{"vulnerability": "cve-2025-5751", "sightings": [{"uuid": "6871f56c-1aff-4cb7-80a6-430814e98c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5751", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lqxd4fmsis2l", "content": "", "creation_timestamp": "2025-06-06T17:07:50.829820Z"}, {"uuid": "b9507522-9c3a-42ce-9b0e-e50b2020eed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5751", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lqxd4hi3xk2l", "content": "", "creation_timestamp": "2025-06-06T17:07:52.230264Z"}, {"uuid": "d64351b0-3756-4d00-be94-c241f97e6254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-57515", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2pk25dh332q", "content": "", "creation_timestamp": "2025-10-08T21:02:28.033231Z"}, {"uuid": "9c386be4-e696-437a-84f9-482f90cee58f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5751", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-330/", "content": "", "creation_timestamp": "2025-06-06T03:00:00.000000Z"}, {"uuid": "0b231d6e-ce12-414f-8069-3fdd55c4602d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-57515", "type": "seen", "source": "https://t.me/GithubRedTeam/52364", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\ud83d\udee1\ufe0f Exploit Akamai's RepositoryService XXE vulnerability (CVE-2025-49493) with this testbed, aiding in secure coding practices and vulnerability assessments.\nURL\uff1ahttps://github.com/sanchitsahni/CVE-2025-57515\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-20T06:54:50.000000Z"}, {"uuid": "098f4fa0-b3ff-4f15-8b34-3b954fddf55a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-57515", "type": "published-proof-of-concept", "source": "Telegram/tLeV2GFthmLcqfdANk2cYmhzWA2PnZkeEUlVG3x5z25Dw8g", "content": "", "creation_timestamp": "2025-09-20T15:00:07.000000Z"}, {"uuid": "32d603c2-7574-456e-a48a-2fdf12d52218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-57515", "type": "seen", "source": "https://t.me/bhhub/1168", "content": "Weekly brief \u2014 Notable vulns\n\nSSH parsing bugs in OpenSSH, a high-impact XXE in LangChain, and multiple exploitable web-app flaws dominated the week. The urgent items: a public SQLi PoC (Uniclare portal) that enables full DB takeover, an XXE in langchain-text-splitters that can leak local secrets from AI pipelines, and two OpenSSH username/NULL-byte injection issues that allow ProxyCommand command execution in affected clients. Patch or mitigate these first; many of the other findings are configuration-specific but still dangerous in education and POS ecosystems.\n\nTop highlights:\n\n\u2b50\ufe0f CVE-2025-57515 \u2014 Uniclare Student Portal (SQLi, CVSS 9.8)\nRemote, unauthenticated SQL injection with a public PoC. Threat: full DB compromise / credential theft. Action: take vulnerable endpoints offline or block inputs with WAF rules; apply vendor fix or remove the affected instance immediately.\n\n\u2b50\ufe0f CVE-2025-6985 \u2014 LangChain `langchain-text-splitters` (XXE, CVSS 7.5)\nUnsafe XSLT parsing in HTMLSectionSplitter \u2192 arbitrary file read / SSRF / secret leakage from AI pipelines that process untrusted HTML/XML. Action: disable custom XSLT, enforce safe parser flags (e.g., restrict external entity resolution / use `XSLTAccessControl`), audit ingestion pipelines for user-supplied XML.\n\n\u2b50\ufe0f CVE-2025-11344 / CVE-2025-11345 \u2014 ILIAS e-learning (RCE & insecure unserialize)\nAuthenticated upload/deserialization paths enable RCE / object injection. Action: patch to 10.2+ (or 8.24/9.14 where applicable); restrict cert upload features and sanitize serialized inputs.", "creation_timestamp": "2025-10-14T04:36:10.000000Z"}]}