{"vulnerability": "cve-2025-1054", "sightings": [{"uuid": "e61ec97b-b0b5-4182-a8de-add9ce292d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-10547", "type": "seen", "source": "https://infosec.exchange/users/defendopsdiaries/statuses/115305857228831165", "content": "", "creation_timestamp": "2025-10-02T17:55:53.485165Z"}, {"uuid": "b936bb33-dfdf-41ef-8205-5ac4cf75dcf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1054", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3l7xc2r", "content": "", "creation_timestamp": "2025-04-23T13:15:13.028188Z"}, {"uuid": "f0d3d925-ac57-431b-af5d-9a941b32f552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3m2bv3ztoom2m", "content": "", "creation_timestamp": "2025-10-03T10:43:02.288558Z"}, {"uuid": "b69b007c-3160-4e34-80d1-a0d51ee99592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/infosecindustry.bsky.social/post/3m2byml6pmx26", "content": "", "creation_timestamp": "2025-10-03T11:45:57.858616Z"}, {"uuid": "1851ac4e-7efc-4763-96be-230df96fee9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3m2ci6ivwqk2y", "content": "", "creation_timestamp": "2025-10-03T16:24:39.358000Z"}, {"uuid": "75434369-928a-4284-8087-e093a7eba7fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115310416886468384", "content": "", "creation_timestamp": "2025-10-03T13:15:28.935900Z"}, {"uuid": "f1a6b42a-274e-4d07-af94-c5a686b8bac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3m2fzqoheu52b", "content": "", "creation_timestamp": "2025-10-05T02:16:48.270738Z"}, {"uuid": "f4d5dd7b-5a69-411a-ac5d-4f71e86cc0ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m2fpwdfb6s2i", "content": "", "creation_timestamp": "2025-10-04T23:21:03.638373Z"}, {"uuid": "eb738822-18d5-4933-9c28-594d2413552a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/18256", "content": "\u0412 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 DrayTek \u043f\u0430\u0442\u0447\u0430\u0442 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f DrayTek, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0435 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432 Vigor. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\nhttps://xakep.ru/2025/10/03/cve-2025-10547/", "creation_timestamp": "2025-10-03T15:35:43.000000Z"}, {"uuid": "35fa13bf-bcf5-42c7-bedf-25bfbbe6d052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3m2ixzih4ud23", "content": "", "creation_timestamp": "2025-10-06T06:23:55.369585Z"}, {"uuid": "37467a99-62f6-41b3-92b5-26252ce2bf88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1054", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13017", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1054\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The UiCore Elements \u2013 Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-04-23T09:23:38.653Z\n\ud83d\udccf Modified: 2025-04-23T09:23:38.653Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d74e8541-9726-4bc2-9fbd-f6016490e0ea?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3253371/uicore-elements", "creation_timestamp": "2025-04-23T10:10:36.000000Z"}, {"uuid": "d81fbb8c-c69a-4f24-b29f-d26a3e564bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1054", "type": "seen", "source": "https://t.me/cvedetector/23588", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1054 - UiCore Elements - WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-1054 \nPublished : April 23, 2025, 10:15 a.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : The UiCore Elements \u2013 Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:59.000000Z"}, {"uuid": "5c6f874a-788c-4fbf-bd4d-d73a1650cef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10547", "type": "seen", "source": "https://t.me/bhhub/1167", "content": "Top exploited vulns of the Week\n\nThis week\u2019s Vulnerability Trend shows a mix of big-platform remote RCEs (Oracle EBS, DrayTek), high-impact web plugin and local network exploits (WordPress Spirit, SillyTavern), plus client/runtime abuse in widely distributed software (Unity, Zabbix agent). Notable: an enterprise-scale, pre-auth Oracle RCE is already weaponized by ransomware groups (Cl0p / GRACEFUL SPIDER) and added to CISA KEV \u2014 treat it as highest priority.\n\nQuick hit list:\n\n\u2b50\ufe0f CVE-2025-61882 \u2014 Oracle E-Business Suite (BI Publisher integration) \u2014 CVSS 9.8, pre-auth RCE, actively used by Cl0p &amp; GRACEFUL SPIDER; on CISA KEV. Patch immediately or isolate EBS HTTP endpoints.\n\u2b50\ufe0f CVE-2025-6388 \u2014 Spirit Framework (WordPress) \u2014 CVSS 9.8, unauthenticated admin takeover. Update to 1.2.15 or remove the plugin.\n\u2b50\ufe0f CVE-2025-59159 \u2014 SillyTavern (DNS rebinding) \u2014 CVSS ~9.6, local network\u2192API key theft. Upgrade to 1.13.4 + enable host whitelist.\n\u2b50\ufe0f CVE-2025-10547 \u2014 DrayTek Vigor routers \u2014 CVSS 8.8, unauth RCE in HTTP CGI; remote root possible. Apply vendor fixes and audit external-facing routers.\n\u2b50\ufe0f CVE-2025-59489 \u2014 Unity Runtime \u2014 Arg injection / DLL hijack in apps; PoCs available; exploited via trojanized games. Treat as supply-chain / app-store risk for distributed clients.\n\u2b50\ufe0f CVE-2025-27237 \u2014 Zabbix Agent (Windows LPE) \u2014 DLL injection via writable OpenSSL path; observed in targeted ops. Harden file perms and monitor for local privilege escalations.", "creation_timestamp": "2025-10-07T08:14:58.000000Z"}]}