# Vulnerabilidades - 2025 Foco em supply chain e automação - Ivanti Connect Secure (CVE-2025-0282), Craft CMS, n8n e frameworks web como Laravel Livewire sob ataque. > [!warning] Supply Chain e Automação > Destaque do ano com maior impacto operacional para organizações brasileiras e globais. --- ## CVEs Documentados %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2025" SORT cvss-score DESC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2025" SORT cvss-score DESC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2025" SORT cvss-score DESC --> | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | ---------------------- | ----------------------------------------------------------------------- | | [[cve-2025-20393\|CVE-2025-20393]] | 10 | Cisco | Cisco Catalyst Center | | [[cve-2025-31324\|CVE-2025-31324]] | 10 | SAP | SAP NetWeaver (Visual Composer) | | [[cve-2025-32432\|CVE-2025-32432]] | 10 | Pixel & Tonic | Craft CMS | | [[cve-2025-32975\|CVE-2025-32975]] | 10 | Quest | KACE Systems Management Appliance (SMA) | | [[cve-2025-37164\|CVE-2025-37164]] | 10 | HPE | HPE OneView | | [[cve-2025-49113\|CVE-2025-49113]] | 9.9 | Roundcube | Roundcube Webmail | | [[cve-2025-11953\|CVE-2025-11953]] | 9.8 | React Native Community | CLI (@react-native-community/cli) — Metro Dev Server | | [[cve-2025-14611\|CVE-2025-14611]] | 9.8 | Gladinet | CentreStack / Triofox | | [[cve-2025-23006\|CVE-2025-23006]] | 9.8 | SonicWall | SonicWall Secure Mobile Access (SMA) 1000 Series | | [[cve-2025-26399\|CVE-2025-26399]] | 9.8 | SolarWinds | Web Help Desk | | [[cve-2025-3248\|CVE-2025-3248]] | 9.8 | DataStax | Langflow | | [[cve-2025-34027\|CVE-2025-34027]] | 9.8 | Commvault | Commvault HyperScale X | | [[cve-2025-40536\|CVE-2025-40536]] | 9.8 | SolarWinds | Web Help Desk | | [[cve-2025-40551\|CVE-2025-40551]] | 9.8 | SolarWinds | Web Help Desk | | [[cve-2025-53521\|CVE-2025-53521]] | 9.8 | F5 Networks | BIG-IP APM | | [[cve-2025-54068\|CVE-2025-54068]] | 9.8 | Laravel | Livewire | | [[cve-2025-59374\|CVE-2025-59374]] | 9.8 | ASUS | ASUS Live Update | | [[cve-2025-59718\|CVE-2025-59718]] | 9.8 | Fortinet | FortiOS / FortiProxy / FortiSwitchManager | | [[cve-2025-68461\|CVE-2025-68461]] | 9.8 | Ivanti | Ivanti Connect Secure / Policy Secure | | [[cve-2025-68613\|CVE-2025-68613]] | 9.8 | n8n | n8n Workflow Automation | | [[cve-2025-71275\|CVE-2025-71275]] | 9.8 | Zimbra | Zimbra Collaboration Suite 8.8.15 | | [[cve-2025-14733\|CVE-2025-14733]] | 9.3 | WatchGuard | Firebox (Fireware OS) | | [[cve-2025-22224\|CVE-2025-22224]] | 9.3 | VMware (Broadcom) | VMware ESXi | | [[cve-2025-3402\|CVE-2025-3402]] | 9.2 | Versa Networks | Versa Concerto SD-WAN | | [[cve-2025-34026\|CVE-2025-34026]] | 9.2 | Versa Networks | Versa Concerto SD-WAN | | [[cve-2025-27920\|CVE-2025-27920]] | 9.1 | Output Messenger | Output Messenger | | [[cve-2025-43529\|CVE-2025-43529]] | 9.1 | SAP | SAP NetWeaver | | [[cve-2025-61882\|CVE-2025-61882]] | 9.1 | Progress Software | MOVEit Transfer | | [[cve-2025-6218\|CVE-2025-6218]] | 9.1 | Craft CMS | Craft CMS | | [[cve-2025-0282\|CVE-2025-0282]] | 9 | Ivanti | Connect Secure / Policy Secure / Neurons for ZTA | | [[cve-2025-22457\|CVE-2025-22457]] | 9 | Ivanti | Connect Secure / Policy Secure / ZTA Gateways | | [[cve-2025-6554\|CVE-2025-6554]] | 9 | Google | Google Chrome / Chromium | | [[cve-2025-14174\|CVE-2025-14174]] | 8.8 | Ivanti | Ivanti Connect Secure / Policy Secure | | [[cve-2025-24201\|CVE-2025-24201]] | 8.8 | Apple | Apple iOS / iPadOS / Safari (WebKit) | | [[cve-2025-31277\|CVE-2025-31277]] | 8.8 | Apple | Multiple Products (Safari, iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | | [[cve-2025-3928\|CVE-2025-3928]] | 8.8 | Commvault | Commvault Web Server | | [[cve-2025-58360\|CVE-2025-58360]] | 8.8 | Roundcube | Roundcube Webmail | | [[cve-2025-6864\|CVE-2025-6864]] | 8.8 | Zimbra | Zimbra Collaboration Suite | | [[cve-2025-68645\|CVE-2025-68645]] | 8.8 | Synacor | Zimbra Collaboration Suite | | [[cve-2025-8088\|CVE-2025-8088]] | 8.8 | Mozilla | Mozilla Firefox | | [[cve-2025-8110\|CVE-2025-8110]] | 8.8 | Gogs | Gogs (self-hosted Git service) | | [[cve-2025-30066\|CVE-2025-30066]] | 8.6 | tj-actions | changed-files (GitHub Action) | | [[cve-2025-54313\|CVE-2025-54313]] | 8.5 | Prettier | eslint-config-prettier (npm) | | [[cve-2025-34025\|CVE-2025-34025]] | 8.4 | Veeam | Veeam Backup & Replication | | [[cve-2025-22225\|CVE-2025-22225]] | 8.2 | VMware (Broadcom) | VMware ESXi | | [[cve-2025-0289\|CVE-2025-0289]] | 8.1 | SolarWinds | SolarWinds Web Help Desk | | [[cve-2025-30154\|CVE-2025-30154]] | 8.1 | GitHub Actions | GitHub Actions (reviewdog/action-setup) | | [[cve-2025-15556\|CVE-2025-15556]] | 7.8 | Bitdefender | Bitdefender Total Security (componente legado) | | [[cve-2025-24085\|CVE-2025-24085]] | 7.8 | Apple | Apple iOS / iPadOS / macOS | | [[cve-2025-24086\|CVE-2025-24086]] | 7.8 | Apple | Apple iOS / iPadOS | | [[cve-2025-29824\|CVE-2025-29824]] | 7.8 | Microsoft | Windows Common Log File System (CLFS) | | [[cve-2025-32711\|CVE-2025-32711]] | 7.8 | Microsoft | Microsoft Copilot | | [[cve-2025-62221\|CVE-2025-62221]] | 7.8 | Microsoft | Windows Cloud Files Mini Filter Driver | | [[cve-2025-14847\|CVE-2025-14847]] | 7.5 | MongoDB | MongoDB Server | | [[cve-2025-31125\|CVE-2025-31125]] | 7.5 | Vite | Vite (build tool) | | [[cve-2025-32977\|CVE-2025-32977]] | 7.5 | NetSuite (Oracle) | NetSuite SuiteCommerce / SiteBuilder | | [[cve-2025-47813\|CVE-2025-47813]] | 7.5 | Wing FTP | Wing FTP Server | | [[cve-2025-54253\|CVE-2025-54253]] | 7.5 | Adobe | Adobe Experience Manager (AEM) | | [[cve-2025-61757\|CVE-2025-61757]] | 7.5 | Microsoft | Microsoft produtos de segurança e produtividade | | [[cve-2025-61932\|CVE-2025-61932]] | 7.5 | Ivanti | Ivanti Connect Secure / Policy Secure | | [[cve-2025-32978\|CVE-2025-32978]] | 7.2 | NetSuite (Oracle) | NetSuite SuiteCommerce / SiteBuilder | | [[cve-2025-64328\|CVE-2025-64328]] | 7.2 | WordPress | WP Automatic Plugin | | [[cve-2025-22226\|CVE-2025-22226]] | 7.1 | VMware (Broadcom) | VMware ESXi | | [[cve-2025-43520\|CVE-2025-43520]] | 7.1 | Apple | Multiple Products (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | | [[cve-2025-21590\|CVE-2025-21590]] | 6.7 | Juniper Networks | Junos OS | | [[cve-2025-40602\|CVE-2025-40602]] | 6.6 | SonicWall | SMA1000 | | [[cve-2025-32976\|CVE-2025-32976]] | 6.5 | NetSuite (Oracle) | NetSuite SuiteCommerce / SiteBuilder | | [[cve-2025-43510\|CVE-2025-43510]] | 6.3 | Apple | Multiple Products (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | | [[cve-2025-66376\|CVE-2025-66376]] | 6.1 | Synacor | Zimbra Collaboration Suite (ZCS) | | [[vulnerabilities/2025/_2025.md\|_2025]] | \- | \- | \- | | [[cve-2025-52691]] | \- | \- | \- | | [[cve-2025-3935\|CVE-2025-3935]] | \- | \- | \- | | [[cve-2025-66209\|CVE-2025-66209]] | \- | \- | \- | | [[cve-2025-66211\|CVE-2025-66211]] | \- | \- | \- | | [[cve-2025-69258\|CVE-2025-69258]] | \- | \- | \- | | [[cve-2025-66210\|CVE-2025-66210]] | \- | \- | \- | | [[cve-2025-12420\|CVE-2025-12420]] | \- | \- | \- | | [[cve-2025-62507\|CVE-2025-62507]] | \- | \- | \- | | [[cve-2025-64155\|CVE-2025-64155]] | \- | \- | \- | | [[cve-2025-66516\|CVE-2025-66516]] | \- | \- | \- | <!-- SerializedQuery END -->