{"vulnerability": "cve-2025-5138", "sightings": [{"uuid": "db7dd397-dcdd-4ec6-9ae7-9e1292c06059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51381", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lrujubbzib25", "content": "", "creation_timestamp": "2025-06-18T07:55:39.867162Z"}, {"uuid": "ea9077c9-0fd8-47b3-bc5a-c5b89bdfd717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51381", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrukbnk5t72r", "content": "", "creation_timestamp": "2025-06-18T08:03:09.066671Z"}, {"uuid": "ba30953d-8de1-486b-bbb3-9fa443118e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51387", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvom73tdfa24", "content": "", "creation_timestamp": "2025-08-05T21:02:19.527904Z"}, {"uuid": "fe00bc5f-c91e-44be-b923-68197e2eff37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5138", "type": "seen", "source": "https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lpxhct46oe22", "content": "", "creation_timestamp": "2025-05-25T00:57:47.586899Z"}, {"uuid": "5f283205-6187-4256-9677-45fce12a4a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5138", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpxx6ot2hw2q", "content": "", "creation_timestamp": "2025-05-25T05:41:44.154264Z"}, {"uuid": "419cb281-2a26-4d00-ae5e-8041eb4381f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51381", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrwke3p6dv2q", "content": "", "creation_timestamp": "2025-06-19T03:09:50.440466Z"}, {"uuid": "e2a3a5d2-246f-43ad-a996-fe89cf66b314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51385", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvbvfaphct2s", "content": "", "creation_timestamp": "2025-07-31T19:42:12.255099Z"}, {"uuid": "e5fe1c87-e0a9-4fe9-afb6-0d27ab84264b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51381", "type": "seen", "source": "Telegram/4r04zWJgrmQv0yEVmAWjrKvQZP1gSq3jFlo4VyC10oe-FCw", "content": "", "creation_timestamp": "2025-06-18T05:31:44.000000Z"}, {"uuid": "786d34e5-2f94-4565-9bb9-671e2e56b001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51388", "type": "seen", "source": "https://gist.github.com/lukechilds/d4550b94e51b40ff41adb41f154d9d1f", "content": "", "creation_timestamp": "2025-08-13T15:30:08.000000Z"}, {"uuid": "7e7a7f44-047d-429a-8d37-a3d60105035e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51381", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18684", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-51381\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.\n\ud83d\udccf Published: 2025-06-18T04:27:50.253Z\n\ud83d\udccf Modified: 2025-06-18T04:27:50.253Z\n\ud83d\udd17 References:\n1. https://notices.jcom.co.jp/notice/93847.html\n2. https://jvn.jp/en/jp/JVN46288336/", "creation_timestamp": "2025-06-18T04:39:48.000000Z"}, {"uuid": "c9219d27-d94f-4f40-9a5b-bebf4d522c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5138", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17500", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5138\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-05-25T00:31:04.887Z\n\ud83d\udccf Modified: 2025-05-25T00:31:04.887Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.310219\n2. https://vuldb.com/?ctiid.310219\n3. https://vuldb.com/?submit.572263\n4. https://github.com/YZS17/CVE/blob/main/PDF%20XSS%20vulnerability%20in%20file%20upload%20function%20of%20%20Bitwarden.md", "creation_timestamp": "2025-05-25T00:46:14.000000Z"}, {"uuid": "2cb30485-64b3-45eb-9e46-a04c72f88801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-51385", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45781", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aThis repository contains a proof-of-concept (PoC) for exploiting the OpenSSH ProxyCommand vulnerability \u2014 CVE-2025-51385 \u2014 affecting OpenSSH servers <9.6 Version\nURL\uff1ahttps://github.com/saarcastified/CVE-2023-51385---OpenSSH-ProxyCommand-Injection-PoC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-29T08:08:41.000000Z"}, {"uuid": "b2578014-f3a9-4373-b6fa-0df8a28c06e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5138", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/17560", "content": "1/2\ud83d\udea8CVE-2025-5138: PDF XSS vulnerability in file upload function of Bitwarden\n\nPoC: https://github.com/YZS17/CVE/blob/main/PDF%20XSS%20vulnerability%20in%20file%20upload%20function%20of%20%20Bitwarden.md", "creation_timestamp": "2025-05-27T15:57:47.000000Z"}]}