Vulnerability-Lookup

CERTFR-2025-AVI-1064

Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 cups 2.3.3op2-10
Microsoft	N/A	cbl2 grub2 2.06-15
Microsoft	N/A	cbl2 nodejs18 18.20.3-9
Microsoft	N/A	cbl2 fluent-bit versions antérieures à 3.0.6-5
Microsoft	N/A	azl3 kernel versions antérieures à 6.6.117.1-1
Microsoft	N/A	azl3 kubevirt 1.5.0-5
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	azl3 nodejs 20.14.0-9
Microsoft	N/A	azl3 glib versions antérieures à 2.78.6-5
Microsoft	N/A	azl3 grub2 2.06-25
Microsoft	N/A	azl3 libxslt 1.1.43-1
Microsoft	N/A	azl3 expat 2.6.4-2
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	cbl2 rsync versions antérieures à 3.4.1-2
Microsoft	N/A	cbl2 libxslt 1.1.34-8
Microsoft	N/A	azl3 cups 2.4.13-1
Microsoft	N/A	cbl2 haproxy versions antérieures à 2.4.24-2
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 libpng versions antérieures à 1.6.51-1
Microsoft	N/A	azl3 haproxy versions antérieures à 2.9.11-4
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	azl3 fluent-bit 3.1.9-6
Microsoft	N/A	azl3 rsync versions antérieures à 3.4.1-2
Microsoft	N/A	azl3 keras 3.3.3-5
Microsoft	N/A	cbl2 libpng versions antérieures à 1.6.51-1
Microsoft	N/A	cbl2 glib versions antérieures à 2.71.0-8
Microsoft	N/A	cbl2 kubevirt versions antérieures à 0.59.0-31
Microsoft	N/A	azl3 libvirt versions antérieures à 10.0.0-6
Microsoft	N/A	cbl2 reaper 3.1.1-19

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-61661	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13230	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40210	2025-11-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13227	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61915	2025-11-30	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64720	2025-11-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12816	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64704	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-54770	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11731	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66221	2025-12-03	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13601	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64713	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-65018	2025-11-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66030	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40211	2025-11-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50233	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66382	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61664	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58436	2025-11-30	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13193	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61662	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-38656	2025-11-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11230	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-54771	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13226	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12638	2025-12-03	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12970	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66031	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12977	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61663	2025-11-21	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12969	2025-11-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64324	2025-11-20	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64506	2025-11-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-10158	2025-11-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-64505	2025-11-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 cups 2.3.3op2-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 grub2 2.06-15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 nodejs18 18.20.3-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kubevirt 1.5.0-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nodejs 20.14.0-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 grub2 2.06-25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libxslt 1.1.43-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 expat 2.6.4-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 libxslt 1.1.34-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 cups 2.4.13-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 fluent-bit 3.1.9-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 keras 3.3.3-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
    },
    {
      "name": "CVE-2025-12816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
    },
    {
      "name": "CVE-2025-11731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
    },
    {
      "name": "CVE-2025-13226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
    },
    {
      "name": "CVE-2025-13193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
    },
    {
      "name": "CVE-2025-54770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
    },
    {
      "name": "CVE-2025-61915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
    },
    {
      "name": "CVE-2025-61662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
    },
    {
      "name": "CVE-2025-66031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
    },
    {
      "name": "CVE-2025-12977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
    },
    {
      "name": "CVE-2025-64505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
    },
    {
      "name": "CVE-2025-61663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
    },
    {
      "name": "CVE-2025-66382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
    },
    {
      "name": "CVE-2025-12970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
    },
    {
      "name": "CVE-2025-12638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
    },
    {
      "name": "CVE-2025-64506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
    },
    {
      "name": "CVE-2025-38656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
    },
    {
      "name": "CVE-2025-64720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
    },
    {
      "name": "CVE-2025-40210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
    },
    {
      "name": "CVE-2025-66030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
    },
    {
      "name": "CVE-2025-64704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
    },
    {
      "name": "CVE-2025-65018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
    },
    {
      "name": "CVE-2025-10158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
    },
    {
      "name": "CVE-2025-64713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
    },
    {
      "name": "CVE-2025-66221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
    },
    {
      "name": "CVE-2025-13230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
    },
    {
      "name": "CVE-2025-13601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
    },
    {
      "name": "CVE-2025-54771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
    },
    {
      "name": "CVE-2025-40211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
    },
    {
      "name": "CVE-2025-13227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
    },
    {
      "name": "CVE-2025-64324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
    },
    {
      "name": "CVE-2025-12969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
    },
    {
      "name": "CVE-2025-11230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
    },
    {
      "name": "CVE-2025-61661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
    },
    {
      "name": "CVE-2022-50233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
    },
    {
      "name": "CVE-2025-61664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
    }
  ],
  "initial_release_date": "2025-12-04T00:00:00",
  "last_revision_date": "2025-12-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1064",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
    },
    {
      "published_at": "2025-11-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
    },
    {
      "published_at": "2025-11-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
    },
    {
      "published_at": "2025-12-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
    },
    {
      "published_at": "2025-11-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
    },
    {
      "published_at": "2025-11-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
    },
    {
      "published_at": "2025-11-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
    },
    {
      "published_at": "2025-12-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
    },
    {
      "published_at": "2025-11-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
    },
    {
      "published_at": "2025-11-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
    },
    {
      "published_at": "2025-11-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
    }
  ]
}

CVE-2022-50233 (GCVE-0-2022-50233)

Vulnerability from cvelistv5 – Published: 2025-08-09 14:30 – Updated: 2026-05-11 19:15

Title

Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be truncated or not.

Severity

No CVSS data available.

Assigner

Linux

References

1 reference

URL	Tags
https://git.kernel.org/stable/c/dd7b8cdde098cf9f7…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 4c3dbb2c312c9fafbac30d98c523b8b1f3455d78 , < dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 (git)
Linux	Linux	Affected: 4.14 Unaffected: 0 , < 4.14 (semver) Unaffected: 6.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/eir.c",
            "net/bluetooth/mgmt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80",
              "status": "affected",
              "version": "4c3dbb2c312c9fafbac30d98c523b8b1f3455d78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/eir.c",
            "net/bluetooth/mgmt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix using strlen with hdev-\u003e{dev_name,short_name}\n\nBoth dev_name and short_name are not guaranteed to be NULL terminated so\nthis instead use strnlen and then attempt to determine if the resulting\nstring needs to be truncated or not."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:15:23.165Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80"
        }
      ],
      "title": "Bluetooth: eir: Fix using strlen with hdev-\u003e{dev_name,short_name}",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50233",
    "datePublished": "2025-08-09T14:30:51.639Z",
    "dateReserved": "2025-06-18T10:57:27.432Z",
    "dateUpdated": "2026-05-11T19:15:23.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10158 (GCVE-0-2025-10158)

Vulnerability from cvelistv5 – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48

Title

Rsync: Out of bounds array access via negative index

Summary

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-129 - Improper Validation of Array Index

Assigner

rapid7

References

2 references

URL	Tags
https://github.com/RsyncProject/rsync/commit/797e…	patch
https://attackerkb.com/assessments/fbacb2a6-d1cd-…	technical-description

Impacted products

1 product

Vendor	Product	Version
rsync	rsync	Affected: 0 , ≤ 3.4.1 (semver)

Date Public

2025-11-18 14:20

Credits

Calum Hutton

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T16:15:02.998218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T16:48:56.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "rsync",
          "vendor": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calum Hutton"
        }
      ],
      "datePublic": "2025-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
            }
          ],
          "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T14:45:58.065Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-19T06:11:00.000Z",
          "value": "Rapid7 makes initial outreach to rsync maintainers"
        },
        {
          "lang": "en",
          "time": "2025-03-19T10:04:00.000Z",
          "value": "Rsync maintainers confirm outreach"
        },
        {
          "lang": "en",
          "time": "2025-03-20T10:34:00.000Z",
          "value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
        },
        {
          "lang": "en",
          "time": "2025-04-02T03:05:00.000Z",
          "value": "Rapid7 requests confirmation of findings"
        },
        {
          "lang": "en",
          "time": "2025-04-06T09:30:00.000Z",
          "value": "Rsync maintainers indicate more time is needed"
        },
        {
          "lang": "en",
          "time": "2025-04-16T05:31:00.000Z",
          "value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
        },
        {
          "lang": "en",
          "time": "2025-04-17T01:56:00.000Z",
          "value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
        },
        {
          "lang": "en",
          "time": "2025-05-07T09:08:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-05-12T06:08:00.000Z",
          "value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
        },
        {
          "lang": "en",
          "time": "2025-05-28T09:40:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-06-17T04:19:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-08-18T11:59:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-08-23T09:17:00.000Z",
          "value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
        },
        {
          "lang": "en",
          "time": "2025-09-02T04:23:00.000Z",
          "value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
        },
        {
          "lang": "en",
          "time": "2025-09-09T11:18:00.000Z",
          "value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
        },
        {
          "lang": "en",
          "time": "2025-11-11T04:42:00.000Z",
          "value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
        },
        {
          "lang": "en",
          "time": "2025-11-18T14:00:00.000Z",
          "value": "This disclosure"
        }
      ],
      "title": "Rsync: Out of bounds array access via negative index",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2025-10158",
    "datePublished": "2025-11-18T14:24:19.210Z",
    "dateReserved": "2025-09-09T11:15:17.585Z",
    "dateUpdated": "2025-11-19T16:48:56.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11230 (GCVE-0-2025-11230)

Vulnerability from cvelistv5 – Published: 2025-11-19 09:28 – Updated: 2025-11-19 17:09

Title

Denial of service vulnerability in HAProxy mjson library

Summary

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

canonical

References

1 reference

URL	Tags
https://www.haproxy.com/blog/october-2025-cve-202…

Impacted products

1 product

Vendor	Product	Version
HAProxy Technologies	HAProxy Community Edition	Affected: 2.4.0 , < 2.4.30 (semver) Affected: 2.6.0 , < 2.6.23 (semver) Affected: 2.8.0 , < 2.8.16 (semver) Affected: 3.0.0 , < 3.0.12 (semver) Affected: 3.1.0 , < 3.1.9 (semver) Affected: 3.2.0 , < 3.2.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11230",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T17:06:27.675545Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T17:09:15.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HAProxy Community Edition",
          "programFiles": [
            "src/mjson.c"
          ],
          "repo": "https://git.haproxy.org/",
          "vendor": "HAProxy Technologies",
          "versions": [
            {
              "lessThan": "2.4.30",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.6.23",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.8.16",
              "status": "affected",
              "version": "2.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.12",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.9",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.6",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests."
            }
          ],
          "value": "Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407 Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-19T09:28:39.750Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of service vulnerability in HAProxy mjson library"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2025-11230",
    "datePublished": "2025-11-19T09:28:39.750Z",
    "dateReserved": "2025-10-01T13:10:26.249Z",
    "dateUpdated": "2025-11-19T17:09:15.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11731 (GCVE-0-2025-11731)

Vulnerability from cvelistv5 – Published: 2025-10-14 06:02 – Updated: 2026-04-27 20:05

Title

Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

Summary

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Severity

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

redhat

References

5 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:11015	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-11731	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2403688	issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/151
https://gitlab.gnome.org/GNOME/libxslt/-/merge_re…

Impacted products

8 products

Vendor	Product	Version
		Affected: 0 , < 1.1.44 (semver)
Red Hat	Red Hat Hardened Images	Unaffected: 1.1.45-0.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public

2025-10-14 00:00

Credits

Red Hat would like to thank Google Big Sleep for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T15:18:32.705297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T15:18:44.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libxslt",
          "defaultStatus": "unaffected",
          "packageName": "libxslt",
          "versions": [
            {
              "lessThan": "1.1.44",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.1.45-0.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Google Big Sleep for reporting this issue."
        }
      ],
      "datePublic": "2025-10-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T20:05:08.635Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:11015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11015"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-11731"
        },
        {
          "name": "RHBZ#2403688",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403688"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/151"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-14T05:24:09.808Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-14T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libxslt: type confusion in exsltfuncresultcompfunction of libxslt",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u2019t meet the Red Hat Product Security criteria comprising ease of use, applicability to a widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-11731",
    "datePublished": "2025-10-14T06:02:35.519Z",
    "dateReserved": "2025-10-14T05:28:37.404Z",
    "dateUpdated": "2026-04-27T20:05:08.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12638 (GCVE-0-2025-12638)

Vulnerability from cvelistv5 – Published: 2025-11-28 14:06 – Updated: 2025-11-28 15:08

Title

Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()

Summary

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.

Severity

8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

@huntr_ai

References

1 reference

URL	Tags
https://huntr.com/bounties/f94f5beb-54d8-4e6a-8ba…

Impacted products

1 product

Vendor	Product	Version
keras-team	keras-team/keras	Affected: unspecified , ≤ latest (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12638",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T15:07:39.652123Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T15:08:13.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "keras-team/keras",
          "vendor": "keras-team",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python\u0027s tarfile.extractall() method without the security-critical filter=\u0027data\u0027 parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-28T14:06:02.069Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4"
        }
      ],
      "source": {
        "advisory": "f94f5beb-54d8-4e6a-8bac-86d9aee103f4",
        "discovery": "EXTERNAL"
      },
      "title": "Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-12638",
    "datePublished": "2025-11-28T14:06:02.069Z",
    "dateReserved": "2025-11-03T17:43:47.102Z",
    "dateUpdated": "2025-11-28T15:08:13.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12816 (GCVE-0-2025-12816)

Vulnerability from cvelistv5 – Published: 2025-11-25 19:15 – Updated: 2025-11-25 21:04

Title

CVE-2025-12816

Summary

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Severity

No CVSS data available.

CWE

CWE-436 Interpretation Conflict

Assigner

certcc

References

5 references

URL	Tags
https://www.npmjs.com/package/node-forge
https://github.com/digitalbazaar/forge/pull/1124
https://github.com/digitalbazaar/forge
https://kb.cert.org/vuls/id/521113	third-party-advisory
https://github.com/digitalbazaar/forge/security/a…	third-party-advisory

Impacted products

2 products

Vendor	Product	Version
Digital Bazaar	node-forge	Affected: 0 , ≤ 1.3.1 (semver)
Digital Bazaar	forge	Affected: 0 , ≤ 1.3.1 (semver)

Credits

This issue was reported by Hunter Wodzenski of Palo Alto Networks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-12816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T20:21:37.225634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-436",
                "description": "CWE-436 Interpretation Conflict",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T20:24:22.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-25T21:04:09.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/521113"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-forge",
          "vendor": "Digital Bazaar",
          "versions": [
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "forge",
          "vendor": "Digital Bazaar",
          "versions": [
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was reported by Hunter Wodzenski of Palo Alto Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "schemaVersion": "2.0.0",
              "selections": [
                {
                  "definition": "The present state of exploitation of the vulnerability.",
                  "key": "E",
                  "name": "Exploitation",
                  "namespace": "ssvc",
                  "values": [
                    {
                      "key": "P",
                      "name": "Public PoC"
                    }
                  ],
                  "version": "1.1.0"
                },
                {
                  "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?",
                  "key": "A",
                  "name": "Automatable",
                  "namespace": "ssvc",
                  "values": [
                    {
                      "key": "N",
                      "name": "No"
                    }
                  ],
                  "version": "2.0.0"
                },
                {
                  "definition": "The technical impact of the vulnerability.",
                  "key": "TI",
                  "name": "Technical Impact",
                  "namespace": "ssvc",
                  "values": [
                    {
                      "key": "P",
                      "name": "Partial"
                    }
                  ],
                  "version": "1.0.0"
                }
              ],
              "timestamp": "2025-11-07T15:47:01.238Z"
            },
            "type": "ssvcV2_0_0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-436 Interpretation Conflict",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T19:29:31.487Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.npmjs.com/package/node-forge"
        },
        {
          "url": "https://github.com/digitalbazaar/forge/pull/1124"
        },
        {
          "url": "https://github.com/digitalbazaar/forge"
        },
        {
          "name": "CERT/CC Vulnerability Notice",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://kb.cert.org/vuls/id/521113"
        },
        {
          "name": "Github Security Advisory",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CVE-2025-12816",
      "x_generator": {
        "engine": "VINCE 3.0.29",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12816"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-12816",
    "datePublished": "2025-11-25T19:15:50.243Z",
    "dateReserved": "2025-11-06T17:11:38.255Z",
    "dateUpdated": "2025-11-25T21:04:09.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12969 (GCVE-0-2025-12969)

Vulnerability from cvelistv5 – Published: 2025-11-24 14:41 – Updated: 2026-01-07 15:36

Title

CVE-2025-12969

Summary

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

certcc

References

2 references

URL	Tags
https://fluentbit.io/blog/2025/10/28/security-vul…
https://www.oligo.security/blog/critical-vulnerab…

Impacted products

1 product

Vendor	Product	Version
FluentBit	Fluent Bit	Affected: 0 , < 4.0.13 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-12969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T18:02:22.489781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T18:02:26.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fluent Bit",
          "vendor": "FluentBit",
          "versions": [
            {
              "lessThan": "4.0.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T15:36:49.065Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
        },
        {
          "url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2025-12969",
      "x_generator": {
        "engine": "VINCE 3.0.31",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12969"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-12969",
    "datePublished": "2025-11-24T14:41:05.630Z",
    "dateReserved": "2025-11-10T17:53:38.234Z",
    "dateUpdated": "2026-01-07T15:36:49.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12970 (GCVE-0-2025-12970)

Vulnerability from cvelistv5 – Published: 2025-11-24 14:39 – Updated: 2026-01-07 15:36

Title

CVE-2025-12970

Summary

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

certcc

References

2 references

URL	Tags
https://fluentbit.io/blog/2025/10/28/security-vul…
https://www.oligo.security/blog/critical-vulnerab…

Impacted products

1 product

Vendor	Product	Version
FluentBit	Fluent Bit	Affected: 0 , < 4.0.12 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-12970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T16:59:58.423891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T17:00:03.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fluent Bit",
          "vendor": "FluentBit",
          "versions": [
            {
              "lessThan": "4.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T15:36:41.505Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
        },
        {
          "url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2025-12970",
      "x_generator": {
        "engine": "VINCE 3.0.31",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12970"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-12970",
    "datePublished": "2025-11-24T14:39:52.569Z",
    "dateReserved": "2025-11-10T17:54:00.525Z",
    "dateUpdated": "2026-01-07T15:36:41.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12977 (GCVE-0-2025-12977)

Vulnerability from cvelistv5 – Published: 2025-11-24 14:40 – Updated: 2026-01-07 15:36

Title

CVE-2025-12977

Summary

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-187 - Partial String Comparison

Assigner

certcc

References

2 references

URL	Tags
https://fluentbit.io/blog/2025/10/28/security-vul…
https://www.oligo.security/blog/critical-vulnerab…

Impacted products

1 product

Vendor	Product	Version
FluentBit	Fluent Bit	Affected: 0 , < 4.0.12 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-12977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T19:12:43.890288Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1287",
                "description": "CWE-1287 Improper Validation of Specified Type of Input",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T19:14:10.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fluent Bit",
          "vendor": "FluentBit",
          "versions": [
            {
              "lessThan": "4.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-187: Partial String Comparison",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T15:36:34.434Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"
        },
        {
          "url": "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2025-12977",
      "x_generator": {
        "engine": "VINCE 3.0.31",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-12977"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-12977",
    "datePublished": "2025-11-24T14:40:12.642Z",
    "dateReserved": "2025-11-10T18:57:07.686Z",
    "dateUpdated": "2026-01-07T15:36:34.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13193 (GCVE-0-2025-13193)

Vulnerability from cvelistv5 – Published: 2025-11-17 17:03 – Updated: 2025-11-17 18:40

Title

Libvirt: information disclosure via world-readable vm snapshots

Summary

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-276 - Incorrect Default Permissions

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-13193	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2415409	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
		Affected: 0 , < 11.10.0 (semver)
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Date Public

2025-11-12 00:00

Credits

Red Hat would like to thank Sylvain Beucler for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T18:35:16.032211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T18:40:25.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/libvirt/libvirt",
          "defaultStatus": "unaffected",
          "packageName": "libvirt",
          "versions": [
            {
              "lessThan": "11.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libvirt",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libvirt",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libvirt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:rhel/libvirt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libvirt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Sylvain Beucler for reporting this issue."
        }
      ],
      "datePublic": "2025-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-17T17:29:39.730Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-13193"
        },
        {
          "name": "RHBZ#2415409",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415409"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libvirt: information disclosure via world-readable vm snapshots",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-13193",
    "datePublished": "2025-11-17T17:03:48.291Z",
    "dateReserved": "2025-11-14T15:22:19.540Z",
    "dateUpdated": "2025-11-17T18:40:25.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-1064

Solutions

CVE-2022-50233 (GCVE-0-2022-50233)

CVE-2025-10158 (GCVE-0-2025-10158)

CVE-2025-11230 (GCVE-0-2025-11230)

CVE-2025-11731 (GCVE-0-2025-11731)

CVE-2025-12638 (GCVE-0-2025-12638)

CVE-2025-12816 (GCVE-0-2025-12816)

CVE-2025-12969 (GCVE-0-2025-12969)

CVE-2025-12970 (GCVE-0-2025-12970)

CVE-2025-12977 (GCVE-0-2025-12977)

CVE-2025-13193 (GCVE-0-2025-13193)

Tags

Sightings

Nomenclature