Vulnerability-Lookup

WID-SEC-W-2025-2301

Vulnerability from csaf_certbund - Published: 2025-10-14 22:00 - Updated: 2026-02-23 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service auszuführen.

Betroffene Betriebssysteme: - Linux

CVE-2025-58056

CVE-2025-58057

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://access.redhat.com/errata/RHSA-2025:17563	external
	https://access.redhat.com/errata/RHSA-2025:18076	external
	https://support.hcl-software.com/csm?id=kb_articl…	external
	https://confluence.atlassian.com/security/securit…	external
	https://access.redhat.com/errata/RHSA-2025:19077	external
	https://www.dell.com/support/kbdoc/000385230	external
	https://access.redhat.com/errata/RHSA-2025:21148	external
	https://www.pdfreactor.com/pdfreactor-12-4/	external
	https://www.ibm.com/support/pages/node/7253849	external
	https://access.redhat.com/errata/RHSA-2025:23417	external
	https://www.ibm.com/support/pages/node/7259319	external
	https://access.redhat.com/errata/RHSA-2026:3102	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2301 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2301.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2301 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2301"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advsiory RHSA-2025:17563 vom 2025-10-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:17563"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18076 vom 2025-10-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:18076"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-10-15",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124532"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin",
        "url": "https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:19077 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:19077"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
        "url": "https://www.dell.com/support/kbdoc/000385230"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21148 vom 2025-11-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:21148"
      },
      {
        "category": "external",
        "summary": "PDFreactor ReleaseNotes vom 2025-12-04",
        "url": "https://www.pdfreactor.com/pdfreactor-12-4/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7253849 vom 2025-12-04",
        "url": "https://www.ibm.com/support/pages/node/7253849"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23417 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23417"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259319 vom 2026-01-30",
        "url": "https://www.ibm.com/support/pages/node/7259319"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3102 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3102"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-23T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-24T08:47:19.718+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2301",
      "initial_release_date": "2025-10-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-10-23T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-04T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-11-24T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-03T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-12-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-12-16T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-01T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-02-23T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c11.1.1",
                "product": {
                  "name": "Atlassian Jira \u003c11.1.1",
                  "product_id": "T048027"
                }
              },
              {
                "category": "product_version",
                "name": "11.1.1",
                "product": {
                  "name": "Atlassian Jira 11.1.1",
                  "product_id": "T048027-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:11.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.3.12",
                "product": {
                  "name": "Atlassian Jira \u003c10.3.12",
                  "product_id": "T048028"
                }
              },
              {
                "category": "product_version",
                "name": "10.3.12",
                "product": {
                  "name": "Atlassian Jira 10.3.12",
                  "product_id": "T048028-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:10.3.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.28",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.28",
                  "product_id": "T048029"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.28",
                "product": {
                  "name": "Atlassian Jira 9.12.28",
                  "product_id": "T048029-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.28"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Appliance \u003c5.32.00.18",
                "product": {
                  "name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
                  "product_id": "T048301"
                }
              },
              {
                "category": "product_version",
                "name": "Appliance 5.32.00.18",
                "product": {
                  "name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
                  "product_id": "T048301-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c25.09.17.0",
                "product": {
                  "name": "HCL Commerce \u003c25.09.17.0",
                  "product_id": "T047719"
                }
              },
              {
                "category": "product_version",
                "name": "25.09.17.0",
                "product": {
                  "name": "HCL Commerce 25.09.17.0",
                  "product_id": "T047719-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:25.09.17.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T024464",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:containers"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.2.3.5",
                "product": {
                  "name": "IBM Storage Scale \u003c5.2.3.5",
                  "product_id": "T049116"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.3.5",
                "product": {
                  "name": "IBM Storage Scale 5.2.3.5",
                  "product_id": "T049116-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4",
                "product": {
                  "name": "RealObjects PDFreactor \u003c12.4",
                  "product_id": "T049106"
                }
              },
              {
                "category": "product_version",
                "name": "12.4",
                "product": {
                  "name": "RealObjects PDFreactor 12.4",
                  "product_id": "T049106-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:realobjects:pdfreactor:12.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDFreactor"
          }
        ],
        "category": "vendor",
        "name": "RealObjects"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Quarkus \u003c3.20.3",
                "product": {
                  "name": "Red Hat Enterprise Linux Quarkus \u003c3.20.3",
                  "product_id": "T047646"
                }
              },
              {
                "category": "product_version",
                "name": "Quarkus 3.20.3",
                "product": {
                  "name": "Red Hat Enterprise Linux Quarkus 3.20.3",
                  "product_id": "T047646-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.20.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-58056",
      "product_status": {
        "known_affected": [
          "T047646",
          "67646",
          "T024464",
          "T047719",
          "T048029",
          "T048028",
          "T049106",
          "T048027",
          "T049116",
          "T048301"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-58056"
    },
    {
      "cve": "CVE-2025-58057",
      "product_status": {
        "known_affected": [
          "T047646",
          "67646",
          "T024464",
          "T047719",
          "T048029",
          "T048028",
          "T049106",
          "T048027",
          "T049116",
          "T048301"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-58057"
    }
  ]
}

CVE-2025-58057 (GCVE-0-2025-58057)

Vulnerability from cvelistv5 – Published: 2025-09-03 21:46 – Updated: 2025-09-04 19:59

Title

Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

Summary

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	netty	netty	Affected: <= 4.1.124.Final, < 4.1.125.Final Affected: <= 4.2.4.Final, < 4.2.5.Final

CVE-2025-58056 (GCVE-0-2025-58056)

Vulnerability from cvelistv5 – Published: 2025-09-03 20:56 – Updated: 2025-09-05 18:41

Title

Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

Summary

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.

Severity ?

2.9 (Low)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
	https://github.com/JLLeitschuh/unCVEed/issues/1	x_refsource_MISC
	https://github.com/netty/netty/issues/15522	x_refsource_MISC
	https://github.com/netty/netty/pull/15611	x_refsource_MISC
	https://github.com/netty/netty/commit/edb55fd8e0a…	x_refsource_MISC
	https://datatracker.ietf.org/doc/html/rfc9112#nam…	x_refsource_MISC
	https://w4ke.info/2025/06/18/funky-chunks.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	netty	netty	Affected: >= 4.2.0.Alpha3, < 4.2.5.Final Affected: <= 4.1.124.Final, < 4.1.125.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-04T19:09:52.390986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T19:11:36.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Alpha3, \u003c 4.2.5.Final"
            },
            {
              "status": "affected",
              "version": "\u003c= 4.1.124.Final, \u003c 4.1.125.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T18:41:21.428Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
        },
        {
          "name": "https://github.com/JLLeitschuh/unCVEed/issues/1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
        },
        {
          "name": "https://github.com/netty/netty/issues/15522",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/issues/15522"
        },
        {
          "name": "https://github.com/netty/netty/pull/15611",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/pull/15611"
        },
        {
          "name": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
        },
        {
          "name": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
        },
        {
          "name": "https://w4ke.info/2025/06/18/funky-chunks.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        }
      ],
      "source": {
        "advisory": "GHSA-fghv-69vj-qj49",
        "discovery": "UNKNOWN"
      },
      "title": "Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58056",
    "datePublished": "2025-09-03T20:56:50.732Z",
    "dateReserved": "2025-08-22T14:30:32.221Z",
    "dateUpdated": "2025-09-05T18:41:21.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2301

CVE-2025-58057 (GCVE-0-2025-58057)

CVE-2025-58056 (GCVE-0-2025-58056)

Tags

Sightings

Nomenclature