{"vulnerability": "cve-2025-3937", "sightings": [{"uuid": "eb5afa19-8b13-4e6f-b267-ce5ee601fc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39377", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114394194942049906", "content": "", "creation_timestamp": "2025-04-24T17:48:12.210112Z"}, {"uuid": "f83aec0c-8481-4929-a0b1-8eeff82c016c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39377", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnlcsewgoz2d", "content": "", "creation_timestamp": "2025-04-24T18:14:36.461182Z"}, {"uuid": "7efc552c-0abf-47ea-acf8-f3367f5cf773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39378", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39378\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce \u2013 Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce \u2013 Light: from n/a through 2.4.37.\n\ud83d\udccf Published: 2025-04-24T16:08:39.225Z\n\ud83d\udccf Modified: 2025-04-25T13:55:38.159Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/vulnerability/wordpress-spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-plugin-2-4-37-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:25.000000Z"}, {"uuid": "a6cc3b88-9b89-4cac-944a-b97fc2d32d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3937", "type": "seen", "source": "https://t.me/ics_cert/1270", "content": "\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u067e\u0644\u062a\u0641\u0631\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a HVAC\u060c \u0631\u0648\u0634\u0646\u0627\u06cc\u06cc \u0648 \u0627\u0646\u0631\u0698\u06cc Niagara Framework \u0648 \u0631\u0627\u0647\u06a9\u0627\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0648 \u0627\u0645\u0646\u06cc\u062a\u06cc Niagara Enterprise Security \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0645\u062d\u0627\u0633\u0628\u0647 \u0646\u0627\u06a9\u0627\u0641\u06cc \u0647\u0634 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0627\u0633\u062a. \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc \u06a9\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0642\u062f\u0627\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n\nBDU:2025-09156\nCVE-2025-3937\n\n\u0646\u0635\u0628 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0645\u0639\u062a\u0628\u0631\u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0641\u06cc\u0644\u062a\u0631 \u06a9\u0631\u062f\u0646 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0634\u0628\u06a9\u0647\u061b\n- \u0628\u062e\u0634\u200c\u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u0632 \u0632\u06cc\u0631\u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u062f\u06cc\u06af\u0631\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u062a\u0634\u062e\u06cc\u0635 \u0648 \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0641\u0648\u0630 \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc (\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc\u060c \u062b\u0628\u062a) \u0648 \u067e\u0627\u0633\u062e \u0628\u0647 \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc\u06cc \u0628\u0631\u0627\u06cc \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u061b\n- \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a).\n\n\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\n\u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0628\u0647 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u06f4.\u06f1\u06f4.\u06f2u\u06f2\u060c \u06f4.\u06f1\u06f5.u\u06f1\u060c \u06f4.\u06f1\u06f0u.\u06f1\u06f1 \u06cc\u0627 \u0628\u0627\u0644\u0627\u062a\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f.\n\n\u0627\u06af\u0631 \u0627\u06cc\u0646 \u062f\u06cc\u062f\u06af\u0627\u0647 \u0634\u0645\u0627 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u060c \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f. \n\u0628\u06cc\u0627\u06cc\u06cc\u062f \u0628\u0627 \u0647\u0645 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f\u0647\u0627 \u0631\u0627 \u0628\u0627\u0644\u0627 \u0628\u0628\u0631\u06cc\u0645.\u00a0 \n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n@pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ICSCERT_IR\n\u06af\u0631\u0648\u0647 \u0627\u06cc\u062a\u0627:\nhttps://eitaa.com/joinchat/1866007784Cfd023f90b2", "creation_timestamp": "2025-08-07T10:23:46.000000Z"}, {"uuid": "0dbac2f4-fc40-44e7-be29-a20e84fad0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39377", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39377\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4.\n\ud83d\udccf Published: 2025-04-24T16:08:39.803Z\n\ud83d\udccf Modified: 2025-04-25T13:55:31.005Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/appsero-helper/vulnerability/wordpress-appsero-helper-plugin-1-3-4-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:25.000000Z"}, {"uuid": "6d735eb8-2447-4c9f-91de-32d4daa92396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39379", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39379\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1.\n\ud83d\udccf Published: 2025-04-24T16:08:38.642Z\n\ud83d\udccf Modified: 2025-04-25T13:55:45.354Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/capturly-optimize-your-website/vulnerability/wordpress-capturly-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:24.000000Z"}]}