CVE-2025-6491		CERTFR-2025-AVI-0558	27
Papercut	Papercut Ng, Papercut Mf	Exploitée	CVE-2023-2533	8.8	https://www.papercut.com/kb/Main/SecurityBulletinJune2023	31
Phpmailer_project		Exploitée	CVE-2016-10033	9.8	https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities	28
Rarlab	Winrar	Exploitée	CVE-2025-8088	8.4	https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5	33
Rubyonrails	Rails	Exploitée	CVE-2019-5418	7.5	CERTFR-2019-AVI-111	28
SUSE	SUSE Linux Enterprise Micro, SUSE Manager Proxy, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise High Availability Extension, SUSE Enterprise Storage, openSUSE Leap, SUSE Manager Retail Branch Server, SUSE Linux Enterprise Real Time, SUSE Linux Enterprise Server, SUSE Linux Enterprise High Performance Computing, SUSE Manager Server	Code d'exploitation public	CVE-2024-53141	7.8	CERTFR-2025-AVI-0649 CERTFR-2025-AVI-0607 CERTFR-2025-AVI-0587 CERTFR-2025-AVI-0547 CERTFR-2025-AVI-0212 CERTFR-2025-AVI-0151 CERTFR-2025-AVI-0088	34
Smarsh	Telemessage	Exploitée	CVE-2025-48927	5.3	https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/	27
Smarsh	Telemessage	Exploitée	CVE-2025-48928	4	https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/	27
SonicWall	Gen6 et Gen7 Firewalls, SOHO gen 5	Exploitée	CVE-2024-40766	9.8	CERTFR-2025-ALE-011	32
	SMA100	Code d'exploitation public	CVE-2025-40596	7.3	CERTFR-2025-AVI-0616	31
			CVE-2025-40597	7.5	CERTFR-2025-AVI-0616	31
			CVE-2025-40598	6.1	CERTFR-2025-AVI-0616	31
Sudo	sudo	Preuve de concept	CVE-2025-32462	8.8	https://www.sudo.ws/security/advisories/host_any/	27
Sudo	sudo	Preuve de concept	CVE-2025-32463	7.8	https://www.sudo.ws/security/advisories/chroot_bug/	27
Synacor	Zimbra Collaboration Suite	Exploitée	CVE-2019-9621	7.5	https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	28
Sysaid	Sysaid	Exploitée	CVE-2025-2775	9.3	https://documentation.sysaid.com/docs/24-40-60	30
Sysaid	Sysaid	Exploitée	CVE-2025-2776	9.8	https://documentation.sysaid.com/docs/24-40-60	30
Trend Micro	Apex One	Exploitée	CVE-2025-54948	9.4	CERTFR-2025-AVI-0658	32
Trend Micro	Apex One	Exploitée	CVE-2025-54987	9.4	CERTFR-2025-AVI-0658	32
Vercel	next.js	Code d'exploitation public	CVE-2025-29927	9.1	https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw	27
Vim	Vim	Code d'exploitation public	CVE-2025-53905	4.1	https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr	29
Vim	Vim	Code d'exploitation public	CVE-2025-53906	4.1	https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86	29
Wftpserver	Wing Ftp Server	Exploitée	CVE-2025-47812	10		29
Wordpress	Wordpress	Exploitée	CVE-2016-10033	9.8		28

WHAT ARE YOU LOOKING FOR?

Principales vulnérabilités de l'été et bonnes pratiques (12 septembre 2025)

Gestion détaillée du document

Follow us on

Most popular

Companies Respond to Log4Shell Vulnerability as Attacks Rise

Cybersecurity M&A Roundup: 37 Deals Announced in April 2022

RSA Conference 2021 - Summary of Vendor Announcements

Smoke and Mirrors – Hack-for-Hire Group Builds Fake Online Empire

Cybersecurity M&A Roundup: 43 Deals Announced in September 2021

Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers

Category

Popular Sections

About