{"vulnerability": "cve-2025-5915", "sightings": [{"uuid": "c4c4e58b-1bee-4433-87c9-78510e5e6a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lv6l5htfrb2e", "content": "", "creation_timestamp": "2025-07-30T12:00:54.932398Z"}, {"uuid": "75a9e65c-8c1e-4f88-a0e0-46d1d803f3bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr7j4arom62u", "content": "", "creation_timestamp": "2025-06-09T23:16:19.539287Z"}, {"uuid": "fa7ef6bf-d9bc-417b-b323-0e8d9686202f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lwjd3qxdo42n", "content": "", "creation_timestamp": "2025-08-16T12:01:16.030666Z"}, {"uuid": "1bcc56d9-1d7b-412d-b199-b99c8b2dc12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "seen", "source": "https://gist.github.com/EbonJaeger/987ad9fc47fe4a1cd7ddc70bd0d95769", "content": "", "creation_timestamp": "2025-08-18T17:38:39.000000Z"}, {"uuid": "21a45a5f-4172-4b36-ab93-1cf471e5b6ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59150", "type": "seen", "source": "https://gist.github.com/EbonJaeger/99dd58f015b229c6f25edb5dae784966", "content": "", "creation_timestamp": "2025-10-17T17:52:23.000000Z"}, {"uuid": "2f4cace2-f2a0-4f76-9670-7fa5d85d8fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5915\n\ud83d\udd25 CVSS Score: 3.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L)\n\ud83d\udd39 Description: A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.\n\ud83d\udccf Published: 2025-06-09T19:49:02.143Z\n\ud83d\udccf Modified: 2025-06-09T19:49:02.143Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2025-5915\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2370865\n3. https://github.com/libarchive/libarchive/pull/2599\n4. https://github.com/libarchive/libarchive/releases/tag/v3.8.0", "creation_timestamp": "2025-06-09T20:31:22.000000Z"}, {"uuid": "c1245190-0146-4321-8de0-2087def5f46a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59159", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3m2lhr3nozi27", "content": "", "creation_timestamp": "2025-10-07T06:10:53.027227Z"}, {"uuid": "347d1724-2056-44ba-a5fe-1cc1e98d5c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59157", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbp2krdwvo22", "content": "", "creation_timestamp": "2026-01-05T18:21:42.794859Z"}, {"uuid": "ec45f0f5-10d8-44c6-a7b4-2c2c25d9b08a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59157", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbpcf23vfa2r", "content": "", "creation_timestamp": "2026-01-05T20:41:40.266596Z"}, {"uuid": "c04c3a1f-284b-463e-aae8-dfdf161ef13b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59158", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbpeyzwzut2r", "content": "", "creation_timestamp": "2026-01-05T21:28:38.700763Z"}, {"uuid": "84b24cff-034c-4c87-ac93-bc2402601647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59156", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbpfdrwtvu2o", "content": "", "creation_timestamp": "2026-01-05T21:34:39.331176Z"}, {"uuid": "0824ff13-4394-48fe-b8a5-f5432f3b0de5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59158", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mbpvlftsgr23", "content": "", "creation_timestamp": "2026-01-06T02:25:15.539366Z"}, {"uuid": "904c1e78-9d83-44df-a896-37c84f27f7fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59156", "type": "published-proof-of-concept", "source": "Telegram/fMtvesIEGvLKzgX_Vr04EQ2rBgwnPRUk0FUIDqd1543CWh4", "content": "", "creation_timestamp": "2026-01-05T19:06:38.000000Z"}, {"uuid": "34d10f1b-dbc9-4e1d-95b1-3fb7118586ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59157", "type": "seen", "source": "Telegram/-WkPGYxQLne2Z_5X7oW7Cjya-7O5zQTo5z5b79nEyipWZqE", "content": "", "creation_timestamp": "2026-01-05T19:06:46.000000Z"}, {"uuid": "2a396dc4-e908-420f-9855-5b642b8faba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59158", "type": "seen", "source": "Telegram/-WkPGYxQLne2Z_5X7oW7Cjya-7O5zQTo5z5b79nEyipWZqE", "content": "", "creation_timestamp": "2026-01-05T19:06:46.000000Z"}, {"uuid": "28103bb3-9bdd-4194-8d34-a13660be736a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5915", "type": "published-proof-of-concept", "source": "Telegram/F-nqnvSIyFBDva6qWF-5gDJeeSwyAm-Hc2HwNB8UefGDq04", "content": "", "creation_timestamp": "2026-01-08T05:03:48.000000Z"}, {"uuid": "1b3200e6-4dc9-476d-b7d1-2f2b18ef47d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59159", "type": "seen", "source": "https://t.me/bhhub/1170", "content": "Weekly Brief \u2014 Actively Exploited & Critical Vulns\n\nOne-click RCE chains, cross-site scripting in network management suites, and LLM interface takeover vectors defined this week\u2019s threat landscape.  \nThe most urgent issues involve active exploitation, drive-by execution, and critical CVSS \u2265 9 vulnerabilities in AI and enterprise tools.\n\n\u2b50\ufe0f CVE-2025-61929 \u2014 Cherry Studio (One-Click RCE via URL Protocol, CVSS 9.6)\n\nProduct: Cherry Studio (Desktop LLM client)  \nVector: cherrystudio:// custom URL scheme \u2192 base64-encoded command execution\n\nCherry Studio registers a custom URL handler (`cherrystudio://`) that processes encoded configuration data and executes embedded commands.  \nAttackers can host malicious URLs that trigger arbitrary command execution upon a single click \u2014 no secondary confirmation required.  \nExploitation was observed within 48 hours of disclosure.\n\nhttps://github.com/cherry-studio/advisories\n\n\u2b50\ufe0fCVE-2025-59978 \u2014 Juniper Junos Space (Stored XSS \u2192 Admin Command Execution, CVSS 9.0)\n\n\nProduct: Juniper Networks Junos Space (< 24.1R4)  \nVector: Persistent JavaScript injection in management web interface\n\nImproper input sanitization in Junos Space allows stored XSS, which can escalate to admin-level command execution when viewed by privileged users.  \nExploitation has been observed in active campaigns, potentially linked to Cl0p ransomware operators targeting network appliances.\n\nhttps://supportportal.juniper.net/JSA103140\n\n\u2b50\ufe0f CVE-2025-59159 \u2014 SillyTavern (DNS Rebinding / Remote Takeover, CVSS 9.6)\n\nProduct: SillyTavern (LLM Web Interface < 1.13.4)  \nVector: Insecure hostname validation \u2192 DNS rebinding attack\n\nSillyTavern\u2019s local web server does not properly validate inbound host headers.  \nAttackers can exploit DNS rebinding to interact with local AI instances remotely \u2014 stealing API keys or installing malicious extensions.\n\nhttps://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-7cxj-w27x-x78q", "creation_timestamp": "2025-10-21T13:59:09.000000Z"}, {"uuid": "83960240-9882-4177-aefa-fc5c139624a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59159", "type": "seen", "source": "https://t.me/bhhub/1167", "content": "Top exploited vulns of the Week\n\nThis week\u2019s Vulnerability Trend shows a mix of big-platform remote RCEs (Oracle EBS, DrayTek), high-impact web plugin and local network exploits (WordPress Spirit, SillyTavern), plus client/runtime abuse in widely distributed software (Unity, Zabbix agent). Notable: an enterprise-scale, pre-auth Oracle RCE is already weaponized by ransomware groups (Cl0p / GRACEFUL SPIDER) and added to CISA KEV \u2014 treat it as highest priority.\n\nQuick hit list:\n\n\u2b50\ufe0f CVE-2025-61882 \u2014 Oracle E-Business Suite (BI Publisher integration) \u2014 CVSS 9.8, pre-auth RCE, actively used by Cl0p & GRACEFUL SPIDER; on CISA KEV. Patch immediately or isolate EBS HTTP endpoints.\n\u2b50\ufe0f CVE-2025-6388 \u2014 Spirit Framework (WordPress) \u2014 CVSS 9.8, unauthenticated admin takeover. Update to 1.2.15 or remove the plugin.\n\u2b50\ufe0f CVE-2025-59159 \u2014 SillyTavern (DNS rebinding) \u2014 CVSS ~9.6, local network\u2192API key theft. Upgrade to 1.13.4 + enable host whitelist.\n\u2b50\ufe0f CVE-2025-10547 \u2014 DrayTek Vigor routers \u2014 CVSS 8.8, unauth RCE in HTTP CGI; remote root possible. Apply vendor fixes and audit external-facing routers.\n\u2b50\ufe0f CVE-2025-59489 \u2014 Unity Runtime \u2014 Arg injection / DLL hijack in apps; PoCs available; exploited via trojanized games. Treat as supply-chain / app-store risk for distributed clients.\n\u2b50\ufe0f CVE-2025-27237 \u2014 Zabbix Agent (Windows LPE) \u2014 DLL injection via writable OpenSSL path; observed in targeted ops. Harden file perms and monitor for local privilege escalations.", "creation_timestamp": "2025-10-07T08:14:58.000000Z"}]}