{"vulnerability": "CVE-2025-2485", "sightings": [{"uuid": "adf42243-f54e-4abe-8915-09e42b78fb7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgmzfkq6sa2q", "content": "", "creation_timestamp": "2025-01-26T08:35:22.117773Z"}, {"uuid": "62685e29-6a0e-44db-874a-4db3f5646ac2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgmrm4mrof2h", "content": "", "creation_timestamp": "2025-01-26T06:15:50.680099Z"}, {"uuid": "43b59a7f-eced-4dd7-a95f-cc6e73d43abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lml5bepu352t", "content": "", "creation_timestamp": "2025-04-11T23:10:25.369027Z"}, {"uuid": "5b4b0248-1310-4e1f-916c-7e0edefa1692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkcrxqntze2n", "content": "", "creation_timestamp": "2025-03-14T04:36:29.967991Z"}, {"uuid": "644a48e8-1cd9-45f2-bc30-979203d9650b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24852", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", "content": "", "creation_timestamp": "2025-03-25T11:00:00.000000Z"}, {"uuid": "6f31c38b-9237-489c-9738-e5ed71cb7c86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113893158085655463", "content": "", "creation_timestamp": "2025-01-26T06:07:55.368017Z"}, {"uuid": "9a6589b9-cc1d-4612-83c1-31d9d35de5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/114157281792619030", "content": "", "creation_timestamp": "2025-03-13T21:38:03.810864Z"}, {"uuid": "0c964343-d769-4412-9e0a-6e5bffd468b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "seen", "source": "https://bsky.app/profile/wdormann.infosec.exchange.ap.brid.gy/post/3lkc2lo4cfmf2", "content": "", "creation_timestamp": "2025-03-13T21:38:24.181681Z"}, {"uuid": "105e9ea4-b196-48c6-8187-6f358514f375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmucnrdj3g2j", "content": "", "creation_timestamp": "2025-04-15T14:40:48.246979Z"}, {"uuid": "3addf0c8-bbfb-4a1d-8221-ca7ee8064414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/youranonriots.bsky.social/post/3lmura3o7522d", "content": "", "creation_timestamp": "2025-04-15T19:01:39.170028Z"}, {"uuid": "1de53b83-1f1b-4968-b6f6-9cbaa5bf7560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html", "content": "", "creation_timestamp": "2025-04-15T11:44:00.000000Z"}, {"uuid": "2b25b263-135f-4b19-8b39-3845c5a3d078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114336254356067939", "content": "", "creation_timestamp": "2025-04-14T12:13:08.055608Z"}, {"uuid": "1090f385-2d46-4660-bd4b-a73e7e5e42ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmt24vutee2w", "content": "", "creation_timestamp": "2025-04-15T02:35:32.563758Z"}, {"uuid": "5a709618-a875-4172-95ce-e9fa416c2dcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lmtaohuwf22j", "content": "", "creation_timestamp": "2025-04-15T04:32:46.920630Z"}, {"uuid": "58764a62-2356-4e82-a242-0e3ccdd0c25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmthsimrl22h", "content": "", "creation_timestamp": "2025-04-15T06:40:18.707508Z"}, {"uuid": "35526abb-8d06-40dd-9cb7-6e8b3d883ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmucojn5na2s", "content": "", "creation_timestamp": "2025-04-15T14:41:14.053244Z"}, {"uuid": "4a849254-530a-48d1-82df-cd6b657c4584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/0x58/statuses/114342923481006389", "content": "", "creation_timestamp": "2025-04-15T16:29:10.822943Z"}, {"uuid": "1769c25b-de01-4bd9-8e8b-dde9448a2ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24850", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "cdf4cfaa-4e80-4577-bb42-1c50c9e24f21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lmxreqvqra2d", "content": "", "creation_timestamp": "2025-04-16T23:42:11.408326Z"}, {"uuid": "905bb38c-24e6-4c06-8275-24657eaabe30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmvqrffntf2h", "content": "", "creation_timestamp": "2025-04-16T04:26:01.693544Z"}, {"uuid": "ff7a29b6-46d3-4bba-8780-ade3589cd72a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3lmvsfh4ki626", "content": "", "creation_timestamp": "2025-04-16T04:55:08.823627Z"}, {"uuid": "7fa4fb48-827a-479e-bcda-b8c00ef17913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogm4m2t", "content": "", "creation_timestamp": "2025-04-17T01:03:47.139593Z"}, {"uuid": "66f253f4-5b16-4627-a040-2b3a63369e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogsxe2t", "content": "", "creation_timestamp": "2025-04-17T01:03:50.286488Z"}, {"uuid": "fb036b4d-c2a0-405a-928c-c0bf4f2ac1b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogtwm2t", "content": "", "creation_timestamp": "2025-04-17T01:03:53.447316Z"}, {"uuid": "05ec5de3-c919-4beb-b753-abf705c40b80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogtwn2t", "content": "", "creation_timestamp": "2025-04-17T01:03:56.600168Z"}, {"uuid": "04802741-e299-4540-8c88-0e28bfb37c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwoguvv2t", "content": "", "creation_timestamp": "2025-04-17T01:03:59.693240Z"}, {"uuid": "1f09c4be-e451-4122-9dd0-13c76706e672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv52t", "content": "", "creation_timestamp": "2025-04-17T01:04:02.766264Z"}, {"uuid": "e7080a92-1478-49ea-a7a6-7bdf651c04a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv62t", "content": "", "creation_timestamp": "2025-04-17T01:04:05.926963Z"}, {"uuid": "7694d31a-9d4c-408b-ab93-90edad06fd46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv72t", "content": "", "creation_timestamp": "2025-04-17T01:04:09.201160Z"}, {"uuid": "ab356f3d-e049-4153-8640-f66834d72b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwui2t", "content": "", "creation_timestamp": "2025-04-17T01:04:15.621795Z"}, {"uuid": "b20240d8-01f0-4b6f-9812-d4c83784777f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogxtt2t", "content": "", "creation_timestamp": "2025-04-17T01:04:28.257449Z"}, {"uuid": "18b3a191-f8ca-43cf-8259-46d3e3715e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuk2t", "content": "", "creation_timestamp": "2025-04-17T01:04:21.903451Z"}, {"uuid": "dda518c3-ee5a-4285-87fe-6e6cd06a1e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuh2t", "content": "", "creation_timestamp": "2025-04-17T01:04:12.441327Z"}, {"uuid": "d4eb5586-aaee-4769-84c8-6fdfd22031e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114347307004640778", "content": "", "creation_timestamp": "2025-04-16T11:03:58.687119Z"}, {"uuid": "513f7a42-3398-44c7-b957-a08c31bbd97d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3lmwqa7d2i22x", "content": "", "creation_timestamp": "2025-04-16T13:49:04.282574Z"}, {"uuid": "0be3fd51-1540-4f77-87ec-491fab8ad35a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuj2t", "content": "", "creation_timestamp": "2025-04-17T01:04:18.740018Z"}, {"uuid": "478fda16-ec37-4ddb-9408-632e52bbd69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwul2t", "content": "", "creation_timestamp": "2025-04-17T01:04:25.096029Z"}, {"uuid": "7f357c5f-8993-444f-aa6a-9a06e894e24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmzzwzoqis26", "content": "", "creation_timestamp": "2025-04-17T21:20:53.648180Z"}, {"uuid": "bfdad1b7-79e2-4d55-9be2-f8d9d31b6f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmzzztadps26", "content": "", "creation_timestamp": "2025-04-17T21:22:35.487411Z"}, {"uuid": "a61c3f9a-bcba-4aeb-8bd1-ac87b0d41f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ln22beoh3226", "content": "", "creation_timestamp": "2025-04-17T21:26:44.035436Z"}, {"uuid": "6e3b39b7-da25-4786-b903-052890f96851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24852", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:57.000000Z"}, {"uuid": "dc1a3088-3b4e-4d95-9dd7-b2fdbe00ea03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/idenhaus.bsky.social/post/3lnnunenv2e2e", "content": "", "creation_timestamp": "2025-04-25T18:39:15.490159Z"}, {"uuid": "5b68cfc2-d8ab-4713-83fd-5978bcef0866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2485", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lpmyc6i4bj2a", "content": "", "creation_timestamp": "2025-05-20T21:02:22.592350Z"}, {"uuid": "fe49699a-cb71-480b-a481-1784c7d0f705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ln52jzmns22p", "content": "", "creation_timestamp": "2025-04-19T02:09:32.838506Z"}, {"uuid": "e953e5a5-6625-48e5-9e9f-60cb0eb45373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24853", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lv7dkab3e72u", "content": "", "creation_timestamp": "2025-07-30T19:17:32.776666Z"}, {"uuid": "72e44ff4-7f97-41af-adf7-98513538e7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24854", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lv7ennm4bb2p", "content": "", "creation_timestamp": "2025-07-30T19:37:21.153182Z"}, {"uuid": "356f6d5d-cae1-417b-a9f2-2a049af2b020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24854", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/67", "content": "", "creation_timestamp": "2025-07-30T17:07:24.000000Z"}, {"uuid": "425f9a7f-3a6e-4943-a4e4-22a895cf05ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvaxytxyzj26", "content": "", "creation_timestamp": "2025-07-31T10:56:17.971752Z"}, {"uuid": "3fdcdf92-d620-4379-83b1-3bac0fbb75a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24854", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvayakgo7m2e", "content": "", "creation_timestamp": "2025-07-31T11:00:36.284437Z"}, {"uuid": "6960a186-03c8-4a6b-95df-597cad52b560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24853", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/66", "content": "", "creation_timestamp": "2025-07-30T16:52:21.000000Z"}, {"uuid": "ad2abb45-ad72-41d1-acd5-5aa3ed760daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24857", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01", "content": "", "creation_timestamp": "2025-12-09T11:00:00.000000Z"}, {"uuid": "372804ff-0cc6-4f7a-ba5a-371f9474cdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24852", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "b6955f33-c6af-4420-ad68-7ed4865d4b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24856", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7699", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24856\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C)\n\ud83d\udd39 Description: An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the e-mail address of the user, (2) an attacker can register a public frontend user account using that e-mail address before the user's first OIDC login, and (3) the IDP returns an email field containing the e-mail address of the user,\n\ud83d\udccf Published: 2025-03-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-16T04:05:41.305Z\n\ud83d\udd17 References:\n1. https://typo3.org/security/advisory/typo3-ext-sa-2025-001\n2. https://github.com/xperseguers/t3ext-oidc/commit/877e09f6faf4c87bbb41233112ec7e30d3c902b3", "creation_timestamp": "2025-03-16T04:45:57.000000Z"}, {"uuid": "47f8a795-b720-4082-9025-afdb0fb77031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7514", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24855\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H)\n\ud83d\udd39 Description: numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.\n\ud83d\udccf Published: 2025-03-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-14T01:12:30.912Z\n\ud83d\udd17 References:\n1. https://gitlab.gnome.org/GNOME/libxslt/-/issues/128", "creation_timestamp": "2025-03-14T01:48:04.000000Z"}, {"uuid": "0c0bd684-f4d6-4dc9-beeb-1b882d6e185d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24858\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T06:15:23.470\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://security.gradle.com/advisory/2025-01", "creation_timestamp": "2025-01-26T07:14:12.000000Z"}, {"uuid": "d90e40d9-6c3b-42fa-af8c-3cbeec9add63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2485", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2485\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload'\n function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file upload action. The Flamingo plugin must be installed and activated in order to exploit the vulnerability.\n\ud83d\udccf Published: 2025-03-28T06:51:46.034Z\n\ud83d\udccf Modified: 2025-03-28T06:51:46.034Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/79ffe548-0005-4f5e-873f-a1afec64a251?source=cve\n2. https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php#L25\n3. https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php#L844\n4. https://plugins.trac.wordpress.org/changeset/3261964/", "creation_timestamp": "2025-03-28T07:27:25.000000Z"}, {"uuid": "9286aefc-1960-40ba-a91d-1cbe4c2139ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24852", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24852\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.\n\ud83d\udccf Published: 2025-03-31T04:49:07.988Z\n\ud83d\udccf Modified: 2025-03-31T04:49:07.988Z\n\ud83d\udd17 References:\n1. https://www.inaba.co.jp/files/chocomini_vulnerability.pdf\n2. https://jvn.jp/en/vu/JVNVU91154745/\n3. https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04\n4. https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", "creation_timestamp": "2025-03-31T05:31:19.000000Z"}, {"uuid": "0014080f-7356-4277-8150-89a4702fa8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24859\n\ud83d\udd25 CVSS Score: 10 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.\n\nThis issue affects Apache Roller versions up to and including 6.1.4.\n\nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.\n\ud83d\udccf Published: 2025-04-14T08:18:54.729Z\n\ud83d\udccf Modified: 2025-04-14T08:18:54.729Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/vxv52vdr8nhtjlj6v02w43fdvo0cxw23\n2. https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f", "creation_timestamp": "2025-04-14T08:55:48.000000Z"}, {"uuid": "15c824df-2d2d-476b-83a1-85396860d0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "https://t.me/cvedetector/16410", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24858 - Develocity Gradle Enterprise Password Hash Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-24858 \nPublished : Jan. 26, 2025, 6:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T09:03:17.000000Z"}, {"uuid": "b461a47a-2250-4840-ae5a-d9fa95f0b2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24850", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11938", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24850\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An attacker can export other users' plant information.\n\ud83d\udccf Published: 2025-04-15T21:33:05.892Z\n\ud83d\udccf Modified: 2025-04-15T21:33:05.892Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04", "creation_timestamp": "2025-04-15T21:56:07.000000Z"}, {"uuid": "6f9d42e8-2be1-495e-beb1-ef82fe6b88bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/cvedetector/22835", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24859 - Apache Roller Session Management Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-24859 \nPublished : April 14, 2025, 9:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.  \n  \nThis issue affects Apache Roller versions up to and including 6.1.4.  \n  \nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T12:59:21.000000Z"}, {"uuid": "5d6c9f30-30c7-42e5-a49e-aa91df86d18a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24852", "type": "seen", "source": "https://t.me/cvedetector/21559", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24852 - CHOCO TEI WATCHER mini Password Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24852 \nPublished : March 31, 2025, 5:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:23.000000Z"}, {"uuid": "b7a1ad1c-761e-4988-a2b7-882bf6b524a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2485", "type": "seen", "source": "https://t.me/cvedetector/21377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2485 - WordPress Contact Form 7 Drag and Drop Multiple File Upload PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2485 \nPublished : March 28, 2025, 7:15 a.m. | 53\u00a0minutes ago \nDescription : The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload'  \n function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file upload action. The Flamingo plugin must be installed and activated in order to exploit the vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T09:22:59.000000Z"}, {"uuid": "99021c7c-bfb7-4e04-8162-f2b84189a8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "published-proof-of-concept", "source": "Telegram/ProITS4UdJL32Qp2zEv__SRCqvgDPbn-_iVKND85kfNu8uU", "content": "", "creation_timestamp": "2025-03-14T02:30:14.000000Z"}, {"uuid": "b0d67341-3e41-415f-9f18-742c03b317f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24856", "type": "seen", "source": "https://t.me/cvedetector/20394", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24856 - TYPO3 OpenID Connect Authentication Pre-Hijacking Account Takeover\", \n  \"Content\": \"CVE ID : CVE-2025-24856 \nPublished : March 16, 2025, 4:15 a.m. | 21\u00a0minutes ago \nDescription : An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the e-mail address of the user, (2) an attacker can register a public frontend user account using that e-mail address before the user's first OIDC login, and (3) the IDP returns an email field containing the e-mail address of the user, \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T06:20:26.000000Z"}, {"uuid": "d7126478-1bb7-42d0-86b0-7c46b001f19e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/ton618cyber/3552", "content": "Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence\n\nApache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.\n\nThe Hacker News | thehackernews.com \u2022 Apr 15, 2025", "creation_timestamp": "2025-04-15T15:54:57.000000Z"}, {"uuid": "e900e296-7568-4b45-920a-1c7ed8a5c3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "Telegram/80K6TgGoFaGJjRrrbrAhB7o6uqKXlmOpUWGZBaBhIq61pw", "content": "", "creation_timestamp": "2025-04-15T20:27:41.000000Z"}, {"uuid": "9aaafd0e-306b-47e1-af06-505c44edd8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2485", "type": "seen", "source": "Telegram/XIfoapzkwNJsJw4RxZTHMHcfx4In8sLhGpiMBa3HdRB-zbs", "content": "", "creation_timestamp": "2025-03-28T09:00:46.000000Z"}, {"uuid": "564faff0-ecf0-4327-b816-f6228b0c5e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24855", "type": "seen", "source": "https://t.me/cvedetector/20260", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24855 - XSLT/Use-After-Free\", \n  \"Content\": \"CVE ID : CVE-2025-24855 \nPublished : March 14, 2025, 2:15 a.m. | 16\u00a0minutes ago \nDescription : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T04:09:54.000000Z"}, {"uuid": "79bc466b-21e3-4db5-83a6-6a25440234c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/ton618cyber/8864", "content": "Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence\n\nApache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.\n\nThe Hacker News | thehackernews.com \u2022 Apr 15, 2025", "creation_timestamp": "2025-04-15T15:54:56.000000Z"}, {"uuid": "2d9b80a6-9b16-42ee-b6b5-fa2e0c00975d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24858", "type": "seen", "source": "Telegram/DMAZFe8HhpQqS1w3FlVBVtyxNeOi5PuPtonMCe7m7-gZDKc", "content": "", "creation_timestamp": "2025-01-26T09:00:18.000000Z"}, {"uuid": "3f562d12-b04f-4018-a6c5-07dae54b030c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "Telegram/QSd_W2sEquutRe-R0caK0ZbRUjEEXQKH7sZGhQJrd0BLNk0", "content": "", "creation_timestamp": "2025-04-14T10:30:49.000000Z"}, {"uuid": "b5996f9f-bcaf-4f89-bb01-c147c3387735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/thehackernews/6663", "content": "\ud83d\udea8 Apache Roller Hit by 10.0 CVSS Flaw!\n\nOld sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.\n\nAll versions \u22646.1.4 affected.\n\n\ud83d\udc49 Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html\n\n\ud83d\udd12 Fixed in v6.1.5. Patch now.", "creation_timestamp": "2025-04-15T15:43:13.000000Z"}, {"uuid": "150908ee-1209-4a87-b0da-6deee2a7de0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/true_secator/6951", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u0412 \u041f\u041e Apache Roller\u00a0\u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Java \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-24859 \u0438 \u0438\u043c\u0435\u0435\u0442 CVSS 10,0. \n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Roller \u0434\u043e 6.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438 \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0425\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u043c \u041c\u044d\u043d\u043e\u043c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e\u0441\u043b\u0435 \u0441\u043c\u0435\u043d\u044b \u043f\u0430\u0440\u043e\u043b\u044f.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u0440\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u044b \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u0441\u043c\u0435\u043d\u044b \u043f\u0430\u0440\u043e\u043b\u044f.\n\n2. SSD Disclosure \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 RCE-\u043e\u0448\u0438\u0431\u043a\u0443\u00a0\u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Calix Gigacenter.\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432\u044b\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0432\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CPE \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 TCP 6998 \u0438 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435. \n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043c\u043e\u0434\u0435\u043b\u0438 \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u044b \u0442\u0440\u0435\u0442\u044c\u0435\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u043e\u0439 \u043f\u043e\u0434 \u0431\u0440\u0435\u043d\u0434\u043e\u043c Calix \u0438 \u0442\u0435\u043f\u0435\u0440\u044c EoL.\n\n3. Checkmarx \u0438\u0437\u0443\u0447\u0430\u0435\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u044e\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c RCE \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c 9,8 (CVE-2025-27520) \u0432 BentoML, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Python \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u0418\u0418.\n\n\u0427\u0438\u0441\u043b\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u044c\u0448\u0435, \u0447\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u043d\u043e \u0432 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438, \u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435 \u0443\u043c\u0435\u043d\u044c\u0448\u0430\u0435\u0442: \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0418\u0418.\n\n4. Coinspect \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u0430\u0445 Stellar Freighter, Frontier Wallet \u0438 Coin98, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u043a\u0440\u0430\u0436\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Praetorian \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0441\u0440\u0435\u0434 DICOM \u043d\u0430 \u0431\u0430\u0437\u0435 Windows, \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0432 Linux. C\u0432\u043e\u0439 PoC \u043e\u043d\u0438 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u043e\u0439 ELFDICOM.\n\n6. \u0423\u0447\u0430\u0441\u0442\u043d\u0438\u043a Red Team, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Vari.sh, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e Doppelganger, \u043d\u043e\u0432\u043e\u043c \u043c\u0435\u0442\u043e\u0434\u0435\u00a0(\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435), \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0434\u043b\u044f \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f LSASS \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043a\u0440\u0435\u0442\u043e\u0432 \u0431\u0435\u0437 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0439 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u0435.\n\n7. Quarkslab \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP, \u0432\u044b\u044f\u0432\u0438\u0432 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 17 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n8. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Positive Technologies \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u0443\u044e \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0443 c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u0443\u0434\u0430 \u0432\u043e\u0448\u043b\u0438 11 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Microsoft, VMware \u0438 Apache.", "creation_timestamp": "2025-04-15T19:52:12.000000Z"}]}