{"vulnerability": "cve-2025-6388", "sightings": [{"uuid": "a398dd35-ebb9-4c4f-9e45-5e0949e7b34d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-6388", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3m2bpk4tsdx26", "content": "", "creation_timestamp": "2025-10-03T09:03:34.458883Z"}, {"uuid": "e7406c0d-b03d-493e-bfb2-3691d8f2df23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6388", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2fi6hs6eb23", "content": "", "creation_timestamp": "2025-10-04T21:02:26.333794Z"}, {"uuid": "94bb2567-c716-4653-9c83-59220f33905f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63883", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5wazsgskm2s", "content": "", "creation_timestamp": "2025-11-18T17:25:20.855494Z"}, {"uuid": "19883f49-0363-463c-a3a3-3e534e687bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63888", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m63jiuuwkp2w", "content": "", "creation_timestamp": "2025-11-20T19:40:15.512135Z"}, {"uuid": "07f3fbcb-2a3d-4f48-9644-6b2e71b804b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63888", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/60331", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aSecurity research tool for detecting and testing CVE-2025-63888 (ThinkPHP 5.0.24 File Inclusion RCE vulnerability)\nURL\uff1ahttps://github.com/AN5I/cve-2025-63888-exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-11-21T00:26:48.000000Z"}, {"uuid": "6487f204-42f0-4ed8-93e4-18348231b003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63889", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m63jziszqn2q", "content": "", "creation_timestamp": "2025-11-20T19:49:33.328089Z"}, {"uuid": "6fd8c5e5-a27a-4ba3-b9e0-1bf325048b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63888", "type": "published-proof-of-concept", "source": "Telegram/tKAkyByJyf-3fTR3FIdOGi_BkQgInDQD9nvMF722k6zIU-s", "content": "", "creation_timestamp": "2025-11-21T03:00:06.000000Z"}, {"uuid": "2991c9cf-bb52-4f79-a5ef-2e8d5568da4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6388", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mkmaeeb6fz2q", "content": "", "creation_timestamp": "2026-04-29T04:14:15.277523Z"}, {"uuid": "5a9652fa-c0f4-4361-b09a-9b49db25c863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6388", "type": "seen", "source": "https://t.me/bhhub/1167", "content": "Top exploited vulns of the Week\n\nThis week\u2019s Vulnerability Trend shows a mix of big-platform remote RCEs (Oracle EBS, DrayTek), high-impact web plugin and local network exploits (WordPress Spirit, SillyTavern), plus client/runtime abuse in widely distributed software (Unity, Zabbix agent). Notable: an enterprise-scale, pre-auth Oracle RCE is already weaponized by ransomware groups (Cl0p / GRACEFUL SPIDER) and added to CISA KEV \u2014 treat it as highest priority.\n\nQuick hit list:\n\n\u2b50\ufe0f CVE-2025-61882 \u2014 Oracle E-Business Suite (BI Publisher integration) \u2014 CVSS 9.8, pre-auth RCE, actively used by Cl0p & GRACEFUL SPIDER; on CISA KEV. Patch immediately or isolate EBS HTTP endpoints.\n\u2b50\ufe0f CVE-2025-6388 \u2014 Spirit Framework (WordPress) \u2014 CVSS 9.8, unauthenticated admin takeover. Update to 1.2.15 or remove the plugin.\n\u2b50\ufe0f CVE-2025-59159 \u2014 SillyTavern (DNS rebinding) \u2014 CVSS ~9.6, local network\u2192API key theft. Upgrade to 1.13.4 + enable host whitelist.\n\u2b50\ufe0f CVE-2025-10547 \u2014 DrayTek Vigor routers \u2014 CVSS 8.8, unauth RCE in HTTP CGI; remote root possible. Apply vendor fixes and audit external-facing routers.\n\u2b50\ufe0f CVE-2025-59489 \u2014 Unity Runtime \u2014 Arg injection / DLL hijack in apps; PoCs available; exploited via trojanized games. Treat as supply-chain / app-store risk for distributed clients.\n\u2b50\ufe0f CVE-2025-27237 \u2014 Zabbix Agent (Windows LPE) \u2014 DLL injection via writable OpenSSL path; observed in targeted ops. Harden file perms and monitor for local privilege escalations.", "creation_timestamp": "2025-10-07T08:14:58.000000Z"}]}