{"vulnerability": "cve-2025-4143", "sightings": [{"uuid": "abb3b33a-00b8-4d8d-a8d6-933975b2c87b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41438", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqe25bgkzd2q", "content": "", "creation_timestamp": "2025-05-30T01:06:34.733789Z"}, {"uuid": "7043cde6-29d9-4c5c-95ba-03927874bf6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41438", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03", "content": "", "creation_timestamp": "2025-05-29T10:00:00.000000Z"}, {"uuid": "817492f8-420c-4f3d-aeaa-8695413c92f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41437", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr6orzid2c2m", "content": "", "creation_timestamp": "2025-06-09T15:25:22.743530Z"}, {"uuid": "53a788a9-688d-47ae-a4d8-40a40c1b2934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4143", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f5g75v2e", "content": "", "creation_timestamp": "2025-05-01T01:56:11.807686Z"}, {"uuid": "8c83670e-77ca-42e8-b8ef-1abe1c0d0e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41436", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m2bupca53c2q", "content": "", "creation_timestamp": "2025-10-03T10:35:56.664998Z"}, {"uuid": "62655baa-66e3-4fc0-85f8-df06da6deeef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomkcx24jxk2", "content": "", "creation_timestamp": "2025-05-07T23:30:25.300040Z"}, {"uuid": "40159f52-6d47-4ee4-8163-96ecbdea9552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41433", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomkd3zoe3k2", "content": "", "creation_timestamp": "2025-05-07T23:30:28.655670Z"}, {"uuid": "e97278b6-3f64-43b5-85df-7e6732266b92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41433", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnon5jdr2l", "content": "", "creation_timestamp": "2025-05-08T00:27:14.212156Z"}, {"uuid": "f05e3584-c844-4890-86ac-f28b63e63fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41431", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnoohshj2n", "content": "", "creation_timestamp": "2025-05-08T00:27:21.061290Z"}, {"uuid": "d3477cf9-e038-4996-823a-496ccecf9ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-41430", "type": "seen", "source": "https://circl.lu/pub/tr-96/", "content": "", "creation_timestamp": "2025-10-16T09:05:24.176000Z"}, {"uuid": "9495e0be-2911-4bbe-bfef-0bb08081f4d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41438", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114593829033866899", "content": "", "creation_timestamp": "2025-05-29T23:57:45.737661Z"}, {"uuid": "aedf3f2e-880a-4d09-940c-768fd6d42f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41438", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqdwjpg3cby2", "content": "", "creation_timestamp": "2025-05-30T00:02:41.066174Z"}, {"uuid": "c60dc5ba-5da0-480e-9d9a-6deea13e0d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41439", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lstaaxkfc523", "content": "", "creation_timestamp": "2025-06-30T12:56:20.332179Z"}, {"uuid": "f7d73f37-328a-46b9-906f-44b7567f708f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41436", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m2bwi34cgk2c", "content": "", "creation_timestamp": "2025-10-03T11:07:41.895565Z"}, {"uuid": "7395e979-1aa1-4ab5-81b6-9bcace4e39a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41436", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5ldygaqva2b", "content": "", "creation_timestamp": "2025-11-14T09:18:58.760483Z"}, {"uuid": "8efb15a0-8349-46d2-9cbd-b2e3c9a5fbee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41436", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5lijopk5ky2", "content": "", "creation_timestamp": "2025-11-14T10:40:29.936112Z"}, {"uuid": "82f34b53-602e-4b99-9b7c-2bdf2e7ff563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-41430", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/834a30cc-c06c-49b3-9157-eb77f711c73f", "content": "", "creation_timestamp": "2025-10-15T15:31:29.212143Z"}, {"uuid": "c8c85abb-993e-4e0a-81fd-b192d60f46a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41433", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15448", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41433\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\ud83d\udccf Published: 2025-05-07T22:04:09.139Z\n\ud83d\udccf Modified: 2025-05-07T22:04:09.139Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000140937", "creation_timestamp": "2025-05-07T22:23:08.000000Z"}, {"uuid": "68736c96-1cbc-45b9-8049-eab5fdfda229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4143", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14210", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4143\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/U:Amber)\n\ud83d\udd39 Description: The OAuth implementation in workers-oauth-provider that is part of  MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration.\n\nFixed in:\u00a0 https://github.com/cloudflare/workers-oauth-provider/pull/26 https://github.com/cloudflare/workers-oauth-provider/pull/26 \n\nImpact:\n\n \n\nUnder certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them.\n\nIn order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. The authorization flow is not implemented by workers-oauth-provider; it is up to the application built on top to decide whether to implement such automatic re-authorization. However, many applications do implement such logic.\n\nNote: It is a basic, well-known requirement that OAuth servers should verify that the redirect URI is among the allowed list for the client, both during the authorization flow and subsequently when exchanging the authorization code for an access token. workers-oauth-provider implemented only the latter check, not the former. Unfortunately, the former is the much more important check.\u00a0Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it.\n\ud83d\udccf Published: 2025-05-01T00:19:52.737Z\n\ud83d\udccf Modified: 2025-05-01T00:19:52.737Z\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/workers-oauth-provider/pull/26", "creation_timestamp": "2025-05-01T01:13:33.000000Z"}, {"uuid": "e94bd4af-06dd-4a14-b082-d3fd2b457c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19921", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41439\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.\n\ud83d\udccf Published: 2025-06-30T09:16:19.377Z\n\ud83d\udccf Modified: 2025-06-30T09:16:19.377Z\n\ud83d\udd17 References:\n1. https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000008\n2. https://jvn.jp/en/jp/JVN24333956/", "creation_timestamp": "2025-06-30T10:07:17.000000Z"}, {"uuid": "e96b2e9e-c0e8-4af4-8d08-923dd10355ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15442", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41431\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\ud83d\udccf Published: 2025-05-07T22:04:11.279Z\n\ud83d\udccf Modified: 2025-05-07T22:04:11.279Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000150668", "creation_timestamp": "2025-05-07T22:22:59.000000Z"}, {"uuid": "7652cf2b-7914-4aaf-9a60-558ba5d7f2e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4143", "type": "seen", "source": "https://t.me/cvedetector/24174", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4143 - Cloudflare Workers-OAuth-Provider OAuth Redirect URI Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-4143 \nPublished : May 1, 2025, 1:15 a.m. | 52\u00a0minutes ago \nDescription : The OAuth implementation in workers-oauth-provider that is part of  MCP framework  , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration.  \n  \nFixed in:\u00a0     \n  \nImpact:  \n  \n   \n  \nUnder certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them.  \n  \nIn order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. The authorization flow is not implemented by workers-oauth-provider; it is up to the application built on top to decide whether to implement such automatic re-authorization. However, many applications do implement such logic.  \n  \nNote: It is a basic, well-known requirement that OAuth servers should verify that the redirect URI is among the allowed list for the client, both during the authorization flow and subsequently when exchanging the authorization code for an access token. workers-oauth-provider implemented only the latter check, not the former. Unfortunately, the former is the much more important check.\u00a0Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T04:48:02.000000Z"}, {"uuid": "87ceddc8-c190-4104-8cb7-93c07ef572ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41437\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Zohocorp ManageEngine\u00a0OpManager,\u00a0NetFlow Analyzer,\u00a0Network Configuration Manager,\u00a0Firewall Analyzer and\u00a0OpUtils versions\u00a0128565 and below are vulnerable to Reflected XSS on the login page.\n\ud83d\udccf Published: 2025-06-09T10:44:08.879Z\n\ud83d\udccf Modified: 2025-06-09T16:22:33.279Z\n\ud83d\udd17 References:\n1. https://www.manageengine.com/itom/advisory/cve-2025-41437.html", "creation_timestamp": "2025-06-09T16:56:03.000000Z"}, {"uuid": "a3f75b5e-dce7-4a23-b9b4-100aa904cf9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41431", "type": "seen", "source": "https://t.me/cvedetector/24769", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-41431 - BIG-IP Traffic Management Microkernel (TMM) Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-41431 \nPublished : May 7, 2025, 10:15 p.m. | 29\u00a0minutes ago \nDescription : When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group.   \n  \n  \nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T00:52:43.000000Z"}, {"uuid": "880e3619-2658-474b-a68c-c6cf5bce0f8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41433", "type": "seen", "source": "https://t.me/cvedetector/24770", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-41433 - F5 BIG-IP SIP MRF ALG Profile Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-41433 \nPublished : May 7, 2025, 10:15 p.m. | 29\u00a0minutes ago \nDescription : When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  \n  \n   \n  \n  \nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T00:52:44.000000Z"}]}