{"vulnerability": "cve-2025-5257", "sightings": [{"uuid": "eaa29020-9c3b-4fba-98b5-c49398f7da7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52572", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsjzkdjlha2j", "content": "", "creation_timestamp": "2025-06-26T21:02:28.876900Z"}, {"uuid": "4f2e743e-19f6-48ee-b913-e4dce395170a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5257", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqaqa7jo6nj2", "content": "", "creation_timestamp": "2025-05-28T17:32:13.610914Z"}, {"uuid": "aeb69500-5230-457b-aae7-e73c58e7fc67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52577", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08", "content": "", "creation_timestamp": "2025-07-10T10:00:00.000000Z"}, {"uuid": "fcd3f6b2-4285-4d95-b2e5-f697bb01c08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52570", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114774078524435473", "content": "", "creation_timestamp": "2025-06-30T19:57:35.380403Z"}, {"uuid": "03055ae9-1872-444c-b629-b8a9e2f8171e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52579", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lti3tu3ut324", "content": "", "creation_timestamp": "2025-07-08T20:03:20.256635Z"}, {"uuid": "5da3c0c5-754a-44a1-8308-18f1c37a54c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52571", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsezue3amb2k", "content": "", "creation_timestamp": "2025-06-24T21:24:38.473808Z"}, {"uuid": "48f48659-bcb1-4a63-9c20-64b09b4a489b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52577", "type": "seen", "source": "https://bsky.app/profile/eris404.rip/post/3lshrsp5is22p", "content": "", "creation_timestamp": "2025-06-25T23:38:33.037581Z"}, {"uuid": "79e543e0-e769-40fc-b881-c3759a247108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52570", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsdh7jg53c25", "content": "", "creation_timestamp": "2025-06-24T06:18:12.431251Z"}, {"uuid": "2e2fa75e-53ff-42cf-b2b5-f08680ead753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52579", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01", "content": "", "creation_timestamp": "2025-07-08T10:00:00.000000Z"}, {"uuid": "802b2179-01aa-438a-84ad-a9dc9651b039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52578", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5uy5ks27y2q", "content": "", "creation_timestamp": "2025-11-18T05:13:43.615024Z"}, {"uuid": "9be576e8-5b2b-44e6-9881-4933782219bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52571", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52571\n\ud83d\udd25 CVSS Score: 9.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.\n\ud83d\udccf Published: 2025-06-24T20:07:24.328Z\n\ud83d\udccf Modified: 2025-06-24T20:07:24.328Z\n\ud83d\udd17 References:\n1. https://github.com/hikariatama/Hikka/security/advisories/GHSA-vwpq-wm8w-44wf\n2. https://github.com/hikariatama/Hikka/commit/9a0e4b1b387ef828c345c43d990421d5afcff5f6", "creation_timestamp": "2025-06-24T20:47:57.000000Z"}, {"uuid": "ac48db6d-9ac2-48d6-887b-9733077f45ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52570", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52570\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.\n\ud83d\udccf Published: 2025-06-24T03:13:29.370Z\n\ud83d\udccf Modified: 2025-06-24T03:13:29.370Z\n\ud83d\udd17 References:\n1. https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\n2. https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c", "creation_timestamp": "2025-06-24T03:48:13.000000Z"}, {"uuid": "b490f830-5201-458f-9146-61f1d04638eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52574", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19301", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52574\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1.\n\ud83d\udccf Published: 2025-06-24T02:52:11.889Z\n\ud83d\udccf Modified: 2025-06-24T02:52:11.889Z\n\ud83d\udd17 References:\n1. https://github.com/bocaletto-luca/elixir-system-monitor/security/advisories/GHSA-9vj4-rv7q-36qj\n2. https://github.com/bocaletto-luca/elixir-system-monitor/commit/647a5525f6667a28f1133985213dd080ea11bb87", "creation_timestamp": "2025-06-24T03:48:16.000000Z"}, {"uuid": "2ee5be05-e173-4173-b830-a63f0d3292bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52572", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/19399", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52572\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web interface does have an authenticated session: due to insufficient warning in the authentication message, users were tempted to click \"Allow\" in the \"Allow web application ops\" menu. This gave an attacker access not only to remote code execution, but also to Telegram accounts of owners. Scenario number 2 is known to have been exploited in the wild. No known patches are available, but some workarounds are available. Use `--no-web` flag and do not start userbot without it; after authorizing in the web interface, close the port on the server and/or start the userbot with `--no-web` flag; and do not click \"Allow\" in your helper bot unless it is your explicit action that needs to be allowed.\n\ud83d\udccf Published: 2025-06-24T20:10:18.861Z\n\ud83d\udccf Modified: 2025-06-24T20:10:18.861Z\n\ud83d\udd17 References:\n1. https://github.com/hikariatama/Hikka/security/advisories/GHSA-7x3c-335v-wxjj\n2. https://t.me/bbcode/9", "creation_timestamp": "2025-06-24T20:47:53.000000Z"}, {"uuid": "6936a1f6-29e5-44b9-a77c-2814673249a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52573", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19640", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52573\n\ud83d\udd25 CVSS Score: 6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server. Version 1.3.3 contains a patch for the issue.\n\ud83d\udccf Published: 2025-06-26T14:08:56.100Z\n\ud83d\udccf Modified: 2025-06-26T17:37:56.901Z\n\ud83d\udd17 References:\n1. https://github.com/joshuayoes/ios-simulator-mcp/security/advisories/GHSA-6f6r-m9pv-67jw\n2. https://github.com/joshuayoes/ios-simulator-mcp/commit/eb53a4f2cc8bbeb13e8d6d930f00167befcdb809\n3. https://github.com/joshuayoes/ios-simulator-mcp/blob/main/src/index.ts#L166-L207\n4. https://github.com/joshuayoes/ios-simulator-mcp/releases/tag/v1.3.3", "creation_timestamp": "2025-06-26T17:50:55.000000Z"}, {"uuid": "9789ff14-cfde-4ffb-859b-127f6d3bdea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52576", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19499", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52576\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue.\n\ud83d\udccf Published: 2025-06-25T16:46:01.954Z\n\ud83d\udccf Modified: 2025-06-25T16:46:01.954Z\n\ud83d\udd17 References:\n1. https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7\n2. https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1\n3. https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Model/UserLockingModel.php#L101-L104\n4. https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Subscriber/AuthSubscriber.php#L96-L108", "creation_timestamp": "2025-06-25T18:06:30.000000Z"}, {"uuid": "1e688e67-d7de-4b50-8484-fcda7efcb86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52574", "type": "seen", "source": "Telegram/61p3TvgIcQeITUHd25WC7uXKnalG822tf2zquntb02gfO4o", "content": "", "creation_timestamp": "2025-06-24T03:34:31.000000Z"}]}