{"vulnerability": "cve-2025-4387", "sightings": [{"uuid": "b60bada3-90a6-4702-8ba0-60fc80b856f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43879", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lshxlxnf2s2w", "content": "", "creation_timestamp": "2025-06-26T01:22:14.486927Z"}, {"uuid": "e0dfb9ed-5f9e-4ae7-870e-491a482b9855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3maqqscw3jm2c", "content": "", "creation_timestamp": "2025-12-24T17:07:07.299784Z"}, {"uuid": "0d3c9988-a311-4b68-aa60-6cf3ee0d0798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsdidd4mpx2q", "content": "", "creation_timestamp": "2025-06-24T06:38:13.632520Z"}, {"uuid": "8c7bfa8c-f3ef-4f2a-93d0-58af4f89bb4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnoo5b5322", "content": "", "creation_timestamp": "2025-05-08T00:27:19.301907Z"}, {"uuid": "963d35e2-2251-40ee-a2bb-48c330988710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43873", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02", "content": "", "creation_timestamp": "2025-12-11T11:00:00.000000Z"}, {"uuid": "efc6ad42-6822-4bd8-a45a-6bd6d69032b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43874", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02", "content": "", "creation_timestamp": "2025-12-11T11:00:00.000000Z"}, {"uuid": "61b15d05-aec1-4541-a0af-d34ac53c000b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43875", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01", "content": "", "creation_timestamp": "2025-12-11T11:00:00.000000Z"}, {"uuid": "aa6833a3-4132-413e-b3a1-67db3fe1a234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43876", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01", "content": "", "creation_timestamp": "2025-12-11T11:00:00.000000Z"}, {"uuid": "bbb636bb-6690-4340-9c8a-c6fba516ee1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsdgwkxhuh2i", "content": "", "creation_timestamp": "2025-06-24T06:13:12.170512Z"}, {"uuid": "b2a87a95-93c8-4486-9044-e86a7d837141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4387", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lra5nqbkby2p", "content": "", "creation_timestamp": "2025-06-10T05:24:01.246524Z"}, {"uuid": "da65edfe-25c1-4447-92e9-ab3db4083136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43873", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ma76nsevgv2r", "content": "", "creation_timestamp": "2025-12-17T17:27:11.859395Z"}, {"uuid": "7ba68255-23e4-4052-b823-11a0c13c1328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3maqr3bd32s2y", "content": "", "creation_timestamp": "2025-12-24T17:12:06.934701Z"}, {"uuid": "111b1d0c-ac25-44cf-94d6-52889c5ebefe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43879", "type": "seen", "source": "Telegram/U2NCrjFaUt9bKnx7p-SuklJbEiIwayTgmv0yP2ZPyo5eTfc", "content": "", "creation_timestamp": "2025-06-24T05:32:37.000000Z"}, {"uuid": "c61d4d5c-c792-4715-9ead-1436c7b1cf32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4387", "type": "seen", "source": "Telegram/V_hoToMNJWitXda3AeStRLzASmqLUaxvEeMJmzsq6dWwPe4", "content": "", "creation_timestamp": "2025-06-10T04:31:28.000000Z"}, {"uuid": "f3d88ec3-e735-42ae-a1d5-dde8e5fecb47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43878", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43878\n\ud83d\udd25 CVSS Score: 6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\ud83d\udccf Published: 2025-05-07T22:04:08.402Z\n\ud83d\udccf Modified: 2025-05-07T22:04:08.402Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000139502", "creation_timestamp": "2025-05-07T22:23:10.000000Z"}, {"uuid": "337e2b10-afd4-4158-81f8-adc4e78a4c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17823", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4387\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may allow for either remote or local code execution depending on the server configuration.\n\ud83d\udccf Published: 2025-06-10T03:41:37.630Z\n\ud83d\udccf Modified: 2025-06-10T03:41:37.630Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5d2f07bb-89b3-41d4-b606-9722deecf816?source=cve\n2. https://www.tychesoftwares.com/products/woocommerce-abandoned-cart-pro-plugin/\n3. https://www.tychesoftwares.com/docs/docs/abandoned-cart-pro-for-woocommerce-new/changelog-abandoned-cart-pro/#changelog-abandon-cart-pro-for-woocommerce-9-17-0-release-date-m", "creation_timestamp": "2025-06-10T04:29:32.000000Z"}, {"uuid": "bca5ce76-4fb7-410b-8871-920df1c45235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43877", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43877\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.\n\ud83d\udccf Published: 2025-06-24T04:37:18.124Z\n\ud83d\udccf Modified: 2025-06-24T04:37:18.124Z\n\ud83d\udd17 References:\n1. https://www.elecom.co.jp/news/security/20250624-02/\n2. https://jvn.jp/en/jp/JVN39435597/", "creation_timestamp": "2025-06-24T05:49:04.000000Z"}, {"uuid": "f357b84b-2228-4353-ac92-0b98d4c52500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43879", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19312", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43879\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.\n\ud83d\udccf Published: 2025-06-24T04:37:25.159Z\n\ud83d\udccf Modified: 2025-06-24T04:37:25.159Z\n\ud83d\udd17 References:\n1. https://www.elecom.co.jp/news/security/20250624-02/\n2. https://jvn.jp/en/jp/JVN39435597/", "creation_timestamp": "2025-06-24T05:49:03.000000Z"}, {"uuid": "6416eaa5-a6b9-431d-b2f3-d57319afeae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-43878", "type": "seen", "source": "https://t.me/cvedetector/24771", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43878 - F5OS-C/A Appliance Mode Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43878 \nPublished : May 7, 2025, 10:15 p.m. | 29\u00a0minutes ago \nDescription : When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0  \n  \n  \n  \nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T00:52:45.000000Z"}]}