{"vulnerability": "cve-2025-6192", "sightings": [{"uuid": "fc689f91-51c9-44de-94ce-22374f076810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114706028078780399", "content": "", "creation_timestamp": "2025-06-18T19:31:27.157715Z"}, {"uuid": "469eb4fa-386e-49c6-92ce-c53b230fede4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3lt4kh5e5h72i", "content": "", "creation_timestamp": "2025-07-04T05:52:43.103594Z"}, {"uuid": "e9819ade-a80f-4db7-a3d4-5811353a71e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lryty3n6kc2f", "content": "", "creation_timestamp": "2025-06-20T01:07:27.556920Z"}, {"uuid": "de3da4f6-c09d-44c7-81f5-3f7a94764bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3m3rkompw7c2p", "content": "", "creation_timestamp": "2025-10-22T09:44:23.732238Z"}, {"uuid": "1aef5b88-d60a-4645-a9c5-3ff8ea1ca0b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrvt3mgahb23", "content": "", "creation_timestamp": "2025-06-18T20:13:29.978046Z"}, {"uuid": "26331dc4-de17-4503-91ee-be407c52484c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114700376340455090", "content": "", "creation_timestamp": "2025-06-17T19:34:08.297640Z"}, {"uuid": "b57179f4-0174-4684-bebe-6c0fd67244a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrtskls3hz26", "content": "", "creation_timestamp": "2025-06-18T00:58:39.304737Z"}, {"uuid": "eff8ee90-3934-4bda-84a5-fb5ed11aa50e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lru2o7p5522e", "content": "", "creation_timestamp": "2025-06-18T03:23:51.576645Z"}, {"uuid": "25d6e534-0d2e-4245-b74f-e326940b0816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61927", "type": "seen", "source": "https://gist.github.com/Kirill89/53b514b5c320097288e7baf052769feb", "content": "", "creation_timestamp": "2025-10-16T09:11:32.000000Z"}, {"uuid": "8ec4f1e8-32c1-44b2-8077-de43712e1be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m3b4t723ps2j", "content": "", "creation_timestamp": "2025-10-15T20:53:46.868966Z"}, {"uuid": "6924bcf8-7790-49d8-9740-ff8ac49221d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-06T01:04:20.000000Z"}, {"uuid": "f2e20308-e3d9-4ec0-b2b4-1d6878f9c332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61927", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m35iqhaujto2", "content": "", "creation_timestamp": "2025-10-14T10:17:28.782338Z"}, {"uuid": "b870c396-bc92-428c-b614-70e9b35f89a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-61928", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-0bdc0bc6-e63b33b7dcb5b017", "content": "", "creation_timestamp": "2025-10-24T14:15:39.344651Z"}, {"uuid": "348eddfb-d6f3-4fd6-aafa-609028aca5c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3m3nm2iifnv25", "content": "", "creation_timestamp": "2025-10-20T19:58:14.880093Z"}, {"uuid": "eea25f6f-2f0c-4909-9bf7-d161f6a3ae5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-61928", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3m3mppv2ecv26", "content": "", "creation_timestamp": "2025-10-20T11:31:14.038650Z"}, {"uuid": "4d499793-df1a-4e8d-8358-84a635b5e19d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/crowdcyber.bsky.social/post/3m3svpho2nm2j", "content": "", "creation_timestamp": "2025-10-22T22:34:20.446242Z"}, {"uuid": "f8807a73-9f3a-4db9-88d1-43c52a6b5aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3m3osfpb4a22r", "content": "", "creation_timestamp": "2025-10-21T07:24:32.841418Z"}, {"uuid": "c79f4210-9e84-4fde-ad1f-93dfd1c34055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-61928", "type": "seen", "source": "https://bsky.app/profile/0x4d6165.wanderingwires.net.ap.brid.gy/post/3m3o3frzhe2a2", "content": "", "creation_timestamp": "2025-10-21T00:34:21.435402Z"}, {"uuid": "c779f039-592d-409a-a92f-580d96a1e88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://bsky.app/profile/crowdcyber.bsky.social/post/3m3pv7amzit26", "content": "", "creation_timestamp": "2025-10-21T17:47:17.063071Z"}, {"uuid": "c5dbb3c5-4a53-46e2-91d9-3dbd67ca8e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-21T10:03:56.000000Z"}, {"uuid": "4e797959-f371-4ff9-88a8-1fc552911b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "e92402ac-b04a-4e73-ad0b-3c8344ca18bd", "vulnerability": "CVE-2025-61922", "type": "published-proof-of-concept", "source": "https://github.com/g0vguy/CVE-2025-61922-PoC", "content": "", "creation_timestamp": "2026-01-02T22:53:23.061185Z"}, {"uuid": "16a62f72-da5e-417d-bba3-9b2532c0c7c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61925", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5jqcg4ohh26", "content": "", "creation_timestamp": "2025-11-13T17:53:59.566358Z"}, {"uuid": "562d8377-df91-48c4-a574-376e06aa9716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "e92402ac-b04a-4e73-ad0b-3c8344ca18bd", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://dhakal-ananda.com.np/blogs/cve-2025-61922-analysis/", "content": "", "creation_timestamp": "2026-01-02T22:54:29.662974Z"}, {"uuid": "2114d6e9-6836-46e5-b32e-cea38f87802c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mbkcpb5tve2q", "content": "", "creation_timestamp": "2026-01-03T21:04:05.551377Z"}, {"uuid": "7cfffc1a-9d38-49ad-a734-0af7345b4cd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/pentesterlab.com/post/3mbrykuok6s2a", "content": "", "creation_timestamp": "2026-01-06T22:24:09.656171Z"}, {"uuid": "7a7e9b19-331b-4ab7-bf32-dbebe2c60693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/pentesterlab.com/post/3mbryky2cgk2a", "content": "", "creation_timestamp": "2026-01-06T22:24:10.186581Z"}, {"uuid": "ad184e37-8d9a-433c-bb65-578d13c43ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/pentesterlab.com/post/3mbrykz2qjc2a", "content": "", "creation_timestamp": "2026-01-06T22:24:10.738720Z"}, {"uuid": "52058777-2a88-4a3b-a08a-596834085e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/pentesterlab.com/post/3mbrykz2shs2a", "content": "", "creation_timestamp": "2026-01-06T22:24:11.301712Z"}, {"uuid": "19efff51-3272-4211-98be-a716cf68f4ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "seen", "source": "https://bsky.app/profile/pentesterlab.com/post/3mbryl46jus2a", "content": "", "creation_timestamp": "2026-01-06T22:24:11.890589Z"}, {"uuid": "5c972bd3-1a55-4980-8c35-9bb20fcf8704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/10291", "content": "Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928) - ZeroPath Blog\n\nhttps://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928", "creation_timestamp": "2025-10-22T06:51:26.000000Z"}, {"uuid": "d85ec51e-f3c9-4a77-9003-4af9ce64d398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "Telegram/hFe-u3i_cqprGxHlKdWuyo7rMpc25bDCLUZTf14NmEs7c4o", "content": "", "creation_timestamp": "2025-06-18T19:32:57.000000Z"}, {"uuid": "5ea84fe0-e686-4cb0-9f48-de9a39ae4e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/643", "content": "Top Security News for Today\n\nHow a fake AI recruiter delivers five staged malware disguised as a dream job  \nhttps://www.reddit.com/r/netsec/comments/1obgnxd/how_a_fake_ai_recruiter_delivers_five_staged/\n\nXRayC2 \u2013 Weaponizing AWS X-Ray for Covert Command and Control (C2)  \nhttps://www.darknet.org.uk/2025/10/xrayc2-weaponizing-aws-x-ray-for-covert-command-and-control-c2/\n\nAgentic AI\u2019s OODA Loop Problem  \nhttps://www.schneier.com/blog/archives/2025/10/agentic-ais-ooda-loop-problem.html\n\nEvilginx\u2019s creator reckons with the dark side of red-team tools  \nhttps://therecord.media/evilginx-kuba-gretzky-interview-click-here-podcast\n\n20th October \u2013 Threat Intelligence Report  \nhttps://research.checkpoint.com/2025/20th-october-threat-intelligence-report/\n\nHome security firm Verisure reports data breach at Swedish subsidiary  \nhttps://therecord.media/verisure-data-breach-sweden-alert-alarm-subsidiary\n\nChina claims it caught US attempting cyberattack on national time center  \nhttps://therecord.media/china-attack-national-time-center\n\nInside the attack chain: Threat activity targeting Azure Blob Storage  \nhttps://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/\n\nTunneling WireGuard over HTTPS using Wstunnel  \nhttps://www.reddit.com/r/netsec/comments/1obogco/tunneling_wireguard_over_https_using_wstunnel/\n\nBetter-Auth Critical Account Takeover via Unauthenticated API Key Creation (CVE-2025-61928)  \nhttps://www.reddit.com/r/netsec/comments/1obrlhi/betterauth_critical_account_takeover_via/\n\nFollow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2025-10-21T09:30:50.000000Z"}, {"uuid": "e8bbafde-938b-4552-b986-5878038430ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61922", "type": "published-proof-of-concept", "source": "Telegram/Ph5XVLoVKPKzeNd3zHbruXHl3wn31oqUjoUVrNk6if5Q2TM", "content": "", "creation_timestamp": "2026-01-02T21:00:05.000000Z"}, {"uuid": "333ef8b4-ef28-4b37-a177-31cf36f2bee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18808", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6192\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\ud83d\udccf Published: 2025-06-18T18:16:36.481Z\n\ud83d\udccf Modified: 2025-06-18T19:25:01.646Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html\n2. https://issues.chromium.org/issues/421471016", "creation_timestamp": "2025-06-18T19:39:58.000000Z"}, {"uuid": "00d9ad90-ef98-4c83-a943-7f62ed407683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61928", "type": "seen", "source": "https://t.me/TopCyberTechNews/644", "content": "Top Security News for Today\n\nThe evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques  \nhttps://securelist.com/email-phishing-techniques-2025/117801/\n\nBetter-Auth Critical Account Takeover via Unauthenticated API Key Creation (CVE-2025-61928)  \nhttps://www.reddit.com/r/netsec/comments/1obrlhi/betterauth_critical_account_takeover_via/\n\nCVE-2025-9133: ZYXEL Configuration Exposure via Authorization Bypass  \nhttps://www.reddit.com/r/netsec/comments/1oc4qwa/cve20259133_zyxel_configuration_exposure_via/\n\nA Cybersecurity Merit Badge  \nhttps://www.schneier.com/blog/archives/2025/10/a-cybersecurity-merit-badge.html\n\nFast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities  \nhttps://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html\n\nMicrosoft 365 Copilot - Arbitrary Data Exfiltration Via Mermaid Diagrams  \nhttps://www.reddit.com/r/netsec/comments/1occb7r/microsoft_365_copilot_arbitrary_data_exfiltration/\n\nFollow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2025-10-22T09:30:16.000000Z"}, {"uuid": "e194bd0c-d79a-4630-9aab-916599994656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-61920", "type": "published-proof-of-concept", "source": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9", "content": "", "creation_timestamp": "2025-10-10T02:28:44.000000Z"}, {"uuid": "5556be9b-74cf-4224-a635-1f519cd44751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6192", "type": "exploited", "source": "https://t.me/true_secator/7207", "content": "Grafana \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Chromium, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Grafana Image Renderer \u0438 Synthetic Monitoring Agent.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f\u00a0CVE-2025-6554\u00a0- \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day \u0438 \u0432 Google \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u043b\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f CVE-2025-6554. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 Chrome 138.0.7204.96/.97 \u0434\u043b\u044f Windows, 138.0.7204.92/.93 \u0434\u043b\u044f macOS \u0438 138.0.7204.96 \u0434\u043b\u044f Linux.\n\nGrafana \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f\u00a0CVE-2025-5959\u00a0- \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u044b \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u00ab\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0435\u00bb \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446.\n\nGoogle \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Chrome 137.0.7151.103/.104 \u0434\u043b\u044f Windows \u0438 macOS, 137.0.7151.103 \u0434\u043b\u044f Linux.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u043b\u0430\u0433\u0438\u043d Image Renderer \u0438 Synthetic Monitoring Agent \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2025-6191, \u0434\u0435\u0444\u0435\u043a\u0442\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 Chrome V8, \u0438 CVE-2025-6192, \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Profiler.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Chrome 137.0.7151.119/.120 \u0434\u043b\u044f Windows \u0438 macOS, 137.0.7151.119 \u0434\u043b\u044f Linux.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Grafana, \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Grafana Image Renderer \u0434\u043e 3.12.9 \u0438 Synthetic Monitoring Agent \u0434\u043e 0.38.3, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u043b\u0430\u0433\u0438\u043d Grafana Image Renderer \u0438\u043b\u0438 \u0438\u043c\u0435\u044e\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 Synthetic Monitoring Agent, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b.", "creation_timestamp": "2025-07-08T15:46:22.000000Z"}, {"uuid": "984770c7-9e5f-4852-bbd9-8c0c2c09ff6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61929", "type": "seen", "source": "https://t.me/bhhub/1170", "content": "Weekly Brief \u2014 Actively Exploited &amp; Critical Vulns\n\nOne-click RCE chains, cross-site scripting in network management suites, and LLM interface takeover vectors defined this week\u2019s threat landscape.  \nThe most urgent issues involve active exploitation, drive-by execution, and critical CVSS \u2265 9 vulnerabilities in AI and enterprise tools.\n\n\u2b50\ufe0f CVE-2025-61929 \u2014 Cherry Studio (One-Click RCE via URL Protocol, CVSS 9.6)\n\nProduct: Cherry Studio (Desktop LLM client)  \nVector: cherrystudio:// custom URL scheme \u2192 base64-encoded command execution\n\nCherry Studio registers a custom URL handler (`cherrystudio://`) that processes encoded configuration data and executes embedded commands.  \nAttackers can host malicious URLs that trigger arbitrary command execution upon a single click \u2014 no secondary confirmation required.  \nExploitation was observed within 48 hours of disclosure.\n\nhttps://github.com/cherry-studio/advisories\n\n\u2b50\ufe0fCVE-2025-59978 \u2014 Juniper Junos Space (Stored XSS \u2192 Admin Command Execution, CVSS 9.0)\n\n\nProduct: Juniper Networks Junos Space (&lt; 24.1R4)  \nVector: Persistent JavaScript injection in management web interface\n\nImproper input sanitization in Junos Space allows stored XSS, which can escalate to admin-level command execution when viewed by privileged users.  \nExploitation has been observed in active campaigns, potentially linked to Cl0p ransomware operators targeting network appliances.\n\nhttps://supportportal.juniper.net/JSA103140\n\n\u2b50\ufe0f CVE-2025-59159 \u2014 SillyTavern (DNS Rebinding / Remote Takeover, CVSS 9.6)\n\nProduct: SillyTavern (LLM Web Interface &lt; 1.13.4)  \nVector: Insecure hostname validation \u2192 DNS rebinding attack\n\nSillyTavern\u2019s local web server does not properly validate inbound host headers.  \nAttackers can exploit DNS rebinding to interact with local AI instances remotely \u2014 stealing API keys or installing malicious extensions.\n\nhttps://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-7cxj-w27x-x78q", "creation_timestamp": "2025-10-21T13:59:09.000000Z"}]}