Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58751 (GCVE-0-2025-58751)
Vulnerability from cvelistv5 – Published: 2025-09-08 22:52 – Updated: 2025-09-09 13:29
VLAI?
EPSS
Title
Vite middleware may serve files starting with the same name with the public directory
Summary
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58751",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:14:11.634879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:29:36.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vite",
"vendor": "vitejs",
"versions": [
{
"status": "affected",
"version": "\u003c 5.4.20"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.3.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.7"
},
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T22:52:45.667Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c"
},
{
"name": "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb"
},
{
"name": "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d"
},
{
"name": "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069"
},
{
"name": "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec"
},
{
"name": "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0"
}
],
"source": {
"advisory": "GHSA-g4jq-h2w9-997c",
"discovery": "UNKNOWN"
},
"title": "Vite middleware may serve files starting with the same name with the public directory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58751",
"datePublished": "2025-09-08T22:52:45.667Z",
"dateReserved": "2025-09-04T19:18:09.499Z",
"dateUpdated": "2025-09-09T13:29:36.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58751\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-08T23:15:36.170\",\"lastModified\":\"2025-09-17T16:21:36.240\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.4.20\",\"matchCriteriaId\":\"13E92502-B45B-4A7C-AAE8-EB7B3493A2F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.3.6\",\"matchCriteriaId\":\"B5BEE525-08BD-4738-9024-73D2493BE34B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.7\",\"matchCriteriaId\":\"C93A2AA0-54A9-4CE2-8DB0-B4E82639590D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.5\",\"matchCriteriaId\":\"ABA0FA0A-9B22-440B-8B61-1A7B98527917\"}]}]}],\"references\":[{\"url\":\"https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Vite middleware may serve files starting with the same name with the public directory\", \"source\": {\"advisory\": \"GHSA-g4jq-h2w9-997c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"vitejs\", \"product\": \"vite\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.4.20\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.3.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.0.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.1.0, \u003c 7.1.5\"}]}], \"references\": [{\"url\": \"https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c\", \"name\": \"https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb\", \"name\": \"https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d\", \"name\": \"https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069\", \"name\": \"https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec\", \"name\": \"https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\", \"name\": \"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-08T22:52:45.667Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58751\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-09T13:14:11.634879Z\"}}}], \"references\": [{\"url\": \"https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-09-09T13:14:15.540Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58751\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-08T22:52:45.667Z\", \"dateReserved\": \"2025-09-04T19:18:09.499Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-08T22:52:45.667Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-58751
Vulnerability from fkie_nvd - Published: 2025-09-08 23:15 - Updated: 2025-09-17 16:21
Severity ?
Summary
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "13E92502-B45B-4A7C-AAE8-EB7B3493A2F6",
"versionEndExcluding": "5.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B5BEE525-08BD-4738-9024-73D2493BE34B",
"versionEndExcluding": "6.3.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C93A2AA0-54A9-4CE2-8DB0-B4E82639590D",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "ABA0FA0A-9B22-440B-8B61-1A7B98527917",
"versionEndExcluding": "7.1.5",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue."
}
],
"id": "CVE-2025-58751",
"lastModified": "2025-09-17T16:21:36.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-08T23:15:36.170",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-G4JQ-H2W9-997C
Vulnerability from github – Published: 2025-09-09 20:55 – Updated: 2025-09-09 20:55
VLAI?
Summary
Vite middleware may serve files starting with the same name with the public directory
Details
Summary
Files starting with the same name with the public directory were served bypassing the server.fs settings.
Impact
Only apps that match the following conditions are affected:
- explicitly exposes the Vite dev server to the network (using --host or
server.hostconfig option) - uses the public directory feature (enabled by default)
- a symlink exists in the public directory
Details
The servePublicMiddleware function is in charge of serving public files from the server. It returns the viteServePublicMiddleware function which runs the needed tests and serves the page. The viteServePublicMiddleware function checks if the publicFiles variable is defined, and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. publicFiles may be undefined if there is a symbolic link anywhere inside the public directory. In that case, every requested page will be passed to the public serving function. The serving function is based on the sirv library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware disables this functionality since public pages are meant to be available always, regardless of whether they are in the allow or deny list.
In the case of public pages, the serving function is provided with the path to the public directory as a root directory. The code of the sirv library uses the join function to get the full path to the requested file. For example, if the public directory is "/www/public", and the requested file is "myfile", the code will join them to the string "/www/public/myfile". The code will then pass this string to the normalize function. Afterwards, the code will use the string's startsWith function to determine whether the created path is within the given directory or not. Only if it is, it will be served.
Since sirv trims the trailing slash of the public directory, the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at "/www", and the public directory is at "/www/p", if the created path will be "/www/private.txt", the startsWith function will still return true, because the string "/www/private.txt" starts with "/www/p". To achieve this, the attacker will use ".." to ask for the file "../private.txt". The code will then join it to the "/www/p" string, and will receive "/www/p/../private.txt". Then, the normalize function will return "/www/private.txt", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that).
PoC
Execute the following shell commands:
npm create vite@latest
cd vite-project/
mkdir p
cd p
ln -s a b
cd ..
echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.js
echo "secret" > private.txt
npm install
npm run dev
Then, in a different shell, run the following command:
curl -v --path-as-is 'http://localhost:5173/private.txt'
You will receive a 403 HTTP Response, because private.txt is denied.
Now in the same shell run the following command:
curl -v --path-as-is 'http://localhost:5173/../private.txt'
You will receive the contents of private.txt.
Related links
- https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.1.4"
},
"package": {
"ecosystem": "npm",
"name": "vite"
},
"ranges": [
{
"events": [
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.6"
},
"package": {
"ecosystem": "npm",
"name": "vite"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.3.5"
},
"package": {
"ecosystem": "npm",
"name": "vite"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.3.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.4.19"
},
"package": {
"ecosystem": "npm",
"name": "vite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.4.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58751"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-22",
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-09T20:55:56Z",
"nvd_published_at": "2025-09-08T23:15:36Z",
"severity": "LOW"
},
"details": "### Summary\nFiles starting with the same name with the public directory were served bypassing the `server.fs` settings.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default)\n- a symlink exists in the public directory\n\n### Details\nThe [servePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list.\n\nIn the case of public pages, the serving function is [provided with the path to the public directory](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is \"/www/public\", and the requested file is \"myfile\", the code will join them to the string \"/www/public/myfile\". The code will then pass this string to the normalize function. Afterwards, the code will [use the string\u0027s startsWith function](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served.\n\nSince [sirv trims the trailing slash of the public directory](https://github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string\u0027s startsWith function may return true even if the created path is not within the public directory. For example, if the server\u0027s root is at \"/www\", and the public directory is at \"/www/p\", if the created path will be \"/www/private.txt\", the startsWith function will still return true, because the string \"/www/private.txt\" starts with\u00a0 \"/www/p\". To achieve this, the attacker will use \"..\" to ask for the file \"../private.txt\". The code will then join it to the \"/www/p\" string, and will receive \"/www/p/../private.txt\". Then, the normalize function will return \"/www/private.txt\", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn\u0027t check that).\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm create vite@latest\ncd vite-project/\nmkdir p\ncd p\nln -s a b\ncd ..\necho \u0027import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({publicDir: path.resolve(__dirname, \"p/\"), server: {fs: {deny: [path.resolve(__dirname, \"private.txt\")]}}})\u0027 \u003e vite.config.js\necho \"secret\" \u003e private.txt\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is \u0027http://localhost:5173/private.txt\u0027`\n\nYou will receive a 403 HTTP Response,\u00a0 because private.txt is denied.\n\nNow in the same shell run the following command:\n\n`curl -v --path-as-is \u0027http://localhost:5173/../private.txt\u0027`\n\nYou will receive the contents of private.txt.\n\n### Related links\n- https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
"id": "GHSA-g4jq-h2w9-997c",
"modified": "2025-09-09T20:55:56Z",
"published": "2025-09-09T20:55:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58751"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb"
},
{
"type": "WEB",
"url": "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d"
},
{
"type": "WEB",
"url": "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069"
},
{
"type": "WEB",
"url": "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec"
},
{
"type": "WEB",
"url": "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0"
},
{
"type": "PACKAGE",
"url": "https://github.com/vitejs/vite"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Vite middleware may serve files starting with the same name with the public directory"
}
NCSC-2026-0079
Vulnerability from csaf_ncscnl - Published: 2026-03-10 12:39 - Updated: 2026-03-10 12:39Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Heliox, Ruggedcom, SICAM, SIDIS en SIMATIC.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (root/admin rechten)
- Toegang tot systeemgegevens
- Verhogen van rechten
Voor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende toegang hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23
Relative Path Traversal
CWE-73
External Control of File Name or Path
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-121
Stack-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-134
Use of Externally-Controlled Format String
CWE-179
Incorrect Behavior Order: Early Validation
CWE-184
Incomplete List of Disallowed Inputs
CWE-190
Integer Overflow or Wraparound
CWE-197
Numeric Truncation Error
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-203
Observable Discrepancy
CWE-208
Observable Timing Discrepancy
CWE-284
Improper Access Control
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-295
Improper Certificate Validation
CWE-330
Use of Insufficiently Random Values
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-436
Interpretation Conflict
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CWE-937
CWE-937
CWE-940
Improper Verification of Source of a Communication Channel
CWE-1035
CWE-1035
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1333
Inefficient Regular Expression Complexity
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Heliox, Ruggedcom, SICAM, SIDIS en SIMATIC.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Verhogen van rechten\n\nVoor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende toegang hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "general",
"text": "Incorrect Behavior Order: Early Validation",
"title": "CWE-179"
},
{
"category": "general",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Use of Insufficiently Random Values",
"title": "CWE-330"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Interpretation Conflict",
"title": "CWE-436"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Restriction of Communication Channel to Intended Endpoints",
"title": "CWE-923"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-126399.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-452276.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-903736.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2026-03-10T12:39:14.474522Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0079",
"initial_release_date": "2026-03-10T12:39:14.474522Z",
"revision_history": [
{
"date": "2026-03-10T12:39:14.474522Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Heliox Flex 180 kW EV Charging Station"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Heliox Mobile DC 40 kW EV Charging Station"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "SICAM SIAPP SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-37"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-38"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-39"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-40"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-41"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-42"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-43"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-44"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-45"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-46"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-47"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-48"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-49"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-50"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-51"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-52"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-53"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-54"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-55"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-56"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-57"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-58"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-59"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-60"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-61"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-62"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-63"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-64"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-65"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-66"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-67"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-68"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-69"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-70"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-71"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-72"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-73"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-74"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-75"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-76"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-77"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-78"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-79"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-80"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-81"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-82"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-83"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-84"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-85"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-86"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-87"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-88"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-89"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-90"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-91"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-92"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-93"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-94"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-95"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-96"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-97"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-98"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-99"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-100"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-101"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-102"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-103"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-104"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-105"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-106"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-107"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-108"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-109"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S F V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-110"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S F V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-111"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S F V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-112"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-113"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-114"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1507S V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-115"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S F V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-116"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S F V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-117"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S F V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-118"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S T V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-119"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S TF V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-120"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-121"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-122"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller CPU 1508S V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-123"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller Linux V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-124"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller Linux V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-125"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-126"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Utilities Application Framework, Fusion Middleware, and WebLogic Server, allow unauthenticated attackers to execute denial of service attacks, with CVSS scores of 7.5 and varying damage ratings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29857 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-29857.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-30171",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Utilities, WebLogic Server, and Bouncy Castle libraries allow for denial of service attacks and sensitive data leakage through timing side-channel exploits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30171 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-30171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2024-30171"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Utilities Application Framework, WebLogic Server, and Business Intelligence Enterprise Edition, as well as Bouncy Castle libraries, allow unauthenticated attackers to induce denial of service, with CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30172 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-30172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-41996",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "A vulnerability in the Diffie-Hellman Key Agreement Protocol in OpenSSL allows remote attackers to cause excessive server-side computational load by exploiting public key order validation with approved safe primes, addressed in updates fixing CVE-2023-50782 and CVE-2024-41996.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2024-41996"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository and Oracle Siebel CRM Cloud Applications allow unauthenticated attackers full system compromise, while multiple SQLite-related flaws affect various products including NetApp and Apple software, causing memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "other",
"text": "Use of Insufficiently Random Values",
"title": "CWE-330"
},
{
"category": "description",
"text": "The form-data library\u0027s use of predictable random number generation for boundary values poses security risks, while vulnerabilities in HPE products allow for Remote Code Execution and Local Authentication Bypass.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7783 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple OpenSSL versions have an out-of-bounds read/write vulnerability in RFC 3211 KEK unwrap related to password-based CMS decryption, with moderate severity due to low exploit likelihood, affecting products including NetApp, Oracle, and SAP components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A low-severity out-of-bounds read vulnerability in OpenSSL HTTP client API occurs when the \u0027no_proxy\u0027 environment variable is set and the HTTP URL contains an IPv6 address, causing denial of service via application crash in multiple products including Oracle PeopleSoft and NetApp devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9232 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9232.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-9670",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A security vulnerability in mixmark-io turndown up to version 7.2.1 allows remote attackers to exploit inefficient regular expression complexity in src/commonmark-rules.js, with a public exploit available.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9670 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9670.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-9670"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"notes": [
{
"category": "other",
"text": "Interpretation Conflict",
"title": "CWE-436"
},
{
"category": "other",
"text": "Incorrect Behavior Order: Early Validation",
"title": "CWE-179"
},
{
"category": "description",
"text": "This update addresses multiple golang exporter upgrades, fixes critical CVE-2025-12816 in Prometheus related to ASN.1 validation bypass in node-forge \u22641.3.1, and includes various bug fixes and optimizations across components like grafana, spacecmd, and uyuni-tools.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12816 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The qs library\u0027s `arrayLimit` option fails to enforce limits on bracket notation arrays, enabling denial-of-service attacks via memory exhaustion by parsing large arrays from user input.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15284 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15284.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-27769",
"cwe": {
"id": "CWE-923",
"name": "Improper Restriction of Communication Channel to Intended Endpoints"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Communication Channel to Intended Endpoints",
"title": "CWE-923"
},
{
"category": "description",
"text": "Affected devices exhibit improper access control, enabling attackers to potentially access unauthorized services via the charging cable interface.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27769 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27769.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-27769"
},
{
"cve": "CVE-2025-40943",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Certain devices contain a vulnerability where trace files are insufficiently sanitized, enabling attackers to execute code by deceiving users into importing malicious trace files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-40943"
},
{
"cve": "CVE-2025-55018",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "An HTTP request smuggling vulnerability in Fortinet FortiOS allows unauthenticated attackers to bypass firewall policies by sending specially crafted headers, potentially compromising security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-55018"
},
{
"cve": "CVE-2025-58751",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Certain Vite applications allowed files in the public directory to be served without following `server.fs` settings, particularly when exposed to the network, with specific versions addressing this issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58751 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58751.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-58751"
},
{
"cve": "CVE-2025-58752",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20 contained a low-severity vulnerability allowing unauthorized access to HTML files outside configured directories via path traversal when the dev or preview server was exposed and appType was \u0027spa\u0027 or \u0027mpa\u0027.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58752 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-58752"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Axios is vulnerable to denial of service attacks due to unbounded memory allocation for `data:` URIs in versions prior to 0.30.2 and 1.12.0, with additional security issues noted in HPE and Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58754 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58754.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-62439",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "description",
"text": "A vulnerability in Fortinet FortiOS versions 7.0 through 7.6.4, specifically in the FSSO Terminal Services Agent, allows an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests due to improper verification of the communication channel source.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-62439 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62439.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-62439"
},
{
"cve": "CVE-2025-62522",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Vite versions from 2.9.18 to 7.1.11 had a vulnerability on Windows allowing access to files denied by `server.fs.deny` if the URL ended with `\\\\`, which has been patched in later releases.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-62522 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62522.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-62522"
},
{
"cve": "CVE-2025-64157",
"cwe": {
"id": "CWE-134",
"name": "Use of Externally-Controlled Format String"
},
"notes": [
{
"category": "other",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "description",
"text": "Fortinet FortiOS versions 7.0 through 7.6.4, including FortiGate devices, contain a CWE-134 externally-controlled format string vulnerability that allows an authenticated admin to execute unauthorized code or commands via crafted configurations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64157 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64157.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-64157"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in js-yaml, Oracle Communications Unified Assurance, and HPE Telco software, allowing for prototype pollution and unauthorized access, with varying severity and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "The glob CLI has a command injection vulnerability in its `-c/--cmd` option, allowing arbitrary command execution through malicious filenames, which has been patched in versions 10.5.0 and 11.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64756 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-66030",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An Integer Overflow vulnerability in node-forge versions up to 1.3.1 allows remote attackers to craft ASN.1 OIDs with oversized arcs that bypass security controls via 32-bit truncation, fixed in version 1.3.2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66030 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66030.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-66030"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below allows remote attackers to exploit ASN.1 structures, leading to Denial-of-Service via stack exhaustion during TLS connections or certificate parsing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66031 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66031.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-66031"
},
{
"cve": "CVE-2025-66035",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The document outlines a vulnerability in Angular\u0027s HttpClient that allows unauthorized disclosure of the XSRF token due to improper handling of protocol-relative URLs, affecting versions prior to 19.2.16, 20.3.14, and 21.0.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66035 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66035.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-66035"
},
{
"cve": "CVE-2025-66412",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "A Stored Cross-Site Scripting vulnerability in Angular Template Compiler prior to versions 21.0.2, 20.3.15, and 19.2.17 allows attackers to inject malicious scripts via improperly validated URL attributes and SVG elements.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66412 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66412.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-66412"
},
{
"cve": "CVE-2025-69277",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "other",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Libsodium versions prior to ad3004e contain vulnerabilities in the crypto_core_ed25519_is_valid_point function that cause improper validation of elliptic curve points, potentially allowing security bypasses in custom cryptographic scenarios.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-69277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-69277.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2025-69277"
},
{
"cve": "CVE-2026-22610",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "A Cross-Site Scripting (XSS) vulnerability in the Angular Template Compiler allows for arbitrary JavaScript execution via improperly sanitized SVG `\u003cscript\u003e` attributes, affecting several Red Hat products with a moderate severity rating.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22610 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22610.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-22610"
},
{
"cve": "CVE-2026-24858",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "description",
"text": "Multiple Fortinet products including FortiAnalyzer, FortiManager, FortiOS, and FortiProxy have an authentication bypass vulnerability exploitable via FortiCloud SSO, allowing attackers with FortiCloud credentials to access other users\u0027 devices.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-24858 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-24858.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-24858"
},
{
"cve": "CVE-2026-25569",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "An out-of-bounds write vulnerability in the SICAM SIAPP SDK could allow attackers to cause denial of service or execute arbitrary code, posing significant security risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25569 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25569.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25569"
},
{
"cve": "CVE-2026-25570",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "The SICAM SIAPP SDK contains a vulnerability caused by insufficient input validation, which may result in stack overflow, enabling potential code execution and denial of service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25570 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25570.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25570"
},
{
"cve": "CVE-2026-25571",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "description",
"text": "The SICAM SIAPP SDK client component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25571"
},
{
"cve": "CVE-2026-25572",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "description",
"text": "The SICAM SIAPP SDK server component contains a stack overflow vulnerability caused by insufficient maximum length checks on certain variables, which can result in process crashes and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25572 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25572.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25572"
},
{
"cve": "CVE-2026-25573",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "The application executes shell commands constructed from user input, exposing it to command injection vulnerabilities that can lead to full system compromise.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25573 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25573"
},
{
"cve": "CVE-2026-25605",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "The application fails to properly validate file paths during deletion, enabling attackers to delete authorized files or sockets, potentially causing service disruption or denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-25605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126"
]
}
],
"title": "CVE-2026-25605"
}
]
}
SSA-485750
Vulnerability from csaf_siemens - Published: 2026-03-10 00:00 - Updated: 2026-03-10 00:00Summary
SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800
Notes
Summary
SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below.
Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
},
{
"category": "self",
"summary": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-485750.json"
}
],
"title": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800",
"tracking": {
"current_release_date": "2026-03-10T00:00:00.000Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-485750",
"initial_release_date": "2026-03-10T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-10T00:00:00.000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.0.800",
"product": {
"name": "SIDIS Prime",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-30171",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-30171"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-41996",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41996"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "summary",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\r\n\r\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-9670",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9670"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"notes": [
{
"category": "summary",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1\u0026a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1\u0026a[1]=2) but completely bypasses it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\n\n\n\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\n\n\n\n\n\nTest 2 - DoS demonstration:\n\nconst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length); // Output: 10000 (should be max 100)\n\n\n\n\n\nConfiguration:\n\n * arrayLimit: 5\u00a0(test 1) or arrayLimit: 100\u00a0(test 2)\n * Use bracket notation: a[]=value\u00a0(not indexed a[0]=value)\n\n\nImpactDenial of Service via memory exhaustion. Affects applications using qs.parse()\u00a0with user-controlled input and arrayLimit\u00a0for protection.\n\nAttack scenario:\n\n * Attacker sends HTTP request: GET /api/search?filters[]=x\u0026filters[]=x\u0026...\u0026filters[]=x\u00a0(100,000+ times)\n * Application parses with qs.parse(query, { arrayLimit: 100 })\n * qs ignores limit, parses all 100,000 elements into array\n * Server memory exhausted \u2192 application crashes or becomes unresponsive\n * Service unavailable for all users\nReal-world impact:\n\n * Single malicious request can crash server\n * No authentication required\n * Easy to automate and scale\n * Affects any endpoint parsing query strings with bracket notation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-58751",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58751"
},
{
"cve": "CVE-2025-58752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: \u0027spa\u0027` (default) or `appType: \u0027mpa\u0027` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58752"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-62522",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with \\ when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-62522"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "summary",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-66030",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66030"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66031"
},
{
"cve": "CVE-2025-66035",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular\u0027s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66035"
},
{
"cve": "CVE-2025-66412",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66412"
},
{
"cve": "CVE-2025-69277",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-69277"
},
{
"cve": "CVE-2026-22610",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG \u003cscript\u003e elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2026-22610"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…