{"vulnerability": "cve-2025-5954", "sightings": [{"uuid": "666ac20c-b466-498b-8afd-2f5ca87c983d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-59545", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lzkc5hq65u2s", "content": "", "creation_timestamp": "2025-09-24T01:32:35.012191Z"}, {"uuid": "a9efc1eb-60d9-4aeb-aaaf-57fac41b12c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-5954", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lvcnwe7kj22d", "content": "", "creation_timestamp": "2025-08-01T03:01:16.965017Z"}, {"uuid": "90087e2d-976c-45f0-b591-d005dc9bca42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59542", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgevs6nb572c", "content": "", "creation_timestamp": "2026-03-06T08:35:43.748966Z"}, {"uuid": "48f027d9-c4ac-4dbf-9709-bb5f1d07d8b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59543", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev5doplb2s", "content": "", "creation_timestamp": "2026-03-06T08:24:05.473450Z"}, {"uuid": "1e4b3dd4-1273-4423-864d-025b0c027acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59542", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev54pn6t2k", "content": "", "creation_timestamp": "2026-03-06T08:23:57.153329Z"}, {"uuid": "8552a1fb-513c-4eaa-9466-dbed9eb9f37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59543", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgevsg5jmg2f", "content": "", "creation_timestamp": "2026-03-06T08:35:51.451242Z"}, {"uuid": "6823561e-6c4f-4dc9-9267-f59020109561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5954", "type": "seen", "source": "https://t.me/bhhub/1127", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"}, {"uuid": "cecc7fe1-c992-4075-9a0c-10f51a6dbdc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59541", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev5s3jqo2v", "content": "", "creation_timestamp": "2026-03-06T08:24:19.490709Z"}, {"uuid": "3a925c5a-775f-4e0e-bd52-2ad953880e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5954", "type": "seen", "source": "https://t.me/bhhub/866", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"}, {"uuid": "7b4ee571-9766-471c-b46e-6df7f42ecb97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5954", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmnf4xb5gh2k", "content": "CVE-2025-5954 - Critical Privilege Escalation in Service Finder WordPress plugin. Unauthenticated users can register as admin. CVSS 9.8. No patch available. Disable plugin immediately. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2025-5954/", "creation_timestamp": "2026-05-25T02:02:38.608195Z"}]}