{"vulnerability": "CVE-2025-6541", "sightings": [{"uuid": "386f762a-a05d-4b27-96f0-87d233b4ad18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m3rtadkrxk2s", "content": "", "creation_timestamp": "2025-10-22T12:17:26.539892Z"}, {"uuid": "6cd7f714-1da6-4247-809a-b7644101d281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m3o7sbltzu2h", "content": "", "creation_timestamp": "2025-10-21T01:51:33.557577Z"}, {"uuid": "12063025-79ab-4c8e-b326-6e4b171e833d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://bsky.app/profile/calimegai.bsky.social/post/3m3tooaupen2m", "content": "", "creation_timestamp": "2025-10-23T06:01:04.040194Z"}, {"uuid": "43988354-fe76-42a7-8b16-1d217f613bab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/115423845529272880", "content": "", "creation_timestamp": "2025-10-23T14:01:54.836490Z"}, {"uuid": "30efe05f-850b-4ec4-8b7d-5c42b2423985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115412353242186528", "content": "", "creation_timestamp": "2025-10-21T13:19:14.284553Z"}, {"uuid": "af9046c4-cfab-4968-acca-87aa7e6506fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3m3ubb5r2kg2s", "content": "", "creation_timestamp": "2025-10-23T11:33:45.692674Z"}, {"uuid": "affd5d81-ec7d-4e4c-8ddb-8f73b424204a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3m3r3suybrm2d", "content": "", "creation_timestamp": "2025-10-22T05:18:18.578329Z"}, {"uuid": "c9fd56b5-6a83-4245-b093-8929e6bca42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://infosec.exchange/users/threatcodex/statuses/115414490157717368", "content": "", "creation_timestamp": "2025-10-21T22:22:40.459546Z"}, {"uuid": "4a0de1e1-a7cb-4295-8c10-876ba8abfec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65411", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbaf7mkmkv2y", "content": "", "creation_timestamp": "2025-12-30T22:22:24.015521Z"}, {"uuid": "cd53fac8-7042-44f6-94d4-4ac8906d9830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "https://thehackernews.com/2025/10/tp-link-patches-four-omada-gateway.html", "content": "", "creation_timestamp": "2025-10-22T02:38:00.000000Z"}, {"uuid": "ddbd2337-0141-455b-9ca1-b7112c863f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-6541", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3m3rd7743j22t", "content": "", "creation_timestamp": "2025-10-22T07:30:28.030842Z"}, {"uuid": "e743c05b-fe0f-4290-b9f0-9cdbab351905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65410", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3maoduingve2o", "content": "", "creation_timestamp": "2025-12-23T18:10:21.315595Z"}, {"uuid": "f3240e83-ed45-4869-ba23-959eb56a0a60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65411", "type": "seen", "source": "Telegram/JxPXMx_RS9I7Z3kYw2DwOkNmPXjWN_fhlFmYgdz0OY1MqXE", "content": "", "creation_timestamp": "2026-01-02T21:53:17.000000Z"}, {"uuid": "3e39a120-807e-4f20-ab33-62240ca62e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6541", "type": "seen", "source": "Telegram/xG6hp3-D2TAa6Vycrx-oPr11qQQoHVv8Xwgq9FTazGvEPw", "content": "", "creation_timestamp": "2025-10-22T13:05:23.000000Z"}, {"uuid": "ed3dc485-9ea4-4485-a3d9-5a7061a1b498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65414", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/d8e6a57a5baeaf92b591e5f0de5f0dc2", "content": "##### Description\n\nThe application discloses internal filesystem paths in error messages or responses, which may expose sensitive implementation details and aid an attacker in further reconnaissance or exploitation.\n\n##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-209: Information Exposure Through an Error Message\n*   **Risk Level:** Medium - CVSS 3.1: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **Vendor Status:** Fixed\n*   **CVE:** CVE-2025-65414\n\n##### Impact\n\nThe vulnerability may allow an unauthenticated attacker to obtain internal filesystem path information, which can disclose implementation details and assist in further reconnaissance or exploitation of the affected system.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-65414](https://nvd.nist.gov/vuln/detail/CVE-2025-65414)\n*   [ZeroBreach GmbH - CVE-2025-65414](https://zerobreach.de/blog/security-advisories/CVE-2025-65414.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:12:33.000000Z"}, {"uuid": "c89bfb6e-00a8-49e6-8ff1-7a1355c6e22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65415", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/459cad8e01fe99c6998bea556ac0dcb8", "content": "##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-384: Session Fixation\n*   **Risk Level:** Medium - CVSS 3.1: 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-65415\n\n##### Impact\n\nSuccessful exploitation may allow an attacker to hijack a victim\u2019s authenticated session, resulting in access to the application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-65415](https://nvd.nist.gov/vuln/detail/CVE-2025-65415)\n*   [ZeroBreach GmbH - CVE-2025-65415](https://zerobreach.de/blog/security-advisories/CVE-2025-65415.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:14:06.000000Z"}, {"uuid": "199fc40c-0b10-4c74-9506-8c640c510dac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65416", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/f94cad5b37f718d1b1cfee6ca0fe666b", "content": "##### Description\n\nAn arbitrary file upload vulnerability exists in the application, allowing an authenticated attacker to upload crafted files without proper validation of file type, content, or extension.\n\n##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-434: Unrestricted Upload of File with Dangerous Type\n*   **Risk Level:** Medium - CVSS 3.1: 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-65416\n\n##### Impact\n\nThis vulnerability can let an attacker upload malicious files such as web shells or scripts, which may be executed by the server if placed in a web-accessible location. Depending on the application\u2019s configuration and how uploaded files are handled, the impact may include remote code execution, defacement, data theft, privilege escalation, persistence, and complete takeover of the affected system.\n\n##### References\n\n*   [CVE-2025-65416](https://zerobreach.de/blog/security-advisories/CVE-2025-65416.html)\n*   [National Vulnerability Database CVE-2025-65416](https://nvd.nist.gov/vuln/detail/CVE-2025-65416)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:16:16.000000Z"}, {"uuid": "5046c0a5-114a-44d7-b7ff-e460c09d4ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65418", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/12c58d9286093a7b634d57df7b8b9386", "content": "##### Description\n\nA directory traversal vulnerability exists when user\u2011supplied input is used to construct file paths without proper validation or normalization. By supplying specially crafted path sequences, an attacker can escape the intended restricted directory and access arbitrary files or directories on the underlying file system. This vulnerability may be exploited remotely via unauthenticated requests.\n\n##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-209: Information Exposure Through an Error Message\n*   **Risk Level:** High - CVSS 3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **CVE:** CVE-2025-65418\n\n##### Impact\n\nSuccessful exploitation can allow an attacker to read sensitive files stored outside the application\u2019s intended directory, including configuration files, application source code, system files, and user\u2011specific data.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-65418](https://nvd.nist.gov/vuln/detail/CVE-2025-65418)\n*   [ZeroBreach GmbH - CVE-2025-65418](https://zerobreach.de/blog/security-advisories/CVE-2025-65418.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:19:29.000000Z"}, {"uuid": "8f87d67d-6ea7-4969-9975-cf9f6dd17020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65417", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/906ec04806f62d61c65b1c90b0f36c4a", "content": "##### Description\n\nA reflected cross-site scripting (XSS) vulnerability exists in the web application. Unsanitized user input is directly reflected in the application's response without proper encoding, allowing attackers to inject and execute arbitrary JavaScript code in the victim's browser.\n\n##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n*   **Risk Level:** High - CVSS 3.1: 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-65417\n\n##### Impact\n\nSuccessful exploitation allows attackers to execute scripts in the victim's browser context with the application's privileges. This can lead to session hijacking by stealing cookies, theft of sensitive data like credentials or personal information, unauthorized actions on behalf of the user or redirection to malicious sites for malware distribution.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-65417](https://nvd.nist.gov/vuln/detail/CVE-2025-65417)\n*   [ZeroBreach GmbH - CVE-2025-65417](https://zerobreach.de/blog/security-advisories/CVE-2025-65417.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:18:00.000000Z"}]}