{"vulnerability": "cve-2025-32028", "sightings": [{"uuid": "dd95d252-d3d0-439f-9008-14f74abc857a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32028", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lmczgetxro2h", "content": "", "creation_timestamp": "2025-04-08T17:40:20.179916Z"}, {"uuid": "728aef20-439c-4822-a2d0-d719cd2416d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32028", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114303598091230128", "content": "", "creation_timestamp": "2025-04-08T17:48:13.910392Z"}, {"uuid": "38bcd490-822b-40a4-884f-29093d5c361c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32028", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmd756er5p2b", "content": "", "creation_timestamp": "2025-04-08T19:22:39.378993Z"}, {"uuid": "0d7f4886-318c-4ec9-8fe0-85489779c646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32028", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32028\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a \u2019save\u2019 function in \u2019HAXCMSFile.php\u2019. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks \u2019.php\u2019, \u2019.sh\u2019, \u2019.js\u2019, and \u2019.css\u2019 files. The existing logic causes the system to \"fail open\" rather than \"fail closed.\" This vulnerability is fixed in 10.0.3.\n\ud83d\udccf Published: 2025-04-08T16:06:33.976Z\n\ud83d\udccf Modified: 2025-04-08T16:06:33.976Z\n\ud83d\udd17 References:\n1. https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p", "creation_timestamp": "2025-04-08T16:46:45.000000Z"}]}