{"vulnerability": "cve-2025-3794", "sightings": [{"uuid": "299174d9-779d-4c7b-ab74-847193c2bdb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "00f3ed39-edc6-471f-9f0e-56c756e31429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/crowdcyber.bsky.social/post/3m2q64vwcmc2e", "content": "", "creation_timestamp": "2025-10-09T03:01:50.731510Z"}, {"uuid": "bd23ed34-8f8f-43fb-9398-33b1415cfb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/oversecurity.net.web.brid.gy/post/3m2paiks7f3z2", "content": "", "creation_timestamp": "2025-10-08T18:11:36.522665Z"}, {"uuid": "761d2e1c-9426-443a-9fe1-a7b82d473764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/linkersec.bsky.social/post/3m3vn3zof5s2h", "content": "", "creation_timestamp": "2025-10-24T00:38:20.120857Z"}, {"uuid": "3f61ad8b-651c-4bb5-8f68-c07a7afd2af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37942", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "fcc74ad6-43bb-478d-9bfa-569ae0a13112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37943", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "6daa993c-951b-448d-8f6e-2dfa0e9669af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37945", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d376b351-02fc-4abb-91c1-1ad7184c6843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37945", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lpmlbbcpxys2", "content": "", "creation_timestamp": "2025-05-20T17:10:43.887887Z"}, {"uuid": "399cd08f-33a1-44ed-9f95-4ac68b959470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37943", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lpmlbhezjr52", "content": "", "creation_timestamp": "2025-05-20T17:10:44.475796Z"}, {"uuid": "2e59a0b9-a23c-40dc-a136-23a7b25c294b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37944", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lpmlbiibwd42", "content": "", "creation_timestamp": "2025-05-20T17:10:45.207983Z"}, {"uuid": "ea1c9db5-5dd9-4b2a-8b87-ea279beb72c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37940", "type": "seen", "source": "https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lpmlbrps3u42", "content": "", "creation_timestamp": "2025-05-20T17:10:47.380927Z"}, {"uuid": "d1072eba-e6ab-4e6a-a7b6-7ea8b2dc31b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37942", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lpmlbnwiuzs2", "content": "", "creation_timestamp": "2025-05-20T17:10:46.101224Z"}, {"uuid": "252ab541-5aec-444b-bcef-db992870b0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37941", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lpmlbp3kdnn2", "content": "", "creation_timestamp": "2025-05-20T17:10:46.687681Z"}, {"uuid": "a2daab76-0abb-4df6-87ca-1bd7d4885b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3794", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lormmzq2ajr2", "content": "", "creation_timestamp": "2025-05-10T00:05:23.791461Z"}, {"uuid": "f816eb22-97c1-473f-8988-653cb91e357f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3794", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lorvkydzjj2h", "content": "", "creation_timestamp": "2025-05-10T02:31:40.334114Z"}, {"uuid": "5d505de2-88bd-4918-9c69-a0030234d1e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3m2ra4sgjieq2", "content": "", "creation_timestamp": "2025-10-09T13:11:12.067325Z"}, {"uuid": "eb3320b9-8f91-4aa2-bfe9-790117c5bb8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3m2p2pw33242u", "content": "", "creation_timestamp": "2025-10-08T16:28:23.733776Z"}, {"uuid": "299cfcc1-37d4-499b-8b9a-571dffe0cafc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3m2p3e5hq2v2u", "content": "", "creation_timestamp": "2025-10-08T16:39:32.668783Z"}, {"uuid": "9aa3a5e1-b5b1-44a3-a1e0-3ec9b8d47460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://gist.github.com/Darkcrai86/45d158611b4db1aace5cbd8bd2963b4d", "content": "", "creation_timestamp": "2025-09-02T09:21:42.000000Z"}, {"uuid": "d68c1f4f-c061-47de-ab51-b375b9a39ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mixdxobrr42b", "content": "", "creation_timestamp": "2026-04-08T03:27:38.232104Z"}, {"uuid": "9b6eca3a-7a65-4aa7-ac89-ab714b41696d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37944", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d8e71b33-d285-4f0f-a132-7815daab322b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37948", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "04f95494-f2a2-4502-8367-8873172d1e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/10279", "content": "ksmbd - Exploiting CVE-2025-37947 (3/3) &middot; Doyensec's Blog\n\nhttps://blog.doyensec.com/2025/10/08/ksmbd-3.html", "creation_timestamp": "2025-10-16T08:28:23.000000Z"}, {"uuid": "fbcc6be6-6ae2-4050-8e3c-f10879cd1763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37947", "type": "published-proof-of-concept", "source": "Telegram/P9a0Za8gE6K7y0i_gLeJFZNUx86CaXC4rY9Y1GIdbHAgOlM", "content": "", "creation_timestamp": "2025-10-24T12:28:34.000000Z"}, {"uuid": "e736f248-cc16-45c6-bc6f-0438b3686abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37948", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19686", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37948\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: bpf: Add BHB mitigation to the epilogue for cBPF programs\n\nA malicious BPF program may manipulate the branch history to influence\nwhat the hardware speculates will happen next.\n\nOn exit from a BPF program, emit the BHB mititgation sequence.\n\nThis is only applied for 'classic' cBPF programs that are loaded by\nseccomp.\n\ud83d\udccf Published: 2025-05-20T16:01:44.452Z\n\ud83d\udccf Modified: 2025-06-27T10:21:20.431Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c6a8735d841bcb7649734bb3a787bb174c67c0d8\n2. https://git.kernel.org/stable/c/993f63239c219696aef8887a4e7d3a16bf5a8ece\n3. https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab\n4. https://git.kernel.org/stable/c/42a20cf51011788f04cf2adbcd7681f02bdb6c27\n5. https://git.kernel.org/stable/c/38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78\n6. https://git.kernel.org/stable/c/852b8ae934b5cbdc62496fa56ce9969aa2edda7f\n7. https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735", "creation_timestamp": "2025-06-27T10:49:52.000000Z"}, {"uuid": "3264810f-d899-434c-80ef-20862f80eb15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3794", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15857", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3794\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, &amp; More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-05-09T22:22:12.702Z\n\ud83d\udccf Modified: 2025-05-09T22:22:12.702Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/179eb680-e8d8-4918-96e3-e67217771c29?source=cve\n2. https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.4.2/assets/js/frontend/wpforms.js#L3154", "creation_timestamp": "2025-05-09T23:25:48.000000Z"}, {"uuid": "7d838c34-f42a-4cc7-9ef3-65180f0449d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37943", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17102", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37943\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi\n\nIn certain cases, hardware might provide packets with a\nlength greater than the maximum native Wi-Fi header length.\nThis can lead to accessing and modifying fields in the header\nwithin the ath12k_dp_rx_h_undecap_nwifi function for\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type and\npotentially resulting in invalid data access and memory corruption.\n\nAdd a sanity check before processing the SKB to prevent invalid\ndata access in the undecap native Wi-Fi function for the\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\n\ud83d\udccf Published: 2025-05-20T15:58:19.607Z\n\ud83d\udccf Modified: 2025-05-21T07:58:19.832Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c\n2. https://git.kernel.org/stable/c/3abe15e756481c45f6acba3d476cb3ca4afc3b61\n3. https://git.kernel.org/stable/c/6ee653194ddb83674913fd2727b8ecfae0597ade\n4. https://git.kernel.org/stable/c/50be1fb76556e80af9f5da80f28168b6c71bce58\n5. https://git.kernel.org/stable/c/9a0dddfb30f120db3851627935851d262e4e7acb", "creation_timestamp": "2025-05-21T08:46:05.000000Z"}, {"uuid": "1dc85bad-a888-4e91-9f82-8c1c95acfed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3794", "type": "seen", "source": "https://t.me/cvedetector/24987", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3794 - WordPress WPForms Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3794 \nPublished : May 9, 2025, 11:15 p.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, &amp; More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-10T03:04:58.000000Z"}, {"uuid": "a47094ac-752e-4d9d-bc67-ff81ac4646bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3794", "type": "seen", "source": "https://t.me/true_secator/7102", "content": "Hewlett Packard Enterprise (HPE) \u0432 \u0441\u0432\u043e\u0435\u043c \u043d\u043e\u0432\u043e\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u0432\u043e\u0441\u044c\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 StoreOnce, \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u0434\u0443\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0434\u0438\u0441\u043a\u043e\u0432.\n\nHPE StoreOnce \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u0445, \u0432 \u0426\u041e\u0414\u0430\u0445, \u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0443\u0441\u043b\u0443\u0433 \u0438 \u0432 \u0446\u0435\u043b\u043e\u043c \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0431\u043e\u043b\u044c\u0448\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u044b.\n\nStoreOnce \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f HPE Data Protector, Veeam, Commvault \u0438 Veritas NetBackup, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u043c \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c.\n\n\u041e\u0441\u043e\u0431\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVSS v3.1: 9,8), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-37093.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0447\u0435\u0442\u044b\u0440\u0435 RCE (CVE-2025-37089, 37091, 37092, 37096), \u0434\u0432\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 (CVE-2025-37094 \u0438 CVE-2025-37095) \u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (CVE-2025-37090).\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 HPE StoreOnce \u0434\u043e 4.3.11, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0435\u043f\u0435\u0440\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u043e \u043d\u0435 \u0442\u0430\u043a \u043c\u043d\u043e\u0433\u043e.\n\n\u041e\u0434\u043d\u0430\u043a\u043e Zero Day Initiative (ZDI) \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2025-37093 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 machineAccountCheck \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\nCVE-2025-37093 - \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0446\u0435\u043d\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0440\u0443\u0433\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u0441\u0443\u0442 \u0432 \u0441\u0435\u0431\u0435 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0438\u0441\u043a\u0438, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043a \u0431\u043e\u043b\u0435\u0435 \u043d\u0438\u0437\u043a\u0438\u043c \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u043c \u043f\u043e \u0443\u0440\u043e\u0432\u043d\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\nZDI \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447\u043e\u043c \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u0430 \u0432\u0441\u0435\u0445 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0438\u0445 \u0440\u0438\u0441\u043a \u043d\u0435 \u0441\u0442\u043e\u0438\u0442 \u0440\u0430\u0441\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c.\n\n\u041f\u0440\u0438\u043c\u0435\u0440\u044b CVE-2025-3794 \u0438 CVE-2025-37095, \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u043f\u0440\u043e\u0449\u0435, \u0447\u0435\u043c \u044d\u0442\u043e \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u043e \u0432 \u043e\u0446\u0435\u043d\u043a\u0435.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u0445 Hewlett Packard Enterprise StoreOnce VSA. \u0425\u043e\u0442\u044f \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043e\u0439\u0442\u0438.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0435\u0449\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430 \u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0446\u0435\u043b\u044b\u0445 \u0441\u0435\u043c\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043d\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\nHPE \u043d\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430 \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u0432\u043e\u0441\u044c\u043c\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.", "creation_timestamp": "2025-06-04T16:30:06.000000Z"}, {"uuid": "71227ff2-7757-4c8a-bcfd-aab538d51b80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-37945", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities_20260506", "content": "", "creation_timestamp": "2026-05-05T20:00:00.000000Z"}]}