{"vulnerability": "cve-2025-2491", "sightings": [{"uuid": "90afd571-8eb1-4645-8db3-a0c95f519b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrjkueqdv52r", "content": "", "creation_timestamp": "2025-06-13T23:14:20.003922Z"}, {"uuid": "386a8cff-e12d-4dea-aff4-bbd75fe52bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24915", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114200903475977964", "content": "", "creation_timestamp": "2025-03-21T14:31:37.455504Z"}, {"uuid": "33153afe-4b87-4f6d-81d9-64e53e073ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobicz4ci2k", "content": "", "creation_timestamp": "2025-03-18T18:13:32.356121Z"}, {"uuid": "d218eec0-13ed-45b2-b637-91f76f61efb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24910", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3rxtajk2j", "content": "", "creation_timestamp": "2025-04-17T02:48:35.169200Z"}, {"uuid": "b2ae774f-0fe6-4747-8c06-d8a8c275492e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24911", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3ryar4z2y", "content": "", "creation_timestamp": "2025-04-17T02:48:37.698149Z"}, {"uuid": "67cb6a51-2760-4916-97e3-f98e5bfbb95c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln4dtq37a5i2", "content": "", "creation_timestamp": "2025-04-18T19:42:55.108628Z"}, {"uuid": "1d5d80f8-c762-4959-b4b7-bfd570966635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114360724984751686", "content": "", "creation_timestamp": "2025-04-18T19:56:20.754660Z"}, {"uuid": "3a82daba-8aa7-45a0-9c32-f6d75b1d0bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrfpc7k2b", "content": "", "creation_timestamp": "2025-04-18T20:33:38.616120Z"}, {"uuid": "2afc0054-7989-4f90-9157-2e983fcfe609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24917", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpurw436xwo2", "content": "", "creation_timestamp": "2025-05-23T23:29:35.061237Z"}, {"uuid": "95edf3c7-9728-4761-8676-5f90bfc5222d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24917", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpu7rbtizc2q", "content": "", "creation_timestamp": "2025-05-23T18:04:39.109559Z"}, {"uuid": "5c08b890-41b1-4ecd-81ad-126f5a4fc98d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24916", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpua2ab7wc2j", "content": "", "creation_timestamp": "2025-05-23T18:09:39.568201Z"}, {"uuid": "3d85a1b7-8a34-4e09-8ecc-c9dd8077d3f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24916", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpurw4prsux2", "content": "", "creation_timestamp": "2025-05-23T23:29:35.626344Z"}, {"uuid": "473f3d36-f322-4829-a7cf-38e90d6b6073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/114981965253717952", "content": "", "creation_timestamp": "2025-08-06T13:05:54.662198Z"}, {"uuid": "17bff3c6-dbaa-447d-8d45-3bbb00098a9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lvqc2cznqk2q", "content": "", "creation_timestamp": "2025-08-06T13:06:02.686990Z"}, {"uuid": "0545c929-ce8b-4998-95a1-f853cabe8e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24912", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24912\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.\n\ud83d\udccf Published: 2025-03-12T04:43:54.870Z\n\ud83d\udccf Modified: 2025-03-12T13:21:59.254Z\n\ud83d\udd17 References:\n1. https://w1.fi/hostapd/\n2. https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44\n3. https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109\n4. https://jvn.jp/en/jp/JVN19358384/", "creation_timestamp": "2025-03-12T13:41:37.000000Z"}, {"uuid": "42d8c38e-80ac-42ba-a13c-9c1bc6b313b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24915", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"}, {"uuid": "fc8d4a2a-c77e-4808-a98b-47e672282175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3lyuoewp6bc2t", "content": "", "creation_timestamp": "2025-09-15T11:13:25.634247Z"}, {"uuid": "c3cef89c-2aa3-42bb-913e-b91f2b08b80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3lyuoewpg3c2t", "content": "", "creation_timestamp": "2025-09-15T11:13:26.136814Z"}, {"uuid": "3db2c17a-42aa-4d87-a12d-71886423009f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://infosec.place/objects/3b9f3ffc-e67f-4380-8918-190a7044491a", "content": "", "creation_timestamp": "2025-08-09T13:00:32.493536Z"}, {"uuid": "709c1ee2-77a5-4022-8aea-d56ae4081a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24916", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24916\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.\n\ud83d\udccf Published: 2025-05-23T15:46:02.459Z\n\ud83d\udccf Modified: 2025-05-23T16:02:49.141Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/tns-2025-10", "creation_timestamp": "2025-05-23T16:46:49.000000Z"}, {"uuid": "0f1d08cb-014d-4fe7-8d68-1743165feee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24910", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24910\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Overview \n\n\n\n\u00a0\n\n\n\nXML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611) \n\n\n\n\u00a0\n\n\n\nDescription \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Pentaho Data Integration MessageSourceCrawler against out-of-band XML External Entity Reference. \n\n\n\n\u00a0\n\n\n\nImpact \n\n\n\n\u00a0\n\n\n\nBy submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.\n\ud83d\udccf Published: 2025-04-16T22:32:46.270Z\n\ud83d\udccf Modified: 2025-04-16T22:32:46.270Z\n\ud83d\udd17 References:\n1. https://support.pentaho.com/hc/en-us/articles/35782683750541--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-24910", "creation_timestamp": "2025-04-16T22:57:39.000000Z"}, {"uuid": "072540d6-ef80-43ba-b2dc-351c8ee647ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24911", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12159", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24911\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Overview \n\n\n\n\u00a0\n\n\n\nXML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611) \n\n\n\n\u00a0\n\n\n\nDescription \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Data Access XMLParserFactoryProducer against out-of-band XML External Entity Reference. \n\n\n\n\u00a0\n\n\n\nImpact \n\n\n\n\u00a0\n\n\n\nBy submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.\n\ud83d\udccf Published: 2025-04-16T22:35:10.582Z\n\ud83d\udccf Modified: 2025-04-16T22:35:10.582Z\n\ud83d\udd17 References:\n1. https://support.pentaho.com/hc/en-us/articles/35783689016589--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-24911", "creation_timestamp": "2025-04-16T22:57:38.000000Z"}, {"uuid": "1033cc27-3bca-4f98-b473-12381a59df02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24914\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914\n\ud83d\udccf Published: 2025-04-18T18:18:02.729Z\n\ud83d\udccf Modified: 2025-04-18T18:37:49.524Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/tns-2025-05", "creation_timestamp": "2025-04-18T18:58:42.000000Z"}, {"uuid": "67bfec38-ba44-460b-91b8-4651d2372553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24919\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.\n\ud83d\udccf Published: 2025-06-13T21:48:29.351Z\n\ud83d\udccf Modified: 2025-06-13T22:00:16.610Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053", "creation_timestamp": "2025-06-13T22:37:28.000000Z"}, {"uuid": "065e13b9-eff2-4add-8767-81d66b2f74d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24919", "type": "seen", "source": "https://t.me/true_secator/7303", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 ControlVault3 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 100 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 Dell \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0432\u0445\u043e\u0434 \u0432 Windows \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\nDell ControlVault - \u044d\u0442\u043e \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0445\u0440\u0430\u043d\u0438\u0442 \u043f\u0430\u0440\u043e\u043b\u0438, \u0431\u0438\u043e\u043c\u0435\u0442\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u0434\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 \u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0439 \u043f\u043b\u0430\u0442\u0435, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Unified Security Hub (USH).\n\n\u041f\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Cisco Talos \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0443\u0441\u043b\u043e\u0432\u043d\u044b\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 ReVault \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043a\u0430\u043a \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 ControlVault3, \u0442\u0430\u043a \u0438 \u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Windows (API) \u0434\u043b\u044f \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 \u0441\u0435\u0440\u0438\u0439 Latitude \u0438 Precision \u043e\u0442 Dell.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c ReVault \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0445\u043e\u0434\u0430 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 (CVE-2025-24311, CVE-2025-25050), \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CVE-2025-25215), \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0442\u0435\u043a\u0430 (CVE-2025-24922 \u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 (CVE-2025-24919), \u0432\u043b\u0438\u044f\u044e\u0449\u0443\u044e \u043d\u0430 API-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b Windows ControlVault.\n\n\u041e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0438\u0445 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u044b\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Windows.\n\n\u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043c\u043e\u0436\u0435\u0442 \u0432\u0441\u043a\u0440\u044b\u0442\u044c \u0435\u0433\u043e \u0438 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043b\u0430\u0442\u0435 USH \u0447\u0435\u0440\u0435\u0437 USB \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u044a\u0435\u043c\u0430, \u043e\u0431\u043e\u0439\u0442\u0438 \u0432\u0445\u043e\u0434 \u0432 Windows \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0430\u043c \u043f\u0430\u043b\u044c\u0446\u0435\u0432, \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0446\u0435\u043b\u0435\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u00a0\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0438 \u043f\u0430\u043b\u044c\u0446\u0435\u0432.\n\nTalos \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0447\u0435\u0440\u0435\u0437 \u0426\u0435\u043d\u0442\u0440 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows \u0438\u043b\u0438 \u0441\u0430\u0439\u0442 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430, \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u043f\u0435\u0440\u0438\u0444\u0435\u0440\u0438\u0439\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432 \u043f\u0430\u043b\u044c\u0446\u0435\u0432, \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043c\u0430\u0440\u0442-\u043a\u0430\u0440\u0442 \u0438 \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u0435\u043b\u0438 NFC), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432\u0445\u043e\u0434 \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0443 \u043f\u0430\u043b\u044c\u0446\u0430 \u0432 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f\u0445 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430.\n\n\u0414\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0440\u0438\u0441\u043a\u0430 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0438\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u0440\u043f\u0443\u0441 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 BIOS \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0438 Enhanced Sign-in Security (ESS) \u0432 Windows \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043d\u0435\u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a CV.\n\nDell\u00a0\u0432\u044b\u043f\u0443\u0441\u043a\u0430\u043b\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 ReVault \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 ControlVault3 \u0441 \u043c\u0430\u0440\u0442\u0430 \u043f\u043e \u043c\u0430\u0439.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 Dell \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2025-08-06T13:43:48.000000Z"}, {"uuid": "3a6cab5d-81e7-40f5-bb8d-dc5cc40ebc0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24910", "type": "seen", "source": "https://t.me/cvedetector/23191", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24910 - Hitachi Vantara Pentaho XML External Entity (XXE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24910 \nPublished : April 16, 2025, 11:15 p.m. | 39\u00a0minutes ago \nDescription : Overview   \n  \n  \n  \n\u00a0  \n  \n  \n  \nXML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611)   \n  \n  \n  \n\u00a0  \n  \n  \n  \nDescription   \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Pentaho Data Integration MessageSourceCrawler against out-of-band XML External Entity Reference.   \n  \n  \n  \n\u00a0  \n  \n  \n  \nImpact   \n  \n  \n  \n\u00a0  \n  \n  \n  \nBy submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:24.000000Z"}, {"uuid": "5fe9f160-9ab4-48d0-8e23-e77c22cc9be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "https://t.me/cvedetector/23350", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24914 - Nessus Windows Unsecured Directory Permissions Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24914 \nPublished : April 18, 2025, 7:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914 \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T23:16:14.000000Z"}, {"uuid": "4d04e2fd-c0fa-4615-9ea5-219a9bdf6289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24911", "type": "seen", "source": "https://t.me/cvedetector/23192", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24911 - Hitachi Vantara Pentaho Business Analytics Server XML External Entity Injection\", \n  \"Content\": \"CVE ID : CVE-2025-24911 \nPublished : April 16, 2025, 11:15 p.m. | 39\u00a0minutes ago \nDescription : Overview   \n  \n  \n  \n\u00a0  \n  \n  \n  \nXML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611)   \n  \n  \n  \n\u00a0  \n  \n  \n  \nDescription   \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Data Access XMLParserFactoryProducer against out-of-band XML External Entity Reference.   \n  \n  \n  \n\u00a0  \n  \n  \n  \nImpact   \n  \n  \n  \n\u00a0  \n  \n  \n  \nBy submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:28.000000Z"}, {"uuid": "55cb1cb4-9a2c-4189-afd3-1923309d585f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2491", "type": "seen", "source": "https://t.me/cvedetector/20586", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2491 - Dromara ujcms Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2491 \nPublished : March 18, 2025, 3:16 p.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:25.000000Z"}, {"uuid": "57af5ef7-1b23-4e9e-a2d6-96e5aa374b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24914", "type": "seen", "source": "Telegram/8CO-DlU-uxIaoJynRiurK_5LKQivLZeHOXSPQJYJCyy16S0", "content": "", "creation_timestamp": "2025-04-18T21:30:31.000000Z"}, {"uuid": "a899aa0f-93d2-41f5-af35-4940ccd74ee7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24915", "type": "seen", "source": "https://t.me/cvedetector/20826", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24915 - Nessus Agent Windows Local Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-24915 \nPublished : March 21, 2025, 3:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. \u00a0This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T18:29:16.000000Z"}]}