{"uuid": "08542682-e948-471c-bc90-159f9ccc9280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4692", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17366", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4692\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the \n\nABUP Cloud Update Platform.\n\ud83d\udccf Published: 2025-05-22T23:12:39.168Z\n\ud83d\udccf Modified: 2025-05-22T23:12:39.168Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01", "creation_timestamp": "2025-05-22T23:43:39.000000Z"}