{"vulnerability": "cve-2025-4639", "sightings": [{"uuid": "fe92c215-7298-48ba-9951-f8fdf68a8141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46393", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnipaqgwgl2t", "content": "", "creation_timestamp": "2025-04-23T17:19:26.240626Z"}, {"uuid": "4c619252-c366-4515-b964-2758e3ba70f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46394", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnipaqvkiu2d", "content": "", "creation_timestamp": "2025-04-23T17:19:28.706045Z"}, {"uuid": "6db67d9f-ed62-4c6e-81fa-6ee2d5d367ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnjjsrt7ek2b", "content": "", "creation_timestamp": "2025-04-24T01:14:46.513842Z"}, {"uuid": "95e3ee50-2f4b-42ac-a94f-711a8087044a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46398", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnjjss6q4z2g", "content": "", "creation_timestamp": "2025-04-24T01:14:47.274995Z"}, {"uuid": "7d81ee8a-5055-4b32-be5b-e874a59506b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46399", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnjjssfrly2d", "content": "", "creation_timestamp": "2025-04-24T01:14:48.524076Z"}, {"uuid": "f64c1005-d42b-4cb3-ab92-5bd8667ec059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46392", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3loqrrmzlva2p", "content": "", "creation_timestamp": "2025-05-09T15:51:08.285810Z"}, {"uuid": "44e43986-aead-484a-92a5-8c5ce67d5406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46392", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/114", "content": "", "creation_timestamp": "2025-05-09T13:37:24.000000Z"}, {"uuid": "b57f3919-493b-4819-9118-3e1fb52c0e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3mcm5uxypsg2d", "content": "", "creation_timestamp": "2026-01-17T08:08:18.670983Z"}, {"uuid": "f73e2c00-7590-46f9-94e6-7f7c73b78c6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4639", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5okr4bfj2w", "content": "", "creation_timestamp": "2025-05-14T18:58:15.550609Z"}, {"uuid": "244d1611-e78c-42d4-8741-a7063cf60431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lumv5scmjc23", "content": "", "creation_timestamp": "2025-07-23T11:12:10.482527Z"}, {"uuid": "3125684a-dbcb-4507-98b8-a2345cee12f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46390", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvqeijxd2m2p", "content": "", "creation_timestamp": "2025-08-06T13:49:45.093248Z"}, {"uuid": "9ab91322-616e-4dec-b15b-d8b5184ebc15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46392", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwqt6xo2w", "content": "", "creation_timestamp": "2026-04-22T12:50:20.575688Z"}, {"uuid": "2652fca3-63aa-4a7f-b838-c4bc12677547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3mcwtrai2dx2d", "content": "", "creation_timestamp": "2026-01-21T14:06:33.412615Z"}, {"uuid": "9e6e93c3-59ff-4d4a-aa7f-22310791e375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46394", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7ad913bb-3296-4b12-ba79-7df17ac4c5e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46392", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46392\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x.\n\nThere are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. \n\n\nUsers that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.\n\ud83d\udccf Published: 2025-05-09T09:34:38.854Z\n\ud83d\udccf Modified: 2025-05-09T09:34:38.854Z\n\ud83d\udd17 References:\n1. https://www.cve.org/CVERecord?id=CVE-2024-29131\n2. https://www.cve.org/CVERecord?id=CVE-2024-29133\n3. https://lists.apache.org/thread/y1pl0mn3opz6kwkm873zshjdxq3dwq5s", "creation_timestamp": "2025-05-09T10:25:06.000000Z"}, {"uuid": "0245260c-b061-44a3-a1f9-8de8134a9f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46394", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13166", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46394\n\ud83d\udd25 CVSS Score: 3.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.\n\ud83d\udccf Published: 2025-04-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T23:02:55.812Z\n\ud83d\udd17 References:\n1. https://bugs.busybox.net/show_bug.cgi?id=16018\n2. https://www.busybox.net/downloads/\n3. https://www.busybox.net", "creation_timestamp": "2025-04-24T00:05:23.000000Z"}, {"uuid": "89a87c67-44c1-4c8b-b1c9-a47591943907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13154", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46397\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.\n\ud83d\udccf Published: 2025-04-23T20:55:09.795Z\n\ud83d\udccf Modified: 2025-04-23T20:55:09.795Z\n\ud83d\udd17 References:\n1. https://sourceforge.net/p/mcj/tickets/192/", "creation_timestamp": "2025-04-23T21:05:02.000000Z"}, {"uuid": "6b5cf252-ef7e-4113-a5a9-a8b552905ce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46398", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13153", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46398\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.\n\ud83d\udccf Published: 2025-04-23T20:55:13.458Z\n\ud83d\udccf Modified: 2025-04-23T20:55:13.458Z\n\ud83d\udd17 References:\n1. https://sourceforge.net/p/mcj/tickets/191/", "creation_timestamp": "2025-04-23T21:05:01.000000Z"}, {"uuid": "3cc15cd9-f8ee-42cf-b95b-6a864981e8c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13152", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46399\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Segmentation fault in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0genge_itp_spline function.\n\ud83d\udccf Published: 2025-04-23T20:55:15.407Z\n\ud83d\udccf Modified: 2025-04-23T20:55:15.407Z\n\ud83d\udd17 References:\n1. https://sourceforge.net/p/mcj/tickets/190/", "creation_timestamp": "2025-04-23T21:05:00.000000Z"}, {"uuid": "73fb10a8-3b48-4224-90d0-d9fc1b0e9659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "published-proof-of-concept", "source": "Telegram/nLLiU9XeUeMIp5jrXJDhah4Wv5btJb4tJwgKYZU-gIMEuU0", "content": "", "creation_timestamp": "2025-04-24T00:02:03.000000Z"}, {"uuid": "6a02b4cc-a14c-4eba-a2a3-a679a631b313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46392", "type": "seen", "source": "https://t.me/cvedetector/24943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46392 - Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46392 \nPublished : May 9, 2025, 10:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x.  \n  \nThere are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations.   \n  \n  \nUsers that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T14:32:28.000000Z"}, {"uuid": "526c06bb-126a-43b7-b52e-786a17255fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46393", "type": "seen", "source": "https://t.me/cvedetector/23591", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46393 - ImageMagick Multispectral Packet Size Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-46393 \nPublished : April 23, 2025, 3:16 p.m. | 58\u00a0minutes ago \nDescription : In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). \nSeverity: 2.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T18:39:45.000000Z"}, {"uuid": "fa44ef03-4ba7-417a-9314-28f3d1579806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46398", "type": "seen", "source": "https://t.me/cvedetector/23621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46398 - Fig2Dev Stack Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46398 \nPublished : April 23, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T00:31:14.000000Z"}, {"uuid": "f38407ff-99f6-4902-8a4c-1c3b486fe216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46397", "type": "seen", "source": "https://t.me/cvedetector/23620", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46397 - \"Fig2Dev Bezier Spline Code Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-46397 \nPublished : April 23, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T00:31:13.000000Z"}, {"uuid": "3185cadf-e8ce-4c8c-a185-7943216f0e3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46399", "type": "seen", "source": "https://t.me/cvedetector/23619", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46399 - Fig2Dev Genge Itp Spline Segmentation Fault\", \n  \"Content\": \"CVE ID : CVE-2025-46399 \nPublished : April 23, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Segmentation fault in fig2dev in version 3.2.9a\u00a0allows an attacker to availability via local input manipulation via\u00a0genge_itp_spline function. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T00:31:12.000000Z"}, {"uuid": "ca757436-2e98-4f3b-ad2a-ea94fece6140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4639", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16372", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4639\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.\n\ud83d\udccf Published: 2025-05-14T18:04:11.726Z\n\ud83d\udccf Modified: 2025-05-14T18:04:11.726Z\n\ud83d\udd17 References:\n1. https://github.com/Peergos/Peergos/pull/1267", "creation_timestamp": "2025-05-14T18:32:11.000000Z"}, {"uuid": "adb78172-cfa3-4d7e-83bd-597379107246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46399", "type": "published-proof-of-concept", "source": "Telegram/nLLiU9XeUeMIp5jrXJDhah4Wv5btJb4tJwgKYZU-gIMEuU0", "content": "", "creation_timestamp": "2025-04-24T00:02:03.000000Z"}, {"uuid": "f6b69b51-163b-434f-aad3-f07a15ef26f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46398", "type": "published-proof-of-concept", "source": "Telegram/nLLiU9XeUeMIp5jrXJDhah4Wv5btJb4tJwgKYZU-gIMEuU0", "content": "", "creation_timestamp": "2025-04-24T00:02:03.000000Z"}]}