Search criteria
3306 vulnerabilities
CVE-2025-57784 (GCVE-0-2025-57784)
Vulnerability from cvelistv5 – Published: 2026-01-26 17:47 – Updated: 2026-01-26 20:52
VLAI?
Title
Tomahawk authentication timing attack due to usage of 'strcmp'
Summary
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
Severity ?
4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hiawatha | Hiawatha Web server |
Affected:
11.7 , ≤ 8.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T20:51:24.745237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T20:52:06.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hiawatha Web server",
"vendor": "Hiawatha",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "11.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:47:19.382Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/tomahawk.c?ref_type=heads#L429"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tomahawk authentication timing attack due to usage of \u0027strcmp\u0027",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-57784"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-57784",
"datePublished": "2026-01-26T17:47:19.382Z",
"dateReserved": "2025-08-19T17:36:13.586Z",
"dateUpdated": "2026-01-26T20:52:06.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57785 (GCVE-0-2025-57785)
Vulnerability from cvelistv5 – Published: 2026-01-26 17:46 – Updated: 2026-01-26 20:54
VLAI?
Title
Double free in XSLT in 'show_index'
Summary
A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hiawatha | Hiawatha Web server |
Affected:
11.47 , ≤ 10.8.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T20:53:37.495097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T20:54:04.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hiawatha Web server",
"vendor": "Hiawatha",
"versions": [
{
"lessThanOrEqual": "10.8.2",
"status": "affected",
"version": "11.47",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-415 Double Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:46:09.707Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Double free in XSLT in \u0027show_index\u0027",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-57785"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-57785",
"datePublished": "2026-01-26T17:46:09.707Z",
"dateReserved": "2025-08-19T17:36:13.586Z",
"dateUpdated": "2026-01-26T20:54:04.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57783 (GCVE-0-2025-57783)
Vulnerability from cvelistv5 – Published: 2026-01-26 17:45 – Updated: 2026-01-26 20:55
VLAI?
Title
Improper header parsing may lead to request smuggling
Summary
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hiawatha | Hiawatha Web server |
Affected:
11.7 , ≤ 8.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T20:54:38.078522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T20:55:04.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hiawatha Web server",
"vendor": "Hiawatha",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "11.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:45:36.947Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/http.c?ref_type=heads#L205"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper header parsing may lead to request smuggling",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-57783"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-57783",
"datePublished": "2026-01-26T17:45:36.947Z",
"dateReserved": "2025-08-19T17:36:13.585Z",
"dateUpdated": "2026-01-26T20:55:04.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0622 (GCVE-0-2026-0622)
Vulnerability from cvelistv5 – Published: 2026-01-20 19:56 – Updated: 2026-01-21 16:47
VLAI?
Title
Open 5GS WebUI uses a hard-coded JWT signing key
Summary
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset
Severity ?
6.5 (Medium)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-20T20:27:10.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/458022"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T16:47:23.984803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:47:50.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "open5GS",
"vendor": "NewPlane",
"versions": [
{
"lessThanOrEqual": "2.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T19:59:58.794Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/open5gs/open5gs/issues/2264"
},
{
"url": "https://github.com/open5gs/open5gs/issues/856"
},
{
"url": "https://github.com/open5gs/open5gs/pull/857"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open 5GS WebUI uses a hard-coded JWT signing key",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0622"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0622",
"datePublished": "2026-01-20T19:56:04.996Z",
"dateReserved": "2026-01-05T20:12:06.482Z",
"dateUpdated": "2026-01-21T16:47:50.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1245 (GCVE-0-2026-1245)
Vulnerability from cvelistv5 – Published: 2026-01-20 18:50 – Updated: 2026-01-21 17:10
VLAI?
Title
CVE-2026-1245
Summary
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| binary-parser | binary-parser |
Affected:
0 , < 2.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-20T20:23:29.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/102648"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-1245",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T16:44:44.620209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:45:09.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "binary-parser",
"vendor": "binary-parser",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u2018Eval Injection\u2019)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:10:56.426Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/keichi/binary-parser/pull/283"
},
{
"url": "https://github.com/keichi/binary-parser"
},
{
"url": "https://www.npmjs.com/package/binary-parser"
},
{
"url": "https://kb.cert.org/vuls/id/102648"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2026-1245",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-1245"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-1245",
"datePublished": "2026-01-20T18:50:34.232Z",
"dateReserved": "2026-01-20T18:48:57.730Z",
"dateUpdated": "2026-01-21T17:10:56.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14369 (GCVE-0-2025-14369)
Vulnerability from cvelistv5 – Published: 2026-01-20 11:49 – Updated: 2026-01-20 14:33
VLAI?
Title
CVE-2025-14369
Summary
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
Severity ?
5.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-20T13:19:03.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/924114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-14369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T14:29:15.620915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T14:33:15.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dr_flac",
"vendor": "mackron",
"versions": [
{
"lessThanOrEqual": "0.13.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T11:49:08.348Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-14369",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-14369"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-14369",
"datePublished": "2026-01-20T11:49:08.348Z",
"dateReserved": "2025-12-09T18:31:22.317Z",
"dateUpdated": "2026-01-20T14:33:15.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0615 (GCVE-0-2026-0615)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:47 – Updated: 2026-01-16 14:38
VLAI?
Title
CVE-2026-0615
Summary
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.3 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:38:33.181564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:38:37.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:47:27.747Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "http://mindgard.ai/blog/thelibrarian-ios-ai-security-"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0615",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0615"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0615",
"datePublished": "2026-01-16T12:47:27.747Z",
"dateReserved": "2026-01-05T17:41:40.682Z",
"dateUpdated": "2026-01-16T14:38:37.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0616 (GCVE-0-2026-0616)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:46 – Updated: 2026-01-16 21:40
VLAI?
Title
CVE-2026-0616
Summary
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:39:40.680029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:40:36.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:46:58.266Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0616",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0616"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0616",
"datePublished": "2026-01-16T12:46:58.266Z",
"dateReserved": "2026-01-05T17:42:09.153Z",
"dateUpdated": "2026-01-16T21:40:36.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0613 (GCVE-0-2026-0613)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:46 – Updated: 2026-01-16 21:41
VLAI?
Title
CVE-2026-0613
Summary
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:41:27.699155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:41:53.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:46:02.733Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0613",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0613"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0613",
"datePublished": "2026-01-16T12:46:02.733Z",
"dateReserved": "2026-01-05T17:40:07.817Z",
"dateUpdated": "2026-01-16T21:41:53.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0612 (GCVE-0-2026-0612)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:44 – Updated: 2026-01-16 21:42
VLAI?
Title
CVE-2026-0612
Summary
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:42:18.745012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:42:52.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:44:59.806Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "http://mindgard.ai/blog/thelibrarian-ios-ai-security-"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0612",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0612"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0612",
"datePublished": "2026-01-16T12:44:59.806Z",
"dateReserved": "2026-01-05T17:39:25.528Z",
"dateUpdated": "2026-01-16T21:42:52.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14894 (GCVE-0-2025-14894)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:43 – Updated: 2026-01-16 21:44
VLAI?
Title
CVE-2025-14894
Summary
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bee interactive | Livewire Filemanager |
Affected:
0 , < 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-16T15:04:56.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/650657"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-14894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:43:37.648938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:44:06.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Livewire Filemanager",
"vendor": "bee interactive",
"versions": [
{
"lessThan": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:43:14.264Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/livewire-filemanager/filemanager"
},
{
"url": "https://hackingbydoing.wixsite.com/hackingbydoing/post/unauthenticated-rce-in-livewire-filemanager"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-14894",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-14894"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-14894",
"datePublished": "2026-01-16T12:43:14.264Z",
"dateReserved": "2025-12-18T16:01:40.573Z",
"dateUpdated": "2026-01-16T21:44:06.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14598 (GCVE-0-2025-14598)
Vulnerability from cvelistv5 – Published: 2026-01-09 12:14 – Updated: 2026-01-09 15:52
VLAI?
Title
CVE-2025-14598
Summary
BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeeS Software Solutions | BET ePortal |
Affected:
0 , < ePortal : Secure Build (October 2025)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-09T13:15:54.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/361400"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-14598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T15:46:39.443257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T15:52:06.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BET ePortal",
"vendor": "BeeS Software Solutions",
"versions": [
{
"lessThan": "ePortal : Secure Build (October 2025)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T12:14:06.932Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cloudilyaerp.com/"
},
{
"url": "https://afnaan.me/cve/cve-2025-14598"
},
{
"url": "https://github.com/Afnaan-Ahmed/CVE-2025-14598"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-14598",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-14598"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-14598",
"datePublished": "2026-01-09T12:14:06.932Z",
"dateReserved": "2025-12-12T17:31:41.755Z",
"dateUpdated": "2026-01-09T15:52:06.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13151 (GCVE-0-2025-13151)
Vulnerability from cvelistv5 – Published: 2026-01-07 21:14 – Updated: 2026-01-20 17:08
VLAI?
Title
CVE-2025-13151
Summary
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Severity ?
7.5 (High)
CWE
Assigner
References
Credits
This issue was reported Benny Zelster from Microsoft Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:32:59.782767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:33:12.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-20T17:08:41.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/5"
},
{
"url": "https://www.kb.cert.org/vuls/id/271649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtasn1",
"vendor": "GnuTLS",
"versions": [
{
"lessThanOrEqual": "4.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was reported Benny Zelster from Microsoft Security Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:15:56.927Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Source Code Respoitory",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"name": "Proposed Pull Request",
"tags": [
"patch"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-13151",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13151"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13151",
"datePublished": "2026-01-07T21:14:05.223Z",
"dateReserved": "2025-11-13T21:14:53.973Z",
"dateUpdated": "2026-01-20T17:08:41.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14026 (GCVE-0-2025-14026)
Vulnerability from cvelistv5 – Published: 2026-01-06 14:45 – Updated: 2026-01-06 16:04
VLAI?
Title
Vulnerable Python version used in Forcepoint One DLP Client
Summary
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.
Severity ?
7.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Forcepoint One Endpoint (F1E) |
Affected:
23.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-14026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T15:19:38.095565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:49:19.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-06T16:04:41.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/420440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint One Endpoint (F1E)",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "23.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1104 Use of Unmaintained Third-Party Components",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-1395 Dependency on a Vulnerable Third-Party Component",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-676 Use of Potentially Dangerous Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:46:30.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://support.forcepoint.com/s/article/000042256"
},
{
"url": "https://kb.cert.org/vuls/id/420440"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerable Python version used in Forcepoint One DLP Client",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-14026"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-14026",
"datePublished": "2026-01-06T14:45:29.207Z",
"dateReserved": "2025-12-04T13:44:38.515Z",
"dateUpdated": "2026-01-06T16:04:41.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13184 (GCVE-0-2025-13184)
Vulnerability from cvelistv5 – Published: 2025-12-10 12:34 – Updated: 2025-12-10 15:21
VLAI?
Title
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password
Summary
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.
Severity ?
9.8 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toto Link | X5000R's (AX1800 router) |
Affected:
0 , < V9.1.0u.6369_B20230113
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-10T13:17:29.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/821724"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:17:58.730787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:21:20.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "X5000R\u0027s (AX1800 router)",
"vendor": "Toto Link",
"versions": [
{
"lessThan": "V9.1.0u.6369_B20230113",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T14:16:27.983Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://hackingbydoing.wixsite.com/hackingbydoing/post/totolink-x5000r-ax1800-router-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13184"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13184",
"datePublished": "2025-12-10T12:34:54.590Z",
"dateReserved": "2025-11-14T12:22:56.010Z",
"dateUpdated": "2025-12-10T15:21:20.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9613 (GCVE-0-2025-9613)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:52 – Updated: 2025-12-10 17:04
VLAI?
Title
CVE-2025-9613
Summary
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.
Severity ?
6.5 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T17:04:05.433232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T17:04:11.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-459: Incomplete Cleanup",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:06.300Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9613",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9613"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9613",
"datePublished": "2025-12-09T18:52:02.956Z",
"dateReserved": "2025-08-28T15:44:25.947Z",
"dateUpdated": "2025-12-10T17:04:11.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9614 (GCVE-0-2025-9614)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:48 – Updated: 2025-12-10 20:09
VLAI?
Title
CVE-2025-9614
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.
Severity ?
6.5 (Medium)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 6.5-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T20:09:17.808849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:09:20.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:57.364Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9614",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9614"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9614",
"datePublished": "2025-12-09T18:48:36.950Z",
"dateReserved": "2025-08-28T15:44:38.469Z",
"dateUpdated": "2025-12-10T20:09:20.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9612 (GCVE-0-2025-9612)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:44 – Updated: 2025-12-11 14:57
VLAI?
Title
CVE-2025-9612
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections.
Severity ?
5.1 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T14:57:05.743440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T14:57:09.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/404544"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:17:42.005Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9612",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9612"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9612",
"datePublished": "2025-12-09T18:44:59.620Z",
"dateReserved": "2025-08-28T15:44:11.594Z",
"dateUpdated": "2025-12-11T14:57:09.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13654 (GCVE-0-2025-13654)
Vulnerability from cvelistv5 – Published: 2025-12-05 12:42 – Updated: 2026-01-29 18:04
VLAI?
Title
CVE-2025-13654
Summary
A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.
Severity ?
7.5 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-29T18:04:54.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/441887"
},
{
"url": "https://github.com/zevv/duc/commit/8638c4365ffd9e1966bdef8af6339dbee8c17e66"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13654",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T19:30:56.374589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T19:31:20.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Duc",
"vendor": "Duc",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-121",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T12:44:20.899Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/zevv/duc/releases/tag/1.4.6"
},
{
"url": "https://kb.cert.org/vuls/id/441887"
},
{
"url": "https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-13654",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13654"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13654",
"datePublished": "2025-12-05T12:42:21.027Z",
"dateReserved": "2025-11-25T13:18:59.006Z",
"dateUpdated": "2026-01-29T18:04:54.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11699 (GCVE-0-2025-11699)
Vulnerability from cvelistv5 – Published: 2025-12-01 15:17 – Updated: 2025-12-01 18:45
VLAI?
Title
CVE-2025-11699
Summary
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a
a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| nopSolutions | nopCommerce |
Affected:
4.80.3 , ≤ 4.80.4
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-01T17:05:40.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/633103"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-11699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:42:12.485040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:45:07.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nopCommerce",
"vendor": "nopSolutions",
"versions": [
{
"lessThanOrEqual": "4.80.4",
"status": "affected",
"version": "4.80.3",
"versionType": "custom"
}
]
},
{
"product": "nopCommerce",
"vendor": "nopSolutions",
"versions": [
{
"lessThan": "4.70",
"status": "affected",
"version": "4.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a \r\na valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:17:57.842Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2025/Aug/14"
},
{
"url": "https://github.com/nopSolutions/nopCommerce/issues/7044"
},
{
"url": "https://www.nopcommerce.com/en/release-notes?srsltid=AfmBOoravPKjN19pm_XZbXZ7GvPhkt8cxlK6794BJRZlY5RxJU_yNoTT"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-11699",
"x_generator": {
"engine": "VINCE 3.0.29",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-11699"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-11699",
"datePublished": "2025-12-01T15:17:57.842Z",
"dateReserved": "2025-10-13T16:24:26.286Z",
"dateUpdated": "2025-12-01T18:45:07.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12816 (GCVE-0-2025-12816)
Vulnerability from cvelistv5 – Published: 2025-11-25 19:15 – Updated: 2025-11-25 21:04
VLAI?
Title
CVE-2025-12816
Summary
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Digital Bazaar | node-forge |
Affected:
0 , ≤ 1.3.1
(semver)
|
|||||||
|
|||||||||
Credits
This issue was reported by Hunter Wodzenski of Palo Alto Networks
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T20:21:37.225634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436 Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:24:22.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-25T21:04:09.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/521113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-forge",
"vendor": "Digital Bazaar",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"product": "forge",
"vendor": "Digital Bazaar",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was reported by Hunter Wodzenski of Palo Alto Networks"
}
],
"descriptions": [
{
"lang": "en",
"value": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions."
}
],
"metrics": [
{
"other": {
"content": {
"schemaVersion": "2.0.0",
"selections": [
{
"definition": "The present state of exploitation of the vulnerability.",
"key": "E",
"name": "Exploitation",
"namespace": "ssvc",
"values": [
{
"key": "P",
"name": "Public PoC"
}
],
"version": "1.1.0"
},
{
"definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?",
"key": "A",
"name": "Automatable",
"namespace": "ssvc",
"values": [
{
"key": "N",
"name": "No"
}
],
"version": "2.0.0"
},
{
"definition": "The technical impact of the vulnerability.",
"key": "TI",
"name": "Technical Impact",
"namespace": "ssvc",
"values": [
{
"key": "P",
"name": "Partial"
}
],
"version": "1.0.0"
}
],
"timestamp": "2025-11-07T15:47:01.238Z"
},
"type": "ssvcV2_0_0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-436 Interpretation Conflict",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:31.487Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.npmjs.com/package/node-forge"
},
{
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"url": "https://github.com/digitalbazaar/forge"
},
{
"name": "CERT/CC Vulnerability Notice",
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"name": "Github Security Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-12816",
"x_generator": {
"engine": "VINCE 3.0.29",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12816"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12816",
"datePublished": "2025-11-25T19:15:50.243Z",
"dateReserved": "2025-11-06T17:11:38.255Z",
"dateUpdated": "2025-11-25T21:04:09.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12978 (GCVE-0-2025-12978)
Vulnerability from cvelistv5 – Published: 2025-11-24 14:42 – Updated: 2026-01-07 15:36
VLAI?
Title
CVE-2025-12978
Summary
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.
Severity ?
5.4 (Medium)
CWE
- CWE-187 - Partial String Comparison
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FluentBit | Fluent Bit |
Affected:
0 , < 4.0.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T15:29:03.000953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T15:29:06.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fluent Bit",
"vendor": "FluentBit",
"versions": [
{
"lessThan": "4.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-187: Partial String Comparison",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:36:44.975Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://fluentbit.io/announcements/v4.1.0/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12978",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12978"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12978",
"datePublished": "2025-11-24T14:42:06.305Z",
"dateReserved": "2025-11-10T18:57:32.141Z",
"dateUpdated": "2026-01-07T15:36:44.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12969 (GCVE-0-2025-12969)
Vulnerability from cvelistv5 – Published: 2025-11-24 14:41 – Updated: 2026-01-07 15:36
VLAI?
Title
CVE-2025-12969
Summary
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
Severity ?
6.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FluentBit | Fluent Bit |
Affected:
0 , < 4.0.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T18:02:22.489781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T18:02:26.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fluent Bit",
"vendor": "FluentBit",
"versions": [
{
"lessThan": "4.0.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:36:49.065Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
},
{
"url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12969",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12969"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12969",
"datePublished": "2025-11-24T14:41:05.630Z",
"dateReserved": "2025-11-10T17:53:38.234Z",
"dateUpdated": "2026-01-07T15:36:49.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12972 (GCVE-0-2025-12972)
Vulnerability from cvelistv5 – Published: 2025-11-24 14:40 – Updated: 2026-01-07 15:36
VLAI?
Title
CVE-2025-12972
Summary
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
Severity ?
5.3 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FluentBit | Fluent Bit |
Affected:
0 , < 4.0.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T19:09:06.151697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T19:09:14.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fluent Bit",
"vendor": "FluentBit",
"versions": [
{
"lessThan": "4.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-35: Path Traversal",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:36:38.556Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
},
{
"url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12972",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12972"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12972",
"datePublished": "2025-11-24T14:40:36.275Z",
"dateReserved": "2025-11-10T18:00:22.449Z",
"dateUpdated": "2026-01-07T15:36:38.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12977 (GCVE-0-2025-12977)
Vulnerability from cvelistv5 – Published: 2025-11-24 14:40 – Updated: 2026-01-07 15:36
VLAI?
Title
CVE-2025-12977
Summary
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
Severity ?
9.1 (Critical)
CWE
- CWE-187 - Partial String Comparison
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FluentBit | Fluent Bit |
Affected:
0 , < 4.0.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T19:12:43.890288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T19:14:10.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fluent Bit",
"vendor": "FluentBit",
"versions": [
{
"lessThan": "4.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-187: Partial String Comparison",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:36:34.434Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
},
{
"url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12977",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12977"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12977",
"datePublished": "2025-11-24T14:40:12.642Z",
"dateReserved": "2025-11-10T18:57:07.686Z",
"dateUpdated": "2026-01-07T15:36:34.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12970 (GCVE-0-2025-12970)
Vulnerability from cvelistv5 – Published: 2025-11-24 14:39 – Updated: 2026-01-07 15:36
VLAI?
Title
CVE-2025-12970
Summary
The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
Severity ?
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FluentBit | Fluent Bit |
Affected:
0 , < 4.0.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T16:59:58.423891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T17:00:03.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fluent Bit",
"vendor": "FluentBit",
"versions": [
{
"lessThan": "4.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:36:41.505Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
},
{
"url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12970",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12970"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12970",
"datePublished": "2025-11-24T14:39:52.569Z",
"dateReserved": "2025-11-10T17:54:00.525Z",
"dateUpdated": "2026-01-07T15:36:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12121 (GCVE-0-2025-12121)
Vulnerability from cvelistv5 – Published: 2025-11-20 16:39 – Updated: 2025-11-20 18:10
VLAI?
Title
CVE-2025-12121
Summary
Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling (rootview.lua), and the “open in system” command in the treeview plugin (treeview.lua). If an attacker could influence input to system.exec, they might execute arbitrary commands with the privileges of the Lite XL process.
Severity ?
7.3 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T18:09:54.009033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:10:14.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lite XL",
"vendor": "Lite XL",
"versions": [
{
"status": "affected",
"version": "2.1.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling (rootview.lua), and the \u201copen in system\u201d command in the treeview plugin (treeview.lua). If an attacker could influence input to system.exec, they might execute arbitrary commands with the privileges of the Lite XL process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:05:35.524Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/lite-xl/lite-xl/pull/2163"
},
{
"url": "https://kb.cert.org/vuls/id/579478"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12121",
"x_generator": {
"engine": "VINCE 3.0.29",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12121"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12121",
"datePublished": "2025-11-20T16:39:05.297Z",
"dateReserved": "2025-10-23T18:11:28.957Z",
"dateUpdated": "2025-11-20T18:10:14.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12120 (GCVE-0-2025-12120)
Vulnerability from cvelistv5 – Published: 2025-11-20 16:38 – Updated: 2025-11-20 18:09
VLAI?
Title
CVE-2025-12120
Summary
Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.
Severity ?
7.3 (High)
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T18:09:43.235043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:09:45.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lite XL",
"vendor": "Lite XL",
"versions": [
{
"status": "affected",
"version": "2.1.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:52:31.931Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/lite-xl/lite-xl/pull/2164"
},
{
"url": "https://kb.cert.org/vuls/id/579478"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-12120",
"x_generator": {
"engine": "VINCE 3.0.29",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12120"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12120",
"datePublished": "2025-11-20T16:38:29.108Z",
"dateReserved": "2025-10-23T18:11:16.473Z",
"dateUpdated": "2025-11-20T18:09:45.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13204 (GCVE-0-2025-13204)
Vulnerability from cvelistv5 – Published: 2025-11-14 17:02 – Updated: 2025-11-14 20:41
VLAI?
Title
CVE-2025-13204
Summary
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silentmatt | expr-eval |
Affected:
0 , ≤ 2.0.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13204",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T20:36:54.382508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T20:41:22.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "expr-eval",
"vendor": "silentmatt",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."
}
],
"metrics": [
{
"other": {
"content": {
"schemaVersion": "2.0.0",
"selections": [
{
"definition": "The present state of exploitation of the vulnerability.",
"key": "E",
"name": "Exploitation",
"namespace": "ssvc",
"values": [
{
"key": "P",
"name": "Public PoC"
}
],
"version": "1.1.0"
},
{
"definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?",
"key": "A",
"name": "Automatable",
"namespace": "ssvc",
"values": [
{
"key": "Y",
"name": "Yes"
}
],
"version": "2.0.0"
},
{
"definition": "The technical impact of the vulnerability.",
"key": "TI",
"name": "Technical Impact",
"namespace": "ssvc",
"values": [
{
"key": "T",
"name": "Total"
}
],
"version": "1.0.0"
}
],
"timestamp": "2025-11-07T15:47:01.238Z"
},
"type": "ssvcV2_0_0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T20:20:20.104Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.npmjs.com/package/expr-eval-fork"
},
{
"url": "https://github.com/silentmatt/expr-eval"
},
{
"url": "https://github.com/jorenbroekema/expr-eval"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.huntr.dev/bounties/1-npm-expr-eval/"
},
{
"url": "https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py"
},
{
"tags": [
"patch"
],
"url": "https://github.com/silentmatt/expr-eval/pull/252/files"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-13204",
"x_generator": {
"engine": "VINCE 3.0.28",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13204"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13204",
"datePublished": "2025-11-14T17:02:39.529Z",
"dateReserved": "2025-11-14T16:52:35.957Z",
"dateUpdated": "2025-11-14T20:41:22.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12735 (GCVE-0-2025-12735)
Vulnerability from cvelistv5 – Published: 2025-11-05 00:22 – Updated: 2025-11-22 23:45
VLAI?
Title
CVE-2025-12735
Summary
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silentmatt | expr-eval |
Affected:
0 , ≤ 2.0.2
(semver)
|
|||||||
|
|||||||||
Credits
This issue was reported by Jangwoo Choe (UKO)
Patch validation assistance provided by GitHub user huydoppaz.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12735",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:06:48.027568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:07:11.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-08T00:11:55.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/263614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "expr-eval",
"vendor": "silentmatt",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"product": "expr-eval-fork",
"vendor": "expr-eval-fork",
"versions": [
{
"lessThanOrEqual": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was reported by Jangwoo Choe (UKO)"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "Patch validation assistance provided by GitHub user huydoppaz."
}
],
"descriptions": [
{
"lang": "en",
"value": "The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"schemaVersion": "2.0.0",
"selections": [
{
"definition": "The present state of exploitation of the vulnerability.",
"key": "E",
"name": "Exploitation",
"namespace": "ssvc",
"values": [
{
"key": "P",
"name": "Public PoC"
}
],
"version": "1.1.0"
},
{
"definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?",
"key": "A",
"name": "Automatable",
"namespace": "ssvc",
"values": [
{
"key": "Y",
"name": "Yes"
}
],
"version": "2.0.0"
},
{
"definition": "The technical impact of the vulnerability.",
"key": "TI",
"name": "Technical Impact",
"namespace": "ssvc",
"values": [
{
"key": "T",
"name": "Total"
}
],
"version": "1.0.0"
}
],
"timestamp": "2025-11-07T15:47:01.238Z"
},
"type": "ssvcV2_0_0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94: Improper Control of Generation of Code (\u2018Code Injection\u2019)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u2018Prototype Pollution\u2019)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T23:45:45.512Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/silentmatt/expr-eval"
},
{
"url": "https://github.com/jorenbroekema/expr-eval"
},
{
"url": "https://www.npmjs.com/package/expr-eval-fork"
},
{
"url": "https://www.npmjs.com/package/expr-eval"
},
{
"url": "https://github.com/silentmatt/expr-eval/pull/288"
},
{
"name": "Github Security Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-jc85-fpwf-qm7x"
},
{
"name": "CERT/CC Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/263614"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-12735",
"x_generator": {
"engine": "VINCE 3.0.28",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12735"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-12735",
"datePublished": "2025-11-05T00:22:55.297Z",
"dateReserved": "2025-11-05T00:04:49.648Z",
"dateUpdated": "2025-11-22T23:45:45.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}