{"vulnerability": "cve-2025-4724", "sightings": [{"uuid": "1c44ca30-9446-40a9-88d2-72d207e2f1de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lprvrwkska2r", "content": "", "creation_timestamp": "2025-05-22T20:00:44.028688Z"}, {"uuid": "5e7fde46-0b9d-4d62-87de-35d03579d6e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3locbxtg3ujs2", "content": "", "creation_timestamp": "2025-05-03T21:34:37.461591Z"}, {"uuid": "1cf1a961-8770-4b2d-b135-49d11afa673f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3locdx4ivmr2n", "content": "", "creation_timestamp": "2025-05-03T22:06:24.282443Z"}, {"uuid": "7f22aa63-007e-48f3-8639-c3ec7a6eb0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47244", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3locl5aiq4ys2", "content": "", "creation_timestamp": "2025-05-04T01:39:53.263180Z"}, {"uuid": "6a51c70d-c7a2-4d6c-aeae-c5f9b0dea5c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47245", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3locl5efdnls2", "content": "", "creation_timestamp": "2025-05-04T01:39:53.970429Z"}, {"uuid": "52677c5b-bd2f-4c9b-946d-5c4def45c234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47245", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3locrnmgsmr2p", "content": "", "creation_timestamp": "2025-05-04T02:11:36.377738Z"}, {"uuid": "c5ed24df-ba0f-4d4f-aff7-3187f5b37bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3locrnmqjh524", "content": "", "creation_timestamp": "2025-05-04T02:11:37.137518Z"}, {"uuid": "63da0802-9090-411a-817c-6e63865c54a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47240", "type": "published-proof-of-concept", "source": "https://t.me/four_rays/85", "content": "\u041e\u0448\u0438\u0431\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f API to SSTI to RCE \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 @fastify/view \u0432  node.js\n\n@fastify/view \u2014 \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f Fastify, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0448\u0430\u0431\u043b\u043e\u043d\u0438\u0437\u0430\u0442\u043e\u0440\u044b (view engines) \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0420\u0430\u043d\u0435\u0435 \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 @fastify/view \u0434\u043b\u044f Node.js \u0431\u044b\u043b\u0430 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2025-47240. \u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u043e \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c API \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432, \u0430 \u043d\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0432 \u0441\u0430\u043c\u043e\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2025-47240 \u0431\u044b\u043b \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0442\u043e\u0437\u0432\u0430\u043d.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0441\u0441\u044b\u043b\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u044d\u0442\u043e\u0442 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u2014 \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0432\u0432\u043e\u0434\u0438\u0442\u044c \u0432 \u0437\u0430\u0431\u043b\u0443\u0436\u0434\u0435\u043d\u0438\u0435.\n\nCVE-2025-47240 \u041f\u043b\u0430\u0433\u0438\u043d @fastify/view, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441 \u0434\u0432\u0438\u0436\u043a\u043e\u043c EJS \u0438 \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u043c reply.view({ raw:  }) , \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 EJS. \u042d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE).\n\n\u0414\u0435\u0442\u0430\u043b\u0438 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 API \n\u041a\u043b\u044e\u0447\u0435\u0432\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u0430 reply.view() \u0438\u0437 Fastify-\u043f\u043b\u0430\u0433\u0438\u043d\u0430 @fastify/view. \n\n\u0420\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043a\u043e\u0434\u0430:\n\nfastify.post('/render', (req, reply) => {\n  const template = req.body.text;\n  return reply.view({ raw: template }, { require }, { async: false });\n});\n\ud83e\udee1 \u0421\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 POST-\u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442 /render.\n\ud83e\udee1 const  template  \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0448\u0430\u0431\u043b\u043e\u043d \u0438\u0437 \u0442\u0435\u043b\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0431\u0435\u0437 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438  \n\ud83e\udee1 reply.view  \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0434\u0432\u0438\u0436\u043a\u0430 EJS\n\ud83e\udee1 { raw: template } \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0432\u0432\u043e\u0434 \u043a\u0430\u043a \u0448\u0430\u0431\u043b\u043e\u043d\n\ud83e\udee1 { require } \u043f\u0435\u0440\u0435\u0434\u0430\u0451\u0442 \u0432 \u0448\u0430\u0431\u043b\u043e\u043d \u0444\u0443\u043d\u043a\u0446\u0438\u044e require, \u0434\u0430\u0432\u0430\u044f \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a Node.js API\n\ud83e\udee1{ async: false } \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0439 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c POST-\u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0442\u0435\u043b\u043e\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0448\u0430\u0431\u043b\u043e\u043d EJS:\n<%= (this.constructor.constructor('return process.mainModule.require')())('child_process').execSync('ls'); %>\n\u042d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JavaScript-\u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0412 \u043d\u0430\u0448\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441\u0442\u0430\u043d\u0435\u0442 \u0432\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b ls. \u042d\u0442\u043e \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0430\u044f Server-Side Template Injection (SSTI), \u043f\u0435\u0440\u0435\u0440\u0430\u0441\u0442\u0430\u044e\u0449\u0430\u044f \u0432 Remote Code Execution (RCE). Js-\u043a\u043e\u0434 \u0432\u043d\u0443\u0442\u0440\u0438 \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043b\u044e\u0431\u044b\u043c\u2757\ufe0f\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0442\u044c\u0441\u044f \n1\ufe0f\u20e3 \u041d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 raw \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0432\u0432\u043e\u0434\u043e\u043c\n2\ufe0f\u20e3 \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0443\u0436\u0435 \u0433\u043e\u0442\u043e\u0432\u044b\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u044b\n3\ufe0f\u20e3 \u0414\u043b\u044f \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0434\u0430\u043d\u043d\u0443\u044e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043d\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435 ^<%.+%>$", "creation_timestamp": "2025-05-15T11:30:36.000000Z"}, {"uuid": "e018d0c5-1e19-49cd-89d5-1ff96f044f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lolfp6cljh2o", "content": "", "creation_timestamp": "2025-05-07T12:31:42.171331Z"}, {"uuid": "fb3d9ed8-c72c-4dd5-a3f0-905b65536907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4724", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpamon5iyn2p", "content": "", "creation_timestamp": "2025-05-15T23:02:36.296925Z"}, {"uuid": "41fcac9f-d9ae-477c-8b6a-ac0f0e530e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47240", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3logrda664m22", "content": "", "creation_timestamp": "2025-05-05T16:16:29.623253Z"}, {"uuid": "987ebd88-c3e9-4951-a053-ce0875b2ebbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47245", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47245\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.\n\ud83d\udccf Published: 2025-05-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-03T23:10:27.114Z\n\ud83d\udd17 References:\n1. https://github.com/bluewave-labs/Checkmate/pull/2160\n2. https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-7x3q-g6gq-f4mm\n3. https://github.com/bluewave-labs/Checkmate/commit/d4a60723f490502b3fe6f7f780a85d29bf5d1385", "creation_timestamp": "2025-05-03T23:18:16.000000Z"}, {"uuid": "638b7753-6fca-4bbf-81b3-53440bba0625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47240", "type": "published-proof-of-concept", "source": "Telegram/hamX_hI5yzIYjKWWv7LiY3F27OagmVDHwswKvlF8SqWE-rw", "content": "", "creation_timestamp": "2025-05-04T13:00:06.000000Z"}, {"uuid": "6934b93f-56c4-477d-a414-94493c3033e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47240", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35657", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC and write-up for CVE-2025-47240 \u2014 RCE in @fastify/view via EJS raw template injection\nURL\uff1ahttps://github.com/Oblivionsage/fastify-ejs-rce-raw-template-injection\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-05-05T15:11:57.000000Z"}, {"uuid": "4741b7e6-2070-474f-9131-a1c7a403df5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47240", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35437", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC and write-up for CVE-2025-47240 \u2014 RCE in @fastify/view via EJS raw template injection\nURL\uff1ahttps://github.com/Oblivionsage/fastify-cve-2025-47240\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-03T21:03:47.000000Z"}, {"uuid": "af58b887-ba40-4128-836e-4d088e7b1744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47244", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47244\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.\n\ud83d\udccf Published: 2025-05-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-03T22:44:08.250Z\n\ud83d\udd17 References:\n1. https://seclists.org/fulldisclosure/2025/Apr/30\n2. https://forums.inedo.com\n3. https://docs.inedo.com/docs/proget/installation/installation-guide\n4. https://my.inedo.com/downloads/installers?product=ProGet", "creation_timestamp": "2025-05-03T23:18:17.000000Z"}, {"uuid": "26d260ef-e600-4488-a426-a22b03804016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14707", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47241\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.\n\ud83d\udccf Published: 2025-05-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-03T20:42:50.524Z\n\ud83d\udd17 References:\n1. https://github.com/browser-use/browser-use/security/advisories/GHSA-x39x-9qw5-ghrf\n2. https://github.com/browser-use/browser-use/releases/tag/0.1.45\n3. https://github.com/browser-use/browser-use/pull/1561", "creation_timestamp": "2025-05-03T21:19:13.000000Z"}, {"uuid": "5c581662-b84d-42bb-a29d-48501a561eef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4724", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16584", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4724\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-15T22:00:07.485Z\n\ud83d\udccf Modified: 2025-05-15T22:00:07.485Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309026\n2. https://vuldb.com/?ctiid.309026\n3. https://vuldb.com/?submit.569974\n4. https://github.com/Lena-lyy/SQL/issues/1\n5. https://itsourcecode.com/", "creation_timestamp": "2025-05-15T22:34:11.000000Z"}, {"uuid": "e1675b0e-c02c-42c6-9fac-a7e6584351e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://t.me/NinjaSec/298", "content": "Certainly! Below is a curated list of critical CVEs from 2025 that involve code execution, browser bypasses, and internal service exposure. These are provided strictly for educational purposes to aid in understanding and mitigating such vulnerabilities.\n\n\n\ud83d\udd10 Critical CVEs from 2025 (Educational Use Only)\n\n1. CVE-2025-47241\n\nDescription: Whitelist bypass in the Browser Use automation tool allows attackers to access internal services via crafted URLs.\n\nCVSS Score: 9.3\n\nReference: \n\n\n\n2. CVE-2025-25014\n\nDescription: Prototype pollution in Kibana leads to arbitrary code execution through crafted HTTP requests to machine learning and reporting endpoints.\n\nCVSS Score: 9.1\n\nReference: \n\n\n\n3. CVE-2025-29927\n\nDescription: Authorization bypass in Next.js middleware allows attackers to access protected routes by manipulating internal headers.\n\nCVSS Score: 9.1\n\nReference: \n\n\n\n4. CVE-2025-24813\n\nDescription: \n\nCVSS Score: \n\nReference: \n\n\n\n5. CVE-2025-2783\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n6. CVE-2025-2636\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n7. CVE-2025-2505\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n8. CVE-2025-2746 & CVE-2025-2747\n\nDescription: \n\nCVSS Score: \n\nReference: \n\n\n\n9. CVE-2025-3066\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n10. CVE-2025-46728\n\nDescription: Denial of Service vulnerability in cpp-httplib, potentially exposing servers to service disruptions.\n\nCVSS Score: High\n\nReference: \n\n#HackersFactory", "creation_timestamp": "2025-05-19T12:58:14.000000Z"}, {"uuid": "a35608c7-6447-4d26-a581-72d0b79f9962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://t.me/NinjaSec/299", "content": "Code execution, and bypass vulnerabilities \u2014 for educational purposes only:\n\n\n1. CVE-2025-47241 \u2013 Whitelist bypass in Browser Use tool (CVSS 9.3)\n2. CVE-2025-25014 \u2013 Prototype pollution in Kibana (CVSS 9.1)\n3. CVE-2025-29927 \u2013 Next.js middleware authorization bypass (CVSS 9.1)\n4. CVE-2025-24813 \u2013 Apache Tomcat path traversal RCE (Critical)\n5. CVE-2025-2783 \u2013 Chrome Mojo use-after-free (High)\n6. CVE-2025-2636 \u2013 WordPress InstaWP plugin LFI (High)\n7. CVE-2025-2505 \u2013 WordPress Age Gate plugin LFI (High)\n8. CVE-2025-2746 \u2013 Kentico CMS auth bypass (CVSS 9.8)\n9. CVE-2025-2747 \u2013 Kentico CMS staging sync auth bypass (CVSS 9.8)\n10. CVE-2025-3066 \u2013 Chrome Site Isolation use-after-free (High)\n11. CVE-2025-46728 \u2013 cpp-httplib DoS vulnerability\n12. CVE-2025-12345 \u2013 Buffer overflow in XYZ app (CVSS 9.0)\n13. CVE-2025-12346 \u2013 SQL injection in ABC web app (CVSS 8.5)\n14. CVE-2025-12347 \u2013 XSS in DEF platform (CVSS 7.8)\n15. CVE-2025-12348 \u2013 Auth bypass in GHI system (CVSS 9.2)\n16. CVE-2025-12349 \u2013 RCE in JKL service via crafted packets (CVSS 9.5)\n17. CVE-2025-12350 \u2013 Privilege escalation in MNO app (CVSS 8.7)\n18. CVE-2025-12351 \u2013 Info disclosure in PQR system (CVSS 7.5)\n19. CVE-2025-12352 \u2013 DoS in STU server (CVSS 6.8)\n20. CVE-2025-12353 \u2013 Directory traversal in VWX app (CVSS 8.0)\n21. CVE-2025-12354 \u2013 Command injection in YZA tool (CVSS 9.1)\n22. CVE-2025-12355 \u2013 Insecure deserialization in BCD lib (CVSS 9.3)\n23. CVE-2025-12356 \u2013 CSRF in EFG portal (CVSS 7.2)\n24. CVE-2025-12357 \u2013 Memory corruption in HIJ driver (CVSS 8.9)\n25. CVE-2025-12358 \u2013 Improper auth in KLM API (CVSS 9.0)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}, {"uuid": "4bc2d3b0-b8fe-4100-834c-ce5c375ee035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47244", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/24413", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47244 - Inedo ProGet C# Reflection Layer Remote Code Execution and Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-47244 \nPublished : May 3, 2025, 11:15 p.m. | 55\u00a0minutes ago \nDescription : Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-04T02:14:31.000000Z"}, {"uuid": "e71c87f5-e4af-4604-9c13-0a96c383cbd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47245", "type": "seen", "source": "https://t.me/cvedetector/24414", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47245 - BlueWave Checkmate Role Tampering Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-47245 \nPublished : May 4, 2025, 12:15 a.m. | 1\u00a0hour, 57\u00a0minutes ago \nDescription : In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-04T04:45:04.000000Z"}, {"uuid": "831c634a-4c7f-4b8b-a7a3-4ffc1ee2fb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47241", "type": "seen", "source": "https://t.me/cvedetector/24411", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47241 - Apache Airflow URL Parsing Authority Component Vulnerability (CWE-20)\", \n  \"Content\": \"CVE ID : CVE-2025-47241 \nPublished : May 3, 2025, 9:15 p.m. | 54\u00a0minutes ago \nDescription : In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-04T00:34:09.000000Z"}, {"uuid": "599e209d-c25f-4455-a819-792e957a5416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-47241", "type": "published-proof-of-concept", "source": "https://github.com/browser-use/browser-use/security/advisories/GHSA-x39x-9qw5-ghrf", "content": "", "creation_timestamp": "2025-05-04T06:30:46.000000Z"}]}