cvelistv5 - CVE-2025-52570

CVE-2025-52570 (GCVE-0-2025-52570)

Vulnerability from cvelistv5 – Published: 2025-06-24 03:13 – Updated: 2025-06-24 14:42

Summary

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

Severity ?

1.7 (Low)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

CWE

CWE-799 - Improper Control of Interaction Frequency
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

Tags

	https://github.com/mbuesch/letmein/security/advis…	x_refsource_CONFIRM
	https://github.com/mbuesch/letmein/commit/43207cd…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mbuesch	letmein	Affected: < 10.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52570",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-24T14:41:41.688686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-24T14:42:51.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "letmein",
          "vendor": "mbuesch",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 10.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "CWE-799: Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-24T03:13:29.370Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
        },
        {
          "name": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
        }
      ],
      "source": {
        "advisory": "GHSA-jpv7-p47h-f43j",
        "discovery": "UNKNOWN"
      },
      "title": "Letmein connection limiter allows an arbitrary amount of simultaneous connections"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52570",
    "datePublished": "2025-06-24T03:13:29.370Z",
    "dateReserved": "2025-06-18T03:55:52.036Z",
    "dateUpdated": "2025-06-24T14:42:51.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52570\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-24T04:15:50.360\",\"lastModified\":\"2025-06-26T18:58:14.280\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.\"},{\"lang\":\"es\",\"value\":\"Letmein es un bloqueador de puertos de autenticaci\u00f3n. Antes de la versi\u00f3n 10.2.1, el limitador de conexiones estaba implementado incorrectamente. Permit\u00eda un n\u00famero arbitrario de conexiones entrantes simult\u00e1neas (TCP, UDP y socket Unix) para los servicios letmeind y letmeinfwd. Por lo tanto, la opci\u00f3n de l\u00ednea de comandos num-connections no es efectiva y no limita el n\u00famero de conexiones entrantes simult\u00e1neas. Este problema se ha corregido en la versi\u00f3n 10.2.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"},{\"lang\":\"en\",\"value\":\"CWE-799\"}]}],\"references\":[{\"url\":\"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52570\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T14:41:41.688686Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T14:42:32.108Z\"}}], \"cna\": {\"title\": \"Letmein connection limiter allows an arbitrary amount of simultaneous connections\", \"source\": {\"advisory\": \"GHSA-jpv7-p47h-f43j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mbuesch\", \"product\": \"letmein\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 10.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\", \"name\": \"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\", \"name\": \"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-799\", \"description\": \"CWE-799: Improper Control of Interaction Frequency\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-24T03:13:29.370Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52570\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-24T14:42:51.785Z\", \"dateReserved\": \"2025-06-18T03:55:52.036Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-24T03:13:29.370Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-JPV7-P47H-F43J

Vulnerability from github – Published: 2025-06-23 21:24 – Updated: 2025-06-27 23:08

Summary

letmein connection limiter allows an arbitrary amount of simultaneous connections

Details

Impact

The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections.

letmeind is the public network facing daemon (TCP/UDP).

letmeinfwd is the internal firewall daemon that only listens on local Unix socket.

Possible Denial Of Service by resource exhaustion.

Affected versions

All versions <= 10.2.0 are affected.

Patches

All users shall upgrade to version 10.2.1.

Workarounds

Untested possible workarounds: - It might be possible to limit the number of active connections to the letmeind port (default 5800) via firewall. - The resource consumption of the service might be restricted with a service manager such as systemd.

Severity:

If a (D)DoS is run against the service, something is going to be affected. The connection limiter assures that the effect on the system itself is limited at the expense of the effect on the letmein services itself. So even with the connection limiter active, a (D)DoS can lead to a less responsive or unresponsive letmein service.

Severity ?

4.6 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.2.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "letmeind"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.2.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "letmeinfwd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-23T21:24:59Z",
    "nvd_published_at": "2025-06-24T04:15:50Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe connection limiter is implemented incorrectly.\nIt allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services `letmeind` and `letmeinfwd`.\nTherefore, the command line option `num-connections` is not effective and does not limit the number of simultaneously incoming connections.\n\n`letmeind` is the public network facing daemon (TCP/UDP).\n\n`letmeinfwd` is the internal firewall daemon that only listens on local Unix socket.\n\nPossible Denial Of Service by resource exhaustion.\n\n### Affected versions\nAll versions `\u003c= 10.2.0` are affected.\n\n### Patches\nAll users shall upgrade to version `10.2.1`.\n\n### Workarounds\n\nUntested possible workarounds:\n- It might be possible to limit the number of active connections to the `letmeind` port (default 5800) via firewall.\n- The resource consumption of the service might be restricted with a service manager such as systemd.\n\n### Severity:\n\nIf a (D)DoS is run against the service, *something* is going to be affected.\nThe connection limiter assures that the effect on the system itself is limited at the expense of the effect on the letmein services itself.\nSo even with the connection limiter active, a (D)DoS can lead to a less responsive or unresponsive letmein service.",
  "id": "GHSA-jpv7-p47h-f43j",
  "modified": "2025-06-27T23:08:47Z",
  "published": "2025-06-23T21:24:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52570"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mbuesch/letmein"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "letmein connection limiter allows an arbitrary amount of simultaneous connections"
}

FKIE_CVE-2025-52570

Vulnerability from fkie_nvd - Published: 2025-06-24 04:15 - Updated: 2025-06-26 18:58

Severity ?

1.7 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c
	security-advisories@github.com	https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1."
    },
    {
      "lang": "es",
      "value": "Letmein es un bloqueador de puertos de autenticaci\u00f3n. Antes de la versi\u00f3n 10.2.1, el limitador de conexiones estaba implementado incorrectamente. Permit\u00eda un n\u00famero arbitrario de conexiones entrantes simult\u00e1neas (TCP, UDP y socket Unix) para los servicios letmeind y letmeinfwd. Por lo tanto, la opci\u00f3n de l\u00ednea de comandos num-connections no es efectiva y no limita el n\u00famero de conexiones entrantes simult\u00e1neas. Este problema se ha corregido en la versi\u00f3n 10.2.1."
    }
  ],
  "id": "CVE-2025-52570",
  "lastModified": "2025-06-26T18:58:14.280",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.7,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-24T04:15:50.360",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        },
        {
          "lang": "en",
          "value": "CWE-799"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-52570 (GCVE-0-2025-52570)

GHSA-JPV7-P47H-F43J

Impact

Affected versions

Patches

Workarounds

Severity:

FKIE_CVE-2025-52570

Tags

Sightings

Nomenclature