CVE-2025-5777, CVE-2025-6543: CitrixBleed 2 および Citrix NetScaler の脆弱性に関するよくある質問
Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.
イランのサイバー作戦に関するよくある質問
Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors.
Microsoft の 2025 年 6 月月例セキュリティ更新プログラム、65 件の CVE を修正 (CVE-2025-33053)
Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild.
BadSuccessor に関するよくある質問
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller.
CVE-2025-32756: Fortinet の複数製品におけるゼロデイ脆弱性の悪用が確認される
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.
CVE-2025-4427、CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) におけるリモートコード実行の脆弱性
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
マイクロソフトの 2025 年 5 月月例セキュリティ更新プログラム: 71 件の CVE を修正 (CVE-2025-32701、CVE-2025-32706、CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.
修復時間の短縮にTenable Vulnerability Watch の活用が効果的
脆弱性へのタイムリーな対応は、依然として多くの組織にとって大きな課題です。運用に対して最も大きなリスクとなるエクスポージャーの優先順位付けに苦慮しているのが実情です。既存のスコアリングシステムは非常に有用ではあるものの、文脈 (コンテキスト) が欠けている場合があります。Here’s how Tenable’s Vulnerability Watch classification system…
CVE-2025-31324: SAP NetWeaver のゼロデイ脆弱性の悪用が確認される
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.
CVE-2025-32433: Erlang/OTP SSH における認証なしでのリモートコード実行の脆弱性
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
MITRE CVE プログラムの失効と更新に関するよくある質問
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
オラクル、2025 年 4月 「Critical Patch Update」で 171 件の CVE を修正
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378…