{"vulnerability": "cve-2025-4957", "sightings": [{"uuid": "297c1985-9c06-44b8-861e-18d6e2f4878b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4957", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m2rb7iqq7r2o", "content": "", "creation_timestamp": "2025-10-09T13:29:39.161643Z"}, {"uuid": "960f507b-0f6b-43a3-a228-dd23ebd124cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49574", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsct2h6s5c23", "content": "", "creation_timestamp": "2025-06-24T00:17:27.534050Z"}, {"uuid": "837a822d-c5ff-4cd1-8915-64a41126c4f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49575", "type": "seen", "source": "Telegram/pmCQczjONs0GfJ4fUtzY9Rs7uNvrLwRQOu1OBXv_D7CpRkk", "content": "", "creation_timestamp": "2025-06-12T19:34:31.000000Z"}, {"uuid": "7be1ce2c-15d5-455e-a9db-0f0f0fc271da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-49578", "type": "published-proof-of-concept", "source": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h", "content": "", "creation_timestamp": "2025-06-11T23:03:29.000000Z"}, {"uuid": "3c2f2838-e317-47bb-bc14-5c69bcdeeb48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49578", "type": "published-proof-of-concept", "source": "Telegram/M9-i1Qbwyyn770GCmB3fqZ1mKxD49UUhLWasJxz0nGyZyTc", "content": "", "creation_timestamp": "2025-06-12T19:34:25.000000Z"}, {"uuid": "9108980b-ae9f-41bf-bbfb-9776030f5314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49576", "type": "published-proof-of-concept", "source": "Telegram/M9-i1Qbwyyn770GCmB3fqZ1mKxD49UUhLWasJxz0nGyZyTc", "content": "", "creation_timestamp": "2025-06-12T19:34:25.000000Z"}, {"uuid": "64857905-a5fc-4c46-bdf6-6fe252c57495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49577", "type": "published-proof-of-concept", "source": "Telegram/M9-i1Qbwyyn770GCmB3fqZ1mKxD49UUhLWasJxz0nGyZyTc", "content": "", "creation_timestamp": "2025-06-12T19:34:25.000000Z"}, {"uuid": "513a4c35-9ab7-4f42-9ccb-502f25b1c15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49579", "type": "published-proof-of-concept", "source": "Telegram/M9-i1Qbwyyn770GCmB3fqZ1mKxD49UUhLWasJxz0nGyZyTc", "content": "", "creation_timestamp": "2025-06-12T19:34:25.000000Z"}, {"uuid": "4aecd610-5ac8-49ff-af38-f43d03cd99f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-49577", "type": "published-proof-of-concept", "source": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jwr7-992g-68mh", "content": "", "creation_timestamp": "2025-06-11T23:03:27.000000Z"}, {"uuid": "6b41f50a-5542-4504-9092-7ea7273a99b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49579", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49579\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.\n\ud83d\udccf Published: 2025-06-12T18:50:44.360Z\n\ud83d\udccf Modified: 2025-06-12T19:16:43.720Z\n\ud83d\udd17 References:\n1. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv\n2. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/54c8717d45ce1594918f11cb9ce5d0ccd8dfee65\n3. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd", "creation_timestamp": "2025-06-12T19:33:48.000000Z"}, {"uuid": "4c54d3fd-7947-4bb8-863f-7cc6e5689001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49576", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49576\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.\n\ud83d\udccf Published: 2025-06-12T18:50:55.931Z\n\ud83d\udccf Modified: 2025-06-12T19:05:48.122Z\n\ud83d\udd17 References:\n1. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-86xf-2mgp-gv3g\n2. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\n3. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a0296afaedbe1a277337a2d8f1da83cb3a79b9ab", "creation_timestamp": "2025-06-12T19:33:49.000000Z"}, {"uuid": "f3997da2-04f3-4a50-b4b5-e997c63eded6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49578", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18217", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49578\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.\n\ud83d\udccf Published: 2025-06-12T18:50:49.300Z\n\ud83d\udccf Modified: 2025-06-12T19:12:17.575Z\n\ud83d\udd17 References:\n1. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h\n2. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb\n3. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd", "creation_timestamp": "2025-06-12T19:33:49.000000Z"}, {"uuid": "32dfdf74-93ca-452a-bcc9-ac8fc2ff1da6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49575", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18221", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49575\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.\n\ud83d\udccf Published: 2025-06-12T18:45:23.363Z\n\ud83d\udccf Modified: 2025-06-12T18:58:25.445Z\n\ud83d\udd17 References:\n1. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87\n2. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5\n3. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd", "creation_timestamp": "2025-06-12T19:33:55.000000Z"}, {"uuid": "20aed6e8-f707-49ea-a5d0-1bd58d7c543c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49577", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49577\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.\n\ud83d\udccf Published: 2025-06-12T18:45:18.415Z\n\ud83d\udccf Modified: 2025-06-12T19:01:58.426Z\n\ud83d\udd17 References:\n1. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jwr7-992g-68mh\n2. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\n3. https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a741639085d70c22a9f49890542a142a223bf981", "creation_timestamp": "2025-06-12T19:33:51.000000Z"}, {"uuid": "3ee18c4e-ecb2-47ec-8318-91d34b0db56d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49574", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19268", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49574\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0.\n\ud83d\udccf Published: 2025-06-23T19:47:05.454Z\n\ud83d\udccf Modified: 2025-06-23T19:47:05.454Z\n\ud83d\udd17 References:\n1. https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4\n2. https://github.com/quarkusio/quarkus/issues/48227\n3. https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1", "creation_timestamp": "2025-06-23T20:47:31.000000Z"}, {"uuid": "cb6f6f20-07e9-47da-8508-0750949b6a07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-49579", "type": "published-proof-of-concept", "source": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv", "content": "", "creation_timestamp": "2025-06-11T23:03:32.000000Z"}, {"uuid": "2fc00746-cca8-46c0-ac07-2f8af9d2d857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-49576", "type": "published-proof-of-concept", "source": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-86xf-2mgp-gv3g", "content": "", "creation_timestamp": "2025-06-11T23:03:25.000000Z"}, {"uuid": "2e0ebb27-a899-4433-b666-c32acb216b9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-49575", "type": "published-proof-of-concept", "source": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87", "content": "", "creation_timestamp": "2025-06-11T18:00:41.000000Z"}]}