Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-0509 (GCVE-0-2025-0509)
Vulnerability from cvelistv5 – Published: 2025-02-04 20:01 – Updated: 2025-02-17 12:03
VLAI
EPSS
Title
Signing Checks Bypass
Summary
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
Severity
7.3 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sparkle-project | Sparkle |
Affected:
0 , < 2.6.4
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-04T20:02:51.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:29:02.431803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Sparkle",
"repo": "https://github.com/sparkle-project/Sparkle/",
"vendor": "sparkle-project",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks."
}
],
"impacts": [
{
"capecId": "CAPEC-184",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-184 Software Integrity Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T12:03:46.428Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"url": "https://sparkle-project.org/documentation/security-and-reliability/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Signing Checks Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-0509",
"datePublished": "2025-02-04T20:01:08.865Z",
"dateReserved": "2025-01-15T21:25:14.312Z",
"dateUpdated": "2025-02-17T12:03:46.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-0509",
"date": "2026-05-27",
"epss": "0.00071",
"percentile": "0.21719"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-0509\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2025-02-04T20:15:49.763\",\"lastModified\":\"2025-08-05T14:35:15.903\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema de seguridad en Sparkle antes de la versi\u00f3n 2.64. Un atacante puede reemplazar una actualizaci\u00f3n firmada existente con otro payload, omitiendo las comprobaciones de firma de Sparkle (Ed)DSA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sparkle-project:sparkle:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.4\",\"matchCriteriaId\":\"338ED490-33A3-4531-B18F-23466B3E5DAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E\"}]}]}],\"references\":[{\"url\":\"https://github.com/sparkle-project/Sparkle/pull/2550\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://sparkle-project.org/documentation/security-and-reliability/\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250124-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250124-0008/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-04T20:02:51.557Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0509\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T20:29:02.431803Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T20:42:58.685Z\"}}], \"cna\": {\"title\": \"Signing Checks Bypass\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-184\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-184 Software Integrity Attack\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/sparkle-project/Sparkle/\", \"vendor\": \"sparkle-project\", \"product\": \"Sparkle\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.4\", \"versionType\": \"semver\"}], \"platforms\": [\"MacOS\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/sparkle-project/Sparkle/pull/2550\"}, {\"url\": \"https://sparkle-project.org/documentation/security-and-reliability/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\\u2019s (Ed)DSA signing checks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eA security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\\u2019s (Ed)DSA signing checks.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552 Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2025-02-17T12:03:46.428Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-0509\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-17T12:03:46.428Z\", \"dateReserved\": \"2025-01-15T21:25:14.312Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2025-02-04T20:01:08.865Z\", \"assignerShortName\": \"fedora\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0053
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE version :8u431 | ||
| Oracle | Java SE | Oracle Java SE version :8u431-perf | ||
| Oracle | Java SE | Oracle Java SE version :23.0.1 | ||
| Oracle | Java SE | Oracle Java SE version :17.0.13 | ||
| Oracle | Java SE | Oracle Java SE version :21.0.5 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:17.0.13 | ||
| Oracle | Java SE | Oracle Java SE version :11.0.25 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM Enterprise Edition:20.3.16 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM Enterprise Edition:21.3.12 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:21.0.5 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:23.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE version :8u431",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :8u431-perf",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :23.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :17.0.13",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :21.0.5",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:17.0.13",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :11.0.25",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM Enterprise Edition:20.3.16",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM Enterprise Edition:21.3.12",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:21.0.5",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:23.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0509"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0053",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpujan2025",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
CERTFR-2025-AVI-0053
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE version :8u431 | ||
| Oracle | Java SE | Oracle Java SE version :8u431-perf | ||
| Oracle | Java SE | Oracle Java SE version :23.0.1 | ||
| Oracle | Java SE | Oracle Java SE version :17.0.13 | ||
| Oracle | Java SE | Oracle Java SE version :21.0.5 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:17.0.13 | ||
| Oracle | Java SE | Oracle Java SE version :11.0.25 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM Enterprise Edition:20.3.16 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM Enterprise Edition:21.3.12 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:21.0.5 | ||
| Oracle | Java SE | Oracle Java SE version Oracle GraalVM for JDK:23.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE version :8u431",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :8u431-perf",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :23.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :17.0.13",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :21.0.5",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:17.0.13",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version :11.0.25",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM Enterprise Edition:20.3.16",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM Enterprise Edition:21.3.12",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:21.0.5",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version Oracle GraalVM for JDK:23.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0509"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0053",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpujan2025",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
BDU:2025-09248
Vulnerability from fstec - Published: 30.04.2024
VLAI
Title
Уязвимость фреймворка Sparkle программной платформы Oracle Java SE, связанная с раскрытием файлов или каталогов внешним сторонам, позволяющая нарушителю обойти проверку подписи (Ed)DSA и получить полный контроль над приложением
Description
Уязвимость фреймворка Sparkle программной платформы Oracle Java SE связана с раскрытием файлов или каталогов внешним сторонам. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти проверку подписи (Ed)DSA и получить полный контроль над приложением
Severity
Vendor
Oracle Corp., Сообщество свободного программного обеспечения
Software Name
Java SE, Sparkle
Software Version
8u431 (Java SE), до 2.6.4 (Sparkle)
Possible Mitigations
Использование рекомендаций производителя:
Для Sparkle:
https://github.com/sparkle-project/Sparkle/releases/tag/2.6.4
Для продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2025verbose.html
https://www.oracle.com/security-alerts/cpujan2025.html
Reference
https://www.oracle.com/security-alerts/cpujan2025verbose.html
https://www.oracle.com/security-alerts/cpujan2025.html
https://github.com/sparkle-project/Sparkle/pull/2550
CWE
CWE-552
{
"CVSS 2.0": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8u431 (Java SE), \u0434\u043e 2.6.4 (Sparkle)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Sparkle:\nhttps://github.com/sparkle-project/Sparkle/releases/tag/2.6.4\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2025verbose.html\nhttps://www.oracle.com/security-alerts/cpujan2025.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-09248",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-0509",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Java SE, Sparkle",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Sparkle \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u043b\u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0441\u0442\u043e\u0440\u043e\u043d\u0430\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (Ed)DSA \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0424\u0430\u0439\u043b\u044b \u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0441\u0442\u043e\u0440\u043e\u043d\u0430\u043c (CWE-552)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Sparkle \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u043b\u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0441\u0442\u043e\u0440\u043e\u043d\u0430\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (Ed)DSA \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpujan2025verbose.html\nhttps://www.oracle.com/security-alerts/cpujan2025.html\nhttps://github.com/sparkle-project/Sparkle/pull/2550",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-552",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}
bit-java-2025-0509
Vulnerability from bitnami_vulndb
Published
2026-05-06 14:45
Modified
2026-05-08 06:11
Summary
Signing Checks Bypass
Details
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "java",
"purl": "pkg:bitnami/java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.441"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-0509"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.",
"id": "BIT-java-2025-0509",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-06T14:45:12.781Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0509"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250124-0008/"
},
{
"type": "WEB",
"url": "https://sparkle-project.org/documentation/security-and-reliability/"
}
],
"schema_version": "1.6.2",
"summary": "Signing Checks Bypass"
}
bit-jre-2025-0509
Vulnerability from bitnami_vulndb
Published
2026-05-08 05:46
Modified
2026-05-08 06:11
Summary
Signing Checks Bypass
Details
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jre",
"purl": "pkg:bitnami/jre"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.441"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-0509"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajre:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.",
"id": "BIT-jre-2025-0509",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-08T05:46:50.932Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0509"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250124-0008/"
},
{
"type": "WEB",
"url": "https://sparkle-project.org/documentation/security-and-reliability/"
}
],
"schema_version": "1.6.2",
"summary": "Signing Checks Bypass"
}
FKIE_CVE-2025-0509
Vulnerability from fkie_nvd - Published: 2025-02-04 20:15 - Updated: 2025-08-05 14:35
Severity
7.3 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sparkle-project | sparkle | * | |
| netapp | hci_compute_node | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sparkle-project:sparkle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338ED490-33A3-4531-B18F-23466B3E5DAD",
"versionEndExcluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema de seguridad en Sparkle antes de la versi\u00f3n 2.64. Un atacante puede reemplazar una actualizaci\u00f3n firmada existente con otro payload, omitiendo las comprobaciones de firma de Sparkle (Ed)DSA."
}
],
"id": "CVE-2025-0509",
"lastModified": "2025-08-05T14:35:15.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0,
"source": "patrick@puiterwijk.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-04T20:15:49.763",
"references": [
{
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
],
"url": "https://sparkle-project.org/documentation/security-and-reliability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20250124-0008/"
}
],
"sourceIdentifier": "patrick@puiterwijk.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
}
GHSA-WC9M-R3V6-9P5H
Vulnerability from github – Published: 2025-02-04 21:32 – Updated: 2025-02-04 23:18
VLAI
Summary
Sparkle Signing Checks Bypass
Details
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
Severity
7.3 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.6.3"
},
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/sparkle-project/Sparkle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-0509"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-04T23:18:58Z",
"nvd_published_at": "2025-02-04T20:15:49Z",
"severity": "HIGH"
},
"details": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.",
"id": "GHSA-wc9m-r3v6-9p5h",
"modified": "2025-02-04T23:18:58Z",
"published": "2025-02-04T21:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0509"
},
{
"type": "WEB",
"url": "https://github.com/sparkle-project/Sparkle/pull/2550"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparkle-project/Sparkle"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250124-0008"
},
{
"type": "WEB",
"url": "https://sparkle-project.org/documentation/security-and-reliability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sparkle Signing Checks Bypass"
}
WID-SEC-W-2025-0140
Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-06-02 22:00Summary
Oracle Java SE: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Java SE 21.0.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.0.5
|
21.0.5 | |
|
Oracle Java SE 8u431
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u431-perf
|
8u431 | |
|
Azul Zulu
Azul / Zulu
|
cpe:/a:azul:zulu:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE 17.0.13
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.13
|
17.0.13 | |
|
Oracle Java SE 11.0.25
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.25
|
11.0.25 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Oracle GraalVM for JDK 23.0.1
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:23.0.1::for_jdk
|
for JDK 23.0.1 | |
|
Oracle GraalVM for JDK 21.0.5
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:21.0.5::for_jdk
|
for JDK 21.0.5 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle GraalVM for JDK 17.0.13
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:17.0.13::for_jdk
|
for JDK 17.0.13 | |
|
Oracle Java SE 23.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:23.0.1
|
23.0.1 | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle GraalVM Enterprise Edition 21.3.12
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:21.3.12::enterprise_edition
|
Enterprise Edition 21.3.12 | |
|
Oracle GraalVM Enterprise Edition 20.3.16
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:20.3.16::enterprise_edition
|
Enterprise Edition 20.3.16 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Azul Zulu
Azul / Zulu
|
cpe:/a:azul:zulu:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Java SE 21.0.5
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.0.5
|
21.0.5 | |
|
Oracle Java SE 8u431
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u431-perf
|
8u431 | |
|
Azul Zulu
Azul / Zulu
|
cpe:/a:azul:zulu:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Oracle Java SE 17.0.13
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.13
|
17.0.13 | |
|
Oracle Java SE 11.0.25
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.25
|
11.0.25 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Oracle GraalVM for JDK 23.0.1
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:23.0.1::for_jdk
|
for JDK 23.0.1 | |
|
Oracle GraalVM for JDK 21.0.5
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:21.0.5::for_jdk
|
for JDK 21.0.5 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle GraalVM for JDK 17.0.13
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:17.0.13::for_jdk
|
for JDK 17.0.13 | |
|
Oracle Java SE 23.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:23.0.1
|
23.0.1 | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle GraalVM Enterprise Edition 21.3.12
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:21.3.12::enterprise_edition
|
Enterprise Edition 21.3.12 | |
|
Oracle GraalVM Enterprise Edition 20.3.16
Oracle / GraalVM
|
cpe:/a:oracle:graalvm:20.3.16::enterprise_edition
|
Enterprise Edition 20.3.16 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Azul Zulu
Azul / Zulu
|
cpe:/a:azul:zulu:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenJDK
Open Source
|
cpe:/a:oracle:openjdk:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
References
47 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0140 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0140.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0140 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0140"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2025 - Appendix Oracle Java SE vom 2025-01-21",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Azul Zulu builds of OpenJDK vom 2025-01-21",
"url": "https://docs.azul.com/core/pdfs/january-2025/azul-zulu-ca-release-notes-january-2025-rev1.0.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0421 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0421"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0422 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0422"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0423 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0423"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0429 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0429"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0425 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0424 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0424"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0427 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0427"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0426 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0428 vom 2025-01-22",
"url": "https://access.redhat.com/errata/RHSA-2025:0428"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-0422 vom 2025-01-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-0422.html"
},
{
"category": "external",
"summary": "Azul Zulu builds of OpenJDK January 2025 Quarterly Update vom 2025-01-23",
"url": "https://docs.azul.com/core/pdfs/january-2025/azul-zulu-ca-release-notes-january-2025-rev1.1.pdf"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory vom 2025-01-23",
"url": "https://openjdk.org/groups/vulnerability/advisories/2025-01-21"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0235-1 vom 2025-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020198.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-0426 vom 2025-01-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-0426.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250124-0009 vom 2025-01-24",
"url": "https://security.netapp.com/advisory/ntap-20250124-0009/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0279-1 vom 2025-01-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DB5O3YINIJCFD7QG2XWMMPJ5H4BQKLIA/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0782 vom 2025-01-28",
"url": "https://access.redhat.com/errata/RHSA-2025:0782"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4037 vom 2025-01-31",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5857 vom 2025-02-03",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0338-1 vom 2025-02-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EC4FA6VN4EGPE4KWYLPMGJ64XQFZWDHD/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0339-1 vom 2025-02-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GNTTJS5C4PQRSAZ6PPMASXKOCRDQMZ27/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7255-1 vom 2025-02-05",
"url": "https://ubuntu.com/security/notices/USN-7255-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7253-1 vom 2025-02-05",
"url": "https://ubuntu.com/security/notices/USN-7253-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7252-1 vom 2025-02-05",
"url": "https://ubuntu.com/security/notices/USN-7252-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2740 vom 2025-02-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2740.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2741 vom 2025-02-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2741.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7254-1 vom 2025-02-05",
"url": "https://ubuntu.com/security/notices/USN-7254-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1154 vom 2025-02-06",
"url": "https://access.redhat.com/errata/RHSA-2025:1154"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4043 vom 2025-02-07",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14755-1 vom 2025-02-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7KZSNPFAS32QHPRWSJGI2D4QTO3KWTH/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:0426 vom 2025-02-13",
"url": "https://errata.build.resf.org/RLSA-2025:0426"
},
{
"category": "external",
"summary": "Azul Zulu builds of OpenJDK vom 2025-02-19",
"url": "https://docs.azul.com/core/pdfs/january-2025/azul-zulu-ca-release-notes-january-2025-rev1.2.pdf"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0066-1 vom 2025-02-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0067-1 vom 2025-02-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XA5CCGSPUXUTQHDG25O5DM4G37BLRUMN/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14824-1 vom 2025-02-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SEZ7TDWKNAHFBSUJ6EKTGNZH73T5RDFR/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0674-1 vom 2025-02-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020421.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0675-1 vom 2025-02-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020420.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-109 vom 2025-02-27",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-109/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2615 vom 2025-03-11",
"url": "https://access.redhat.com/errata/RHSA-2025:2615"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7338-1 vom 2025-03-11",
"url": "https://ubuntu.com/security/notices/USN-7338-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7339-1 vom 2025-03-11",
"url": "https://ubuntu.com/security/notices/USN-7339-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-02T22:00:00.000+00:00",
"generator": {
"date": "2025-06-03T09:27:39.130+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0140",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE, Oracle Linux und NetApp aufgenommen"
},
{
"date": "2025-01-28T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-02-02T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-03T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2025-02-06T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-19T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Azul Zulu",
"product": {
"name": "Azul Zulu",
"product_id": "T034269",
"product_identification_helper": {
"cpe": "cpe:/a:azul:zulu:-"
}
}
},
{
"category": "product_name",
"name": "Azul Zulu",
"product": {
"name": "Azul Zulu",
"product_id": "T036273",
"product_identification_helper": {
"cpe": "cpe:/a:azul:zulu:-"
}
}
}
],
"category": "product_name",
"name": "Zulu"
}
],
"category": "vendor",
"name": "Azul"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T038839",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T032260",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for JDK 17.0.13",
"product": {
"name": "Oracle GraalVM for JDK 17.0.13",
"product_id": "T040511",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:17.0.13::for_jdk"
}
}
},
{
"category": "product_version",
"name": "for JDK 21.0.5",
"product": {
"name": "Oracle GraalVM for JDK 21.0.5",
"product_id": "T040512",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:21.0.5::for_jdk"
}
}
},
{
"category": "product_version",
"name": "for JDK 23.0.1",
"product": {
"name": "Oracle GraalVM for JDK 23.0.1",
"product_id": "T040513",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:23.0.1::for_jdk"
}
}
},
{
"category": "product_version",
"name": "Enterprise Edition 20.3.16",
"product": {
"name": "Oracle GraalVM Enterprise Edition 20.3.16",
"product_id": "T040514",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:20.3.16::enterprise_edition"
}
}
},
{
"category": "product_version",
"name": "Enterprise Edition 21.3.12",
"product": {
"name": "Oracle GraalVM Enterprise Edition 21.3.12",
"product_id": "T040515",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:21.3.12::enterprise_edition"
}
}
}
],
"category": "product_name",
"name": "GraalVM"
},
{
"branches": [
{
"category": "product_version",
"name": "11.0.25",
"product": {
"name": "Oracle Java SE 11.0.25",
"product_id": "T040470",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.25"
}
}
},
{
"category": "product_version",
"name": "17.0.13",
"product": {
"name": "Oracle Java SE 17.0.13",
"product_id": "T040471",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:17.0.13"
}
}
},
{
"category": "product_version",
"name": "8u431",
"product": {
"name": "Oracle Java SE 8u431",
"product_id": "T040508",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u431-perf"
}
}
},
{
"category": "product_version",
"name": "21.0.5",
"product": {
"name": "Oracle Java SE 21.0.5",
"product_id": "T040509",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:21.0.5"
}
}
},
{
"category": "product_version",
"name": "23.0.1",
"product": {
"name": "Oracle Java SE 23.0.1",
"product_id": "T040510",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:23.0.1"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0509",
"product_status": {
"known_affected": [
"T040509",
"T040508",
"T034269",
"67646",
"T034583",
"T002977",
"T032260",
"T004914",
"T038840",
"T040471",
"T040470",
"T020304",
"T040513",
"T040512",
"398363",
"T040511",
"T040510",
"T038839",
"T040515",
"T040514",
"T032255",
"T039664",
"T036273",
"2951",
"T002207",
"T000126",
"580789",
"T027843"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-0509"
},
{
"cve": "CVE-2025-21502",
"product_status": {
"known_affected": [
"T040509",
"T040508",
"T034269",
"67646",
"T034583",
"T002977",
"T032260",
"T004914",
"T038840",
"T040471",
"T040470",
"T020304",
"T040513",
"T040512",
"398363",
"T040511",
"T040510",
"T038839",
"T040515",
"T040514",
"T032255",
"T039664",
"T036273",
"2951",
"T002207",
"T000126",
"580789",
"T027843"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21502"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…