Search criteria
2088 vulnerabilities by netapp
CVE-2025-26517 (GCVE-0-2025-26517)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:53 – Updated: 2025-09-19 19:07
VLAI?
Summary
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a privilege escalation vulnerability. Successful exploit
could allow an unauthorized authenticated attacker to discover Grid node
names and IP addresses or modify Storage Grades.
Severity ?
5.4 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | StorageGRID |
Affected:
0 , < 11.8.0.15
(custom)
Affected: 0 , < 11.9.0.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T19:07:15.855472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:07:36.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StorageGRID",
"vendor": "NetApp",
"versions": [
{
"lessThan": "11.8.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.9.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eStorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a privilege escalation vulnerability. Successful exploit \ncould allow an unauthorized authenticated attacker to discover Grid node\n names and IP addresses or modify Storage Grades. \u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a privilege escalation vulnerability. Successful exploit \ncould allow an unauthorized authenticated attacker to discover Grid node\n names and IP addresses or modify Storage Grades."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:53:07.531Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250910-0004"
}
],
"source": {
"advisory": "NTAP-20250910-0004",
"discovery": "UNKNOWN"
},
"title": "CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26517",
"datePublished": "2025-09-19T18:53:07.531Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-09-19T19:07:36.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26516 (GCVE-0-2025-26516)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:51 – Updated: 2025-09-19 19:06
VLAI?
Summary
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a Denial of Service vulnerability. Successful exploit
could allow an unauthenticated attacker to cause a Denial of Service on
the Admin node.
Severity ?
5.3 (Medium)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | StorageGRID |
Affected:
0 , < 11.8.0.15
(custom)
Affected: 0 , < 11.9.0.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T19:06:15.932920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:06:24.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StorageGRID",
"vendor": "NetApp",
"versions": [
{
"lessThan": "11.8.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.9.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eStorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a Denial of Service vulnerability. Successful exploit \ncould allow an unauthenticated attacker to cause a Denial of Service on \nthe Admin node.\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a Denial of Service vulnerability. Successful exploit \ncould allow an unauthenticated attacker to cause a Denial of Service on \nthe Admin node."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:51:12.609Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250910-0003"
}
],
"source": {
"advisory": "NTAP-20250910-0003",
"discovery": "UNKNOWN"
},
"title": "CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26516",
"datePublished": "2025-09-19T18:51:12.609Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-09-19T19:06:24.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26515 (GCVE-0-2025-26515)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:34 – Updated: 2025-09-19 18:46
VLAI?
Summary
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without
Single Sign-on enabled are susceptible to a Server-Side Request Forgery
(SSRF) vulnerability. Successful exploit could allow an unauthenticated
attacker to change the password of any Grid Manager or Tenant Manager
non-federated user.
Severity ?
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | StorageGRID |
Affected:
0 , < 11.8.0.15
(custom)
Affected: 0 , < 11.9.0.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T18:46:25.909641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:46:37.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StorageGRID",
"vendor": "NetApp",
"versions": [
{
"lessThan": "11.8.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.9.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eStorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without \nSingle Sign-on enabled are susceptible to a Server-Side Request Forgery \n(SSRF) vulnerability. Successful exploit could allow an unauthenticated \nattacker to change the password of any Grid Manager or Tenant Manager \nnon-federated user.\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without \nSingle Sign-on enabled are susceptible to a Server-Side Request Forgery \n(SSRF) vulnerability. Successful exploit could allow an unauthenticated \nattacker to change the password of any Grid Manager or Tenant Manager \nnon-federated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:34:17.283Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250910-0002"
}
],
"source": {
"advisory": "NTAP-20250910-0002",
"discovery": "UNKNOWN"
},
"title": "CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26515",
"datePublished": "2025-09-19T18:34:17.283Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-09-19T18:46:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26514 (GCVE-0-2025-26514)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:31 – Updated: 2025-09-19 18:49
VLAI?
Summary
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a Reflected Cross-Site Scripting vulnerability.
Successful exploit could allow an attacker to view or modify
configuration settings or add or modify user accounts but requires the
attacker to know specific information about the target instance and then
trick a privileged user into clicking a specially crafted link.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | StorageGRID |
Affected:
0 , < 11.8.0.15
(custom)
Affected: 0 , < 11.9.0.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T18:49:45.652444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:49:58.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StorageGRID",
"vendor": "NetApp",
"versions": [
{
"lessThan": "11.8.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.9.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eStorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a Reflected Cross-Site Scripting vulnerability. \nSuccessful exploit could allow an attacker to view or modify \nconfiguration settings or add or modify user accounts but requires the \nattacker to know specific information about the target instance and then\n trick a privileged user into clicking a specially crafted link.\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a Reflected Cross-Site Scripting vulnerability. \nSuccessful exploit could allow an attacker to view or modify \nconfiguration settings or add or modify user accounts but requires the \nattacker to know specific information about the target instance and then\n trick a privileged user into clicking a specially crafted link."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:31:54.948Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250910-0001"
}
],
"source": {
"advisory": "NTAP-20250910-0001",
"discovery": "UNKNOWN"
},
"title": "CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26514",
"datePublished": "2025-09-19T18:31:54.948Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-09-19T18:49:58.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26513 (GCVE-0-2025-26513)
Vulnerability from cvelistv5 – Published: 2025-08-07 20:29 – Updated: 2025-08-12 03:55
VLAI?
Summary
The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.
Severity ?
CWE
- 267
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | SAN Host Utilities for Windows |
Affected:
0 , < 8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T03:55:11.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAN Host Utilities for Windows",
"vendor": "NetApp",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges."
}
],
"value": "The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "267",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T20:29:07.044Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250806-0001"
}
],
"source": {
"advisory": "NTAP-20250806-0001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26513",
"datePublished": "2025-08-07T20:29:07.044Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-08-12T03:55:11.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27820 (GCVE-0-2025-27820)
Vulnerability from cvelistv5 – Published: 2025-04-24 11:44 – Updated: 2025-06-04 11:20
VLAI?
Summary
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Severity ?
No CVSS data available.
CWE
- PSL Validation Bypass in Apache HttpClient 5.4.x
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HttpComponents |
Affected:
5.4.0 , < 5.4.3
(semver)
|
Credits
Joe Gallo
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T14:58:16.247019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:00:16.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-16T23:03:12.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250516-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HttpComponents",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Joe Gallo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eA bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release\u003cbr\u003e\u003c/code\u003e"
}
],
"value": "A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "PSL Validation Bypass in Apache HttpClient 5.4.x",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T11:20:12.764Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/httpcomponents-client/pull/574"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/httpcomponents-client/pull/621"
},
{
"tags": [
"product"
],
"url": "https://hc.apache.org/httpcomponents-client-5.4.x/index.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache HttpComponents: PSL (Public Suffix List) validation bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-27820",
"datePublished": "2025-04-24T11:44:25.986Z",
"dateReserved": "2025-03-07T12:47:46.839Z",
"dateUpdated": "2025-06-04T11:20:12.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30722 (GCVE-0-2025-30722)
Vulnerability from cvelistv5 – Published: 2025-04-15 20:31 – Updated: 2025-11-03 19:47
VLAI?
Summary
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Severity ?
5.3 (Medium)
CWE
- Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | MySQL Cluster |
Affected:
7.6.0 , ≤ 7.6.33
(semver)
Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:37:19.238602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:57:07.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:47:53.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MySQL Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "7.6.33",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.41",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.4",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.0",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
},
{
"product": "MySQL Client",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.41",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.4",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.0",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.6.33",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.41",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.4.4",
"versionStartIncluding": "8.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.2.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.0.41",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.4.4",
"versionStartIncluding": "8.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.2.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:31:15.014Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-30722",
"datePublished": "2025-04-15T20:31:15.014Z",
"dateReserved": "2025-03-25T20:11:18.271Z",
"dateUpdated": "2025-11-03T19:47:53.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21583 (GCVE-0-2025-21583)
Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-04-19 00:11
VLAI?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.4.0
(semver)
Affected: 9.0.0 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T19:50:38.192389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:41:17.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-19T00:11:08.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:30:56.632Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21583",
"datePublished": "2025-04-15T20:30:56.632Z",
"dateReserved": "2024-12-24T23:18:54.786Z",
"dateUpdated": "2025-04-19T00:11:08.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31672 (GCVE-0-2025-31672)
Vulnerability from cvelistv5 – Published: 2025-04-09 11:59 – Updated: 2025-05-23 13:11
VLAI?
Summary
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.
This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.
Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache POI |
Affected:
0 , < 5.4.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-23T13:11:07.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/08/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T17:06:29.220111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T17:06:47.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.poi:poi-ooxml",
"product": "Apache POI",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\u003cbr\u003eThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\u003cbr\u003eUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://poi.apache.org/security.html\"\u003ehttps://poi.apache.org/security.html\u003c/a\u003e for recommendations about how to use the POI libraries securely."
}
],
"value": "Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.\nThis issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file.\nUsers are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T11:59:33.900Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=69620"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5"
}
],
"source": {
"defect": [
"bug-69620"
],
"discovery": "INTERNAL"
},
"title": "Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-31672",
"datePublished": "2025-04-09T11:59:33.900Z",
"dateReserved": "2025-03-31T21:16:14.017Z",
"dateUpdated": "2025-05-23T13:11:07.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1861 (GCVE-0-2025-1861)
Vulnerability from cvelistv5 – Published: 2025-03-30 05:57 – Updated: 2025-11-03 20:57
VLAI?
Summary
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
Severity ?
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
Credits
Jakub Zelenka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:55:53.101020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:56:00.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:13.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.32",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.28",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.19",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
},
{
"lessThan": "8.4.5",
"status": "affected",
"version": "8.4.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jakub Zelenka"
}
],
"datePublic": "2025-03-23T17:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location."
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-30T05:57:57.894Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrp",
"discovery": "INTERNAL"
},
"title": "Stream HTTP wrapper truncates redirect location to 1024 bytes",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2025-1861",
"datePublished": "2025-03-30T05:57:57.894Z",
"dateReserved": "2025-03-03T04:47:51.192Z",
"dateUpdated": "2025-11-03T20:57:13.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1736 (GCVE-0-2025-1736)
Vulnerability from cvelistv5 – Published: 2025-03-30 05:49 – Updated: 2025-11-03 20:57
VLAI?
Summary
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Credits
Jakub Zelenka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:57:12.660404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:57:22.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:10.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.32",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.28",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.19",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
},
{
"lessThan": "8.4.5",
"status": "affected",
"version": "8.4.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jakub Zelenka"
}
],
"datePublic": "2025-03-23T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.\u0026nbsp;"
}
],
"value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-30T05:49:14.551Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96f",
"discovery": "INTERNAL"
},
"title": "Stream HTTP wrapper header check might omit basic auth header",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2025-1736",
"datePublished": "2025-03-30T05:49:14.551Z",
"dateReserved": "2025-02-27T04:07:07.942Z",
"dateUpdated": "2025-11-03T20:57:10.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1734 (GCVE-0-2025-1734)
Vulnerability from cvelistv5 – Published: 2025-03-30 05:43 – Updated: 2025-11-03 20:57
VLAI?
Summary
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Credits
Jakub Zelenka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T14:21:51.418644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:37:34.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:09.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0009/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.32",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.28",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.19",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
},
{
"lessThan": "8.4.5",
"status": "affected",
"version": "8.4.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jakub Zelenka"
}
],
"datePublic": "2025-03-23T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers."
}
],
"value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers."
}
],
"impacts": [
{
"capecId": "CAPEC-273",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-273 HTTP Response Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-30T05:43:35.771Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36",
"discovery": "INTERNAL"
},
"title": "Streams HTTP wrapper does not fail for headers with invalid name and no colon",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2025-1734",
"datePublished": "2025-03-30T05:43:35.771Z",
"dateReserved": "2025-02-27T04:03:59.544Z",
"dateUpdated": "2025-11-03T20:57:09.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26512 (GCVE-0-2025-26512)
Vulnerability from cvelistv5 – Published: 2025-03-24 22:06 – Updated: 2025-03-27 03:55
VLAI?
Summary
SnapCenter versions prior to
6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an
authenticated SnapCenter Server user to become an admin user on a remote
system where a SnapCenter plug-in has been installed.
Severity ?
9.9 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | SnapCenter |
Affected:
0 , < 6.0.1P1
(custom)
Affected: 0 , < 6.1P1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-25T00:11:33.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250324-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:12.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SnapCenter",
"vendor": "NetApp",
"versions": [
{
"lessThan": "6.0.1P1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.1P1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eSnapCenter versions prior to \n6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an \nauthenticated SnapCenter Server user to become an admin user on a remote\n system where a SnapCenter plug-in has been installed.\u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "SnapCenter versions prior to \n6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an \nauthenticated SnapCenter Server user to become an admin user on a remote\n system where a SnapCenter plug-in has been installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T22:06:00.720Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20250324-0001"
}
],
"source": {
"advisory": "NTAP-20250324-0001",
"discovery": "UNKNOWN"
},
"title": "CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26512",
"datePublished": "2025-03-24T22:06:00.720Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-03-27T03:55:12.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25292 (GCVE-0-2025-25292)
Vulnerability from cvelistv5 – Published: 2025-03-12 20:53 – Updated: 2025-11-03 19:45
VLAI?
Summary
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:45:01.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0009/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:32:48.636527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:32:54.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:06:17.813Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-754f-8gm6-c4r2",
"discovery": "UNKNOWN"
},
"title": "Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25292",
"datePublished": "2025-03-12T20:53:24.353Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:45:01.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25291 (GCVE-0-2025-25291)
Vulnerability from cvelistv5 – Published: 2025-03-12 20:16 – Updated: 2025-11-03 19:44
VLAI?
Summary
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T20:06:31.066662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T20:06:50.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:59.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0010/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:07:07.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-4vc4-m8qh-g8jm",
"discovery": "UNKNOWN"
},
"title": "ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25291",
"datePublished": "2025-03-12T20:16:12.181Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:44:59.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27423 (GCVE-0-2025-27423)
Vulnerability from cvelistv5 – Published: 2025-03-03 16:30 – Updated: 2025-05-02 23:03
VLAI?
Summary
Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164
Severity ?
7.1 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T18:42:38.611702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T21:10:48.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-02T23:03:02.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250502-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.1164"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the \":read\" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used (\u0027shell\u0027 option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T16:30:19.752Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3"
},
{
"name": "https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29"
},
{
"name": "https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399"
}
],
"source": {
"advisory": "GHSA-wfmf-8626-q3r3",
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in Vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27423",
"datePublished": "2025-03-03T16:30:19.752Z",
"dateReserved": "2025-02-24T15:51:17.269Z",
"dateUpdated": "2025-05-02T23:03:02.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26603 (GCVE-0-2025-26603)
Vulnerability from cvelistv5 – Published: 2025-02-18 19:04 – Updated: 2025-03-07 00:10
VLAI?
Summary
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
4.2 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T14:42:36.300267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:15:59.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-07T00:10:51.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.1115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:04:24.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v"
},
{
"name": "https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8"
}
],
"source": {
"advisory": "GHSA-63p5-mwg2-787v",
"discovery": "UNKNOWN"
},
"title": "heap-use-after-free in function str_to_reg in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-26603",
"datePublished": "2025-02-18T19:04:24.273Z",
"dateReserved": "2025-02-12T14:51:02.717Z",
"dateUpdated": "2025-03-07T00:10:51.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26465 (GCVE-0-2025-26465)
Vulnerability from cvelistv5 – Published: 2025-02-18 18:27 – Updated: 2025-11-06 23:33
VLAI?
Summary
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Severity ?
6.8 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
6.8p1 , ≤ 9.9p1
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:55.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
},
{
"url": "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1237040"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-26465"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"
},
{
"url": "https://ubuntu.com/security/CVE-2025-26465"
},
{
"url": "https://www.openssh.com/releasenotes.html#9.9p2"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250228-0003/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Feb/18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26465",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:02:09.369445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:02:45.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.openssh.com/",
"defaultStatus": "unaffected",
"packageName": "OpenSSH",
"repo": "https://anongit.mindrot.org/openssh.git",
"versions": [
{
"lessThanOrEqual": "9.9p1",
"status": "affected",
"version": "6.8p1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.0p1-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.0p1-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-45.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-45.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T23:33:09.945Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:16823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16823"
},
{
"name": "RHSA-2025:3837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3837"
},
{
"name": "RHSA-2025:6993",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:6993"
},
{
"name": "RHSA-2025:8385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"url": "https://access.redhat.com/solutions/7109879"
},
{
"name": "RHBZ#2344780",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
},
{
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T21:56:03.853000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-17T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26465",
"datePublished": "2025-02-18T18:27:16.843Z",
"dateReserved": "2025-02-10T18:31:47.978Z",
"dateUpdated": "2025-11-06T23:33:09.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56171 (GCVE-0-2024-56171)
Vulnerability from cvelistv5 – Published: 2025-02-18 00:00 – Updated: 2025-11-03 20:49
VLAI?
Summary
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T16:26:31.484719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:26:41.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:49:05.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0010/"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxml2",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "2.12.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.13.6",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.6",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T22:10:20.934Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-56171",
"datePublished": "2025-02-18T00:00:00.000Z",
"dateReserved": "2024-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:49:05.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26511 (GCVE-0-2025-26511)
Vulnerability from cvelistv5 – Published: 2025-02-13 15:44 – Updated: 2025-02-13 23:33
VLAI?
Summary
Systems running the Instaclustr
fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0
through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into
Apache Cassandra version 4.x, are susceptible to a vulnerability which
when successfully exploited could allow authenticated Cassandra users to
remotely bypass RBAC and escalate their privileges.
Severity ?
8.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin |
Affected:
4.0-rc1-1.0.0 , ≤ 4.0.16-1.0.0
(custom)
Affected: 4.1.2-1.0.0 , ≤ 4.1.8-1.0.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:01:15.263931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:03:29.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Instaclustr fork of Stratio\u0027s Cassandra-Lucene-Index plugin",
"repo": "https://github.com/instaclustr/cassandra-lucene-index",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "4.0.16-1.0.0",
"status": "affected",
"version": "4.0-rc1-1.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.8-1.0.0",
"status": "affected",
"version": "4.1.2-1.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eSystems running the Instaclustr \nfork of Stratio\u0027s Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 \nthrough 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into\n Apache Cassandra version 4.x, are susceptible to a vulnerability which \nwhen successfully exploited could allow authenticated Cassandra users to\n remotely bypass RBAC and escalate their privileges. \u003c/p\u003e\n\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Systems running the Instaclustr \nfork of Stratio\u0027s Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 \nthrough 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into\n Apache Cassandra version 4.x, are susceptible to a vulnerability which \nwhen successfully exploited could allow authenticated Cassandra users to\n remotely bypass RBAC and escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T23:33:06.482Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx"
}
],
"source": {
"advisory": "GHSA-mrqp-q7vx-v2cx",
"discovery": "UNKNOWN"
},
"title": "Cassandra-Lucene-Index allows bypass of Cassandra RBAC",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2025-26511",
"datePublished": "2025-02-13T15:44:06.315Z",
"dateReserved": "2025-02-11T21:58:04.395Z",
"dateUpdated": "2025-02-13T23:33:06.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1215 (GCVE-0-2025-1215)
Vulnerability from cvelistv5 – Published: 2025-02-12 18:31 – Updated: 2025-03-21 18:03
VLAI?
Summary
A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
wenjusun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:39:18.655840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:39:22.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.497546"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/vim/vim/issues/16606"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-21T18:03:50.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250321-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1.1096"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In vim bis 9.1.1096 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei src/main.c. Dank der Manipulation des Arguments --log mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 9.1.1097 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c5654b84480822817bb7b69ebc97c174c91185e9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T18:31:06.472Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295174 | vim main.c memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295174"
},
{
"name": "VDB-295174 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295174"
},
{
"name": "Submit #497546 | VIM vim 68d08588928b29fe0b19e3513cd689486260ab1c illegal read access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.497546"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/vim/vim/issues/16606"
},
{
"tags": [
"patch"
],
"url": "https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.1097"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-10T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-11T00:01:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "vim main.c memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1215",
"datePublished": "2025-02-12T18:31:06.472Z",
"dateReserved": "2025-02-10T22:55:47.747Z",
"dateUpdated": "2025-03-21T18:03:50.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1181 (GCVE-0-2025-1181)
Vulnerability from cvelistv5 – Published: 2025-02-11 08:00 – Updated: 2025-04-25 23:02
VLAI?
Summary
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
wenjusun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1181",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:50:50.876062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T14:51:30.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32643"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.495402"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:02:58.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"ld"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.43 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion _bfd_elf_gc_mark_rsec der Datei bfd/elflink.c der Komponente ld. Durch das Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 931494c9a89558acb36a03a340c01726545eef24 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T08:00:11.337Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295084 | GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295084"
},
{
"name": "VDB-295084 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295084"
},
{
"name": "Submit #495402 | GNU ld 2.43 illegal read access with --gc-sections --no-print-gc-sections -w",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.495402"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32643"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15918"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-10T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-10T12:06:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1181",
"datePublished": "2025-02-11T08:00:11.337Z",
"dateReserved": "2025-02-10T11:01:33.294Z",
"dateUpdated": "2025-04-25T23:02:58.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1178 (GCVE-0-2025-1178)
Vulnerability from cvelistv5 – Published: 2025-02-11 06:31 – Updated: 2025-04-11 22:03
VLAI?
Summary
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.
Severity ?
5.6 (Medium)
5.6 (Medium)
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
wenjusun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1178",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:29:07.297947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:29:39.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32638"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-11T22:03:22.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250411-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"ld"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.43 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion bfd_putl64 der Datei libbfd.c der Komponente ld. Mittels Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 75086e9de1707281172cc77f178e7949a4414ed0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T06:31:12.580Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295081 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295081"
},
{
"name": "VDB-295081 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295081"
},
{
"name": "Submit #495369 | GNU ld 2.43 Illegal write access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.495369"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32638"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15914"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-10T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-10T11:52:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils ld libbfd.c bfd_putl64 memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1178",
"datePublished": "2025-02-11T06:31:12.580Z",
"dateReserved": "2025-02-10T10:46:36.503Z",
"dateUpdated": "2025-04-11T22:03:22.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24970 (GCVE-0-2025-24970)
Vulnerability from cvelistv5 – Published: 2025-02-10 21:57 – Updated: 2025-04-16 15:37
VLAI?
Summary
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24970",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:30:54.865019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:31:38.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-16T15:37:17.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250221-0005/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.1.91.Final, \u003c= 4.1.117.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn\u0027t correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T21:57:28.730Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
},
{
"name": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
}
],
"source": {
"advisory": "GHSA-4g8c-wm8x-jfhw",
"discovery": "UNKNOWN"
},
"title": "SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24970",
"datePublished": "2025-02-10T21:57:28.730Z",
"dateReserved": "2025-01-29T15:18:03.210Z",
"dateUpdated": "2025-04-16T15:37:17.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0725 (GCVE-0-2025-0725)
Vulnerability from cvelistv5 – Published: 2025-02-05 09:18 – Updated: 2025-06-12 16:04
VLAI?
Summary
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
Severity ?
7.3 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| curl | curl |
Affected:
8.11.1 , ≤ 8.11.1
(semver)
Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver) Affected: 7.13.2 , ≤ 7.13.2 (semver) Affected: 7.13.1 , ≤ 7.13.1 (semver) Affected: 7.13.0 , ≤ 7.13.0 (semver) Affected: 7.12.3 , ≤ 7.12.3 (semver) Affected: 7.12.2 , ≤ 7.12.2 (semver) Affected: 7.12.1 , ≤ 7.12.1 (semver) Affected: 7.12.0 , ≤ 7.12.0 (semver) Affected: 7.11.2 , ≤ 7.11.2 (semver) Affected: 7.11.1 , ≤ 7.11.1 (semver) Affected: 7.11.0 , ≤ 7.11.0 (semver) Affected: 7.10.8 , ≤ 7.10.8 (semver) Affected: 7.10.7 , ≤ 7.10.7 (semver) Affected: 7.10.6 , ≤ 7.10.6 (semver) Affected: 7.10.5 , ≤ 7.10.5 (semver) |
Credits
z2_
Daniel Stenberg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-12T16:04:29.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/06/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/06/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0009/"
},
{
"url": "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0725",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:33:50.737849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T14:34:15.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.11.1",
"status": "affected",
"version": "8.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.0",
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.75.0",
"status": "affected",
"version": "7.75.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.74.0",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.73.0",
"status": "affected",
"version": "7.73.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.72.0",
"status": "affected",
"version": "7.72.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.1",
"status": "affected",
"version": "7.71.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.0",
"status": "affected",
"version": "7.71.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.70.0",
"status": "affected",
"version": "7.70.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.1",
"status": "affected",
"version": "7.69.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.0",
"status": "affected",
"version": "7.69.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.68.0",
"status": "affected",
"version": "7.68.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.67.0",
"status": "affected",
"version": "7.67.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.66.0",
"status": "affected",
"version": "7.66.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.3",
"status": "affected",
"version": "7.65.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.2",
"status": "affected",
"version": "7.65.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.1",
"status": "affected",
"version": "7.65.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.0",
"status": "affected",
"version": "7.65.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.1",
"status": "affected",
"version": "7.64.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.0",
"status": "affected",
"version": "7.64.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.63.0",
"status": "affected",
"version": "7.63.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.62.0",
"status": "affected",
"version": "7.62.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.1",
"status": "affected",
"version": "7.61.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.0",
"status": "affected",
"version": "7.61.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.60.0",
"status": "affected",
"version": "7.60.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.59.0",
"status": "affected",
"version": "7.59.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.58.0",
"status": "affected",
"version": "7.58.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.57.0",
"status": "affected",
"version": "7.57.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.1",
"status": "affected",
"version": "7.56.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.0",
"status": "affected",
"version": "7.56.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.1",
"status": "affected",
"version": "7.55.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.0",
"status": "affected",
"version": "7.55.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.1",
"status": "affected",
"version": "7.54.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.0",
"status": "affected",
"version": "7.54.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.1",
"status": "affected",
"version": "7.53.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.0",
"status": "affected",
"version": "7.53.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.1",
"status": "affected",
"version": "7.52.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.0",
"status": "affected",
"version": "7.52.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.51.0",
"status": "affected",
"version": "7.51.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.3",
"status": "affected",
"version": "7.50.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.2",
"status": "affected",
"version": "7.50.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.1",
"status": "affected",
"version": "7.50.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.0",
"status": "affected",
"version": "7.50.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.1",
"status": "affected",
"version": "7.49.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.0",
"status": "affected",
"version": "7.49.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.48.0",
"status": "affected",
"version": "7.48.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.1",
"status": "affected",
"version": "7.47.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.0",
"status": "affected",
"version": "7.47.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.46.0",
"status": "affected",
"version": "7.46.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.45.0",
"status": "affected",
"version": "7.45.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.44.0",
"status": "affected",
"version": "7.44.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.43.0",
"status": "affected",
"version": "7.43.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.1",
"status": "affected",
"version": "7.42.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.0",
"status": "affected",
"version": "7.42.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.41.0",
"status": "affected",
"version": "7.41.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.40.0",
"status": "affected",
"version": "7.40.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.39.0",
"status": "affected",
"version": "7.39.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.38.0",
"status": "affected",
"version": "7.38.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.1",
"status": "affected",
"version": "7.37.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.0",
"status": "affected",
"version": "7.37.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.36.0",
"status": "affected",
"version": "7.36.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.35.0",
"status": "affected",
"version": "7.35.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.34.0",
"status": "affected",
"version": "7.34.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.33.0",
"status": "affected",
"version": "7.33.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.32.0",
"status": "affected",
"version": "7.32.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.31.0",
"status": "affected",
"version": "7.31.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.30.0",
"status": "affected",
"version": "7.30.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.29.0",
"status": "affected",
"version": "7.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.1",
"status": "affected",
"version": "7.28.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.0",
"status": "affected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.27.0",
"status": "affected",
"version": "7.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.26.0",
"status": "affected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.25.0",
"status": "affected",
"version": "7.25.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.24.0",
"status": "affected",
"version": "7.24.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.1",
"status": "affected",
"version": "7.23.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.22.0",
"status": "affected",
"version": "7.22.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.7",
"status": "affected",
"version": "7.21.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.6",
"status": "affected",
"version": "7.21.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.5",
"status": "affected",
"version": "7.21.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.4",
"status": "affected",
"version": "7.21.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.3",
"status": "affected",
"version": "7.21.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.2",
"status": "affected",
"version": "7.21.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.1",
"status": "affected",
"version": "7.21.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.0",
"status": "affected",
"version": "7.21.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.1",
"status": "affected",
"version": "7.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.0",
"status": "affected",
"version": "7.20.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.7",
"status": "affected",
"version": "7.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.6",
"status": "affected",
"version": "7.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.5",
"status": "affected",
"version": "7.19.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.4",
"status": "affected",
"version": "7.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.3",
"status": "affected",
"version": "7.19.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.2",
"status": "affected",
"version": "7.19.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.1",
"status": "affected",
"version": "7.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.0",
"status": "affected",
"version": "7.19.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.2",
"status": "affected",
"version": "7.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.1",
"status": "affected",
"version": "7.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.0",
"status": "affected",
"version": "7.18.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.1",
"status": "affected",
"version": "7.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.0",
"status": "affected",
"version": "7.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.4",
"status": "affected",
"version": "7.16.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.3",
"status": "affected",
"version": "7.16.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.2",
"status": "affected",
"version": "7.16.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.1",
"status": "affected",
"version": "7.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.0",
"status": "affected",
"version": "7.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.5",
"status": "affected",
"version": "7.15.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.4",
"status": "affected",
"version": "7.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.3",
"status": "affected",
"version": "7.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.2",
"status": "affected",
"version": "7.15.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.1",
"status": "affected",
"version": "7.15.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "7.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.1",
"status": "affected",
"version": "7.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.0",
"status": "affected",
"version": "7.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "7.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.1",
"status": "affected",
"version": "7.13.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.0",
"status": "affected",
"version": "7.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.3",
"status": "affected",
"version": "7.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.2",
"status": "affected",
"version": "7.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.1",
"status": "affected",
"version": "7.12.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "7.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "7.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "7.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "7.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.8",
"status": "affected",
"version": "7.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.7",
"status": "affected",
"version": "7.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.6",
"status": "affected",
"version": "7.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.5",
"status": "affected",
"version": "7.10.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "z2_"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T09:18:20.468Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-0725.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-0725.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2956023"
}
],
"title": "gzip integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-0725",
"datePublished": "2025-02-05T09:18:20.468Z",
"dateReserved": "2025-01-27T04:58:09.514Z",
"dateUpdated": "2025-06-12T16:04:29.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0509 (GCVE-0-2025-0509)
Vulnerability from cvelistv5 – Published: 2025-02-04 20:01 – Updated: 2025-02-17 12:03
VLAI?
Summary
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
Severity ?
7.3 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sparkle-project | Sparkle |
Affected:
0 , < 2.6.4
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-04T20:02:51.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:29:02.431803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Sparkle",
"repo": "https://github.com/sparkle-project/Sparkle/",
"vendor": "sparkle-project",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks."
}
],
"impacts": [
{
"capecId": "CAPEC-184",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-184 Software Integrity Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T12:03:46.428Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"url": "https://sparkle-project.org/documentation/security-and-reliability/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Signing Checks Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-0509",
"datePublished": "2025-02-04T20:01:08.865Z",
"dateReserved": "2025-01-15T21:25:14.312Z",
"dateUpdated": "2025-02-17T12:03:46.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0411 (GCVE-0-2025-0411)
Vulnerability from cvelistv5 – Published: 2025-01-25 04:28 – Updated: 2025-10-21 22:55
VLAI?
Summary
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-07T17:02:53.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/24/6"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250207-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0411",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T04:55:28.684912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0411"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:31.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0411"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00+00:00",
"value": "CVE-2025-0411 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "7-Zip",
"vendor": "7-Zip",
"versions": [
{
"status": "affected",
"version": "24.08 (x64)"
}
]
}
],
"dateAssigned": "2025-01-13T03:13:25.071Z",
"datePublic": "2025-01-20T02:13:03.900Z",
"descriptions": [
{
"lang": "en",
"value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T04:28:24.270Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-045",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/"
}
],
"source": {
"lang": "en",
"value": "Peter Girnus - Trend Micro Zero Day Initiative"
},
"title": "7-Zip Mark-of-the-Web Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-0411",
"datePublished": "2025-01-25T04:28:24.270Z",
"dateReserved": "2025-01-13T03:13:25.012Z",
"dateUpdated": "2025-10-21T22:55:31.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21492 (GCVE-0-2025-21492)
Vulnerability from cvelistv5 – Published: 2025-01-21 20:52 – Updated: 2025-01-24 20:03
VLAI?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
* , ≤ 8.0.36
(custom)
Affected: 8.4.0 cpe:2.3:a:oracle:mysql_server:8.0.36_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:13:03.395083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:48.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:15.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.36_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.36",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:53.040Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21492",
"datePublished": "2025-01-21T20:52:53.040Z",
"dateReserved": "2024-12-24T23:18:54.761Z",
"dateUpdated": "2025-01-24T20:03:15.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8932 (GCVE-0-2024-8932)
Vulnerability from cvelistv5 – Published: 2024-11-22 06:03 – Updated: 2025-11-03 22:33
VLAI?
Summary
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Yiheng Cao
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "php",
"vendor": "php_group",
"versions": [
{
"lessThan": "8.1.31",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.2.26",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.3.14",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T04:55:17.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:33:12.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250110-0009/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"ldap"
],
"platforms": [
"32 bit"
],
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.31",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.26",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.14",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yiheng Cao"
}
],
"datePublic": "2024-11-21T18:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to \u003c/span\u003e\u003ccode\u003eldap_escape()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T06:03:29.764Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4",
"discovery": "EXTERNAL"
},
"title": "OOB access in ldap_escape",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2024-8932",
"datePublished": "2024-11-22T06:03:29.764Z",
"dateReserved": "2024-09-17T04:50:14.830Z",
"dateUpdated": "2025-11-03T22:33:12.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3447 (GCVE-0-2024-3447)
Vulnerability from cvelistv5 – Published: 2024-11-14 12:10 – Updated: 2025-11-03 19:29
VLAI?
Summary
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Severity ?
6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.5.0 , < 9.0.0
(semver)
|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Chuhong Yuan for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:53:42.574300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:32:53.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:52.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "unaffected",
"packageName": "qemu",
"versions": [
{
"lessThan": "9.0.0",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Chuhong Yuan for reporting this issue."
}
],
"datePublic": "2024-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T12:10:36.880Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3447"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"
},
{
"name": "RHBZ#2274123",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123"
},
{
"url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-09T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-3447",
"datePublished": "2024-11-14T12:10:36.880Z",
"dateReserved": "2024-04-08T07:52:52.103Z",
"dateUpdated": "2025-11-03T19:29:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}