CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
CVE-2025-13616 (GCVE-0-2025-13616)
Vulnerability from cvelistv5 – Published: 2026-03-03 19:53 – Updated: 2026-03-04 21:15- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7261771 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:15:39.160324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:15:47.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T19:54:05.201Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7261771"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13616",
"datePublished": "2026-03-03T19:53:22.116Z",
"dateReserved": "2025-11-24T19:42:32.953Z",
"dateUpdated": "2026-03-04T21:15:47.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13160 (GCVE-0-2025-13160)
Vulnerability from cvelistv5 – Published: 2025-11-14 03:00 – Updated: 2025-11-14 15:50- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html | third-party-advisory |
| https://www.twcert.org.tw/tw/cp-132-10501-a25a6-1.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| IQ Service International | IQ-Support |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:49:51.899026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:50:07.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IQ-Support",
"vendor": "IQ Service International",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2025-11-14T02:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network."
}
],
"value": "IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T03:00:26.497Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10501-a25a6-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contact the vendor for the update."
}
],
"value": "Contact the vendor for the update."
}
],
"source": {
"advisory": "TVN-202511007",
"discovery": "EXTERNAL"
},
"title": "IQ Service International\uff5cIQ-Support - Exposure of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2025-13160",
"datePublished": "2025-11-14T03:00:26.497Z",
"dateReserved": "2025-11-14T02:35:33.715Z",
"dateUpdated": "2025-11-14T15:50:07.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12779 (GCVE-0-2025-12779)
Vulnerability from cvelistv5 – Published: 2025-11-05 21:20 – Updated: 2026-02-26 17:47- CWE-497 - Access of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | Amazon WorkSpaces |
Unaffected:
2025.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T04:56:10.991021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:11.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Amazon WorkSpaces",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "2025.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "sponsor",
"value": "Visionlink"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user\u0027s authentication token from the shared client machine and access their WorkSpace.\u003cbr\u003e\u003cbr\u003eTo mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.\u003c/p\u003e"
}
],
"value": "Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user\u0027s authentication token from the shared client machine and access their WorkSpace.\n\nTo mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Access of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T18:52:51.286Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-025/"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-12779",
"datePublished": "2025-11-05T21:20:51.567Z",
"dateReserved": "2025-11-05T20:58:46.275Z",
"dateUpdated": "2026-02-26T17:47:11.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11545 (GCVE-0-2025-11545)
Vulnerability from cvelistv5 – Published: 2025-12-22 05:18 – Updated: 2025-12-22 14:32- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T14:32:50.907626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T14:32:57.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NP-PA1705UL-W, NP-PA1705UL-W+, NP-PA1705UL-B, NP-PA1705UL-B+, NP-PA1505UL-W, NP-PA1505UL-W+, NP-PA1505UL-B, NP-PA1505UL-B+, NP-PA1505UL-BJL NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-B, NP-PV800UL-B+, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-B, NP-PV710UL-B+, NP-PV800UL-W1, NP-PV800UL-B1, NP-PV710UL-W1, NP-PV710UL-B1, NP-PV800UL-B1G, NP-PV710UL-B1G, NP-PV800UL-WH, NP-PV710UL-WH, NP-P627UL, NP-P627ULG, NP-P627UL+, NP-P547UL, NP-P547ULG, NP-P607UL+, NP-CG6600UL, NP-H6271UL, NP-H5471UL, NP-P627ULH, NP-P547ULH NP-PV710UL+ NP-PA1004UL-W, NP-PA1004UL-WG, NP-PA1004UL-W+, NP-PA1004UL-WH, NP-PA1004UL-B, NP-PA1004UL-BG, NP-PA1004UL-B+, NP-PA804UL-W, NP-PA804UL-WG, NP-PA804UL-W+, NP-PA804UL-WH, NP-PA804UL-B, NP-PA804UL-BG, NP-PA804UL-B+, NP-PA1004UL-BH, NP-PA804UL-BH, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CG6500XL, NP-CG6400UL, NP-CG6400WL, NP-CB4500XL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME382U, NP-ME382UG, NP-ME402X, NP-ME402XG NP-CU4300XD, NP-CU4200XD, NP-CU4200WD, NP-UM383WL, NP-UM383WLG, NP-CJ2200WD, NP-PH3501QL, NP-PH3501QL+, NP-PH2601QL, NP-PH2601QL+, NP-PH350Q40L, NP-PH260Q30L, NP-PX1005QL-W, NP-PX1005QL-B, NP-PX1005QL-B+, NP-P525UL, NP-P525ULG, NP-P525UL+, NP-P525WL, NP-P525WLG, NP-P525WL+, NP-P605UL, NP-P605ULG, NP-P605UL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "NP-CG6500UL, NP-CG6500WL, NP-CB4500UL, NP-CB4500WL, NP-P525ULH, NP-P525WLH, NP-P605ULH, NP-P554U, NP-P554UG, NP-P554U+, NP-P554W, NP-P554WG, NP-P554W+, NP-P474U, NP-P474UG, NP-P474W, NP-P474WG, NP-P604XG, NP-P604X+, NP-P603XG, NP-P523X+, NP-PE523XG, NP-PE523X+, NP-CF6600U, NP-CF6600W, NP-CF6700X, NP-CF6500X, NP-CB4600U, NP-P554UH, NP-P554WH, NP-P474UH, NP-P474WH, NP-P604XH, NP-P603XH, NP-PE523XH, NP-P502HL-2, NP-P502WL-2, NP-P502HLG-2, NP-P502WLG NP-PA653UL, NP-PA653ULG, NP-PA653UL+, NP-PA803UL, NP-PA803ULG, NP-PA803UL+, NP-PA703UL, NP-PA703ULG, NP-PA703UL+, NP-PA733UL+, NP-PA803U, NP-PA803UG, NP-PA803U+, NP-PA723UG, NP-PA653U, NP-PA653UG, NP-PA653U+, NP-PA853W, NP-PA853WG, NP-PA853W+, NP-PA703WG, NP-PA903X, NP-PA903XG, NP-PA903X+, NP-PA753W+, NP-PA653W+, NP-PA803X+, NP-PA703X+, NP-PA803UH, NP-PA723UH, NP-PA653UH, NP-PA853WH, NP-PA703WH, NP-PA903XH, NP-ME401W, NP-ME361W, NP-ME331W, NP-ME301W, NP-ME401X, NP-ME361X, NP-ME331X, NP-ME301X, NP-ME401WG, NP-ME361WG, NP-ME331WG, NP-ME301WG, NP-ME401XG, NP-ME361XG, NP-ME331XG, NP-ME301XG NP-PX1004UL-WH, NP-PX1004UL-WH+, NP-PX1004UL-BK, NP-PX1004UL-BK+, NP-CA4155W, NP-CA4350X, NP-CA4255X, NP-CA4155X, NP-CA4115X, NP-MC331WG, NP-MC421XG, NP-MC401XG, NP-MC371XG, NP-MC331XG, NP-MC301XG, NP-CK4155W, NP-CK4255X, NP-CK4155X, NP-CK4055X, NP-CM4150X, NP-CM4050X, NP-CK4155WG, NP-CK4255XG, NP-CK4155XG, NP-CR2165W, NP-CR2305X, NP-CR2275X, NP-CR2165X, NP-CR2155X, NP-CD2115X, NP-CD2105X, NP-CM4151X, NP-CR2276X, NP-CD2116X, NP-PA551U+, NP-PA601W+, NP-PA651X+, NP-PX803UL-WH, NP-PX803UL-BK, NP-PX803UL-WH+, NP-PX803UL-BK+, NP-P502H, NP-P502W, NP-P452H",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "NP-P452W, NP-P502HG, NP-P502WG, NP-P452HG, NP-P452WG, NP-P502H+, NP-P502W+, NP-CR5450H, NP-CR5450W, NP-M363W, NP-M323W, NP-M403X, NP-M363X, NP-M323X, NP-M283X, NP-M403WG, NP-M363WG, NP-M323WG, NP-M403XG, NP-M363XG, NP-M323XG, NP-M283XG, NP-M403W+, NP-M363W+, NP-M323W+, NP-M403X+, NP-M363X+, NP-M323X+, NP-M283X+, NP-M403H, NP-M403HG, NP-M323HG, NP-M403H+, NP-M323H+, NP-MC370X+, NP-MC330X+, NP-MC300X+, NP-MC330W+, NP-MC350XS+, NP-MC320XS+, NP-MC280XS+, NP-MC320WS+, NP-CD2100X, NP-CD2110X, NP-CR2150X, NP-CR2160X, NP-CR2270X, NP-M353WS, NP-M333XS, NP-M353WSG, NP-M303WSG, NP-M333XSG, NP-M353WS+, NP-M303WS+, NP-M333XS+, NP-M353HS+, NP-M323HS+, NP-M303HS+, NP-PH1202HL, NP-PH1202HL+, NP-PH1002HL+, NP-PX602UL-WH, NP-PX602UL-BK, NP-PX602WL-WH, NP-PX602WL-BK, NP-PX602UL-WH+, NP-PX602UL-BK+, NP-PX602WL-WH+, NP-PX602WL-BK+, NP-P502HL, NP-P502WL, NP-P502HLG, NP-P502WLG, NP-P502HL+, NP-P502WL+, , NP-CR5450HL, NP-CR5450WL, NP-UM352W, NP-UM352WG, NP-UM352W+, NP-UM361X, NP-UM351W, NP-UM301XG, NP-UM361XG, NP-UM301WG, NP-UM351WG, NP-UM301X+, NP-UM361X+, NP-UM301W+, NP-UM351W+, NP-M322W, NP-M402X, NP-M322XG, NP-M282X, NP-M402WG, NP-M362WG, NP-M322WG, NP-M402XG, NP-M362XG, NP-M322XG, NP-M282XG, NP-M402W+, NP-M362W+, NP-M322W+, NP-M402X+, NP-M362X+, NP-M322X+, NP-M282X+, NP-M402H, NP-M402HG, NP-M402H+, NP-M322H+, NP-M352WS, NP-M332XS, NP-M352WSG, NP-M302WSG, NP-M332XSG, NP-M352WS+, NP-M302WS+, NP-M332XS+, NP-PA721X, NP-PA621X, NP-PA571W, NP-PA671W, NP-PA621U, NP-PA521U, NP-PA721XG, NP-PA621XG, NP-PA571WG, NP-PA671WG, NP-PA621UG, NP-521UG, NP-PA721X+, NP-PA621X+, NP-PA571W+, NP-PA671W+, NP-PA621U+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "NP-PA521U+, NP-PA722X, NP-PA622X, NP-PA572W, NP-PA672W, NP-PA622U, NP-PA522U, NP-PA722XG, NP-PA622XG, NP-PA572WG, NP-PA672WG, NP-PA622UG, NP-522UG, NP-PA722X+, NP-PA622X+, NP-PA572W+, NP-PA672W+, NP-PA622U+, NP-PA522U+, NP-PH1400U, NP-PH1400U+, NP-P501X, NP-P451X, NP-P451W, NP-P401W, NP-P501XG, NP-P451XG, NP-P451WG, NP-P401WG, NP-PE501XG, NP-P501X+, NP-P451X+, NP-P451W+, NP-P401W+, NP-PE501X+, NP-M271X, NP-M311X, NP-M311W, NP-M271XG, NP-M311XG, NP-M361XG, NP-M271WG, NP-M311WG, NP-M271W+, NP-M311W+, NP-UM330X, NP-UM330W, NP-UM280XG, NP-UM330XG, NP-UM280WG, NP-UM330WG, NP-UM280X+, NP-UM330X+, NP-UM280W+, NP-UM330W+, NP-PH100U, NP-PH1000U+, NP-PX750U, NP-PX700W, NP-PX800X, NP-PX750UG, NP-PX700WG, NP-PX800XG, NP-PX750U+, NP-PX700W+, NP-PX800X+, NP-PX750U2, NP-PX700W2, NP-PX800X2, NP-PX750UG2, NP-PX700WG2, NP-PX800XG2, NP-PA600X, NP-PA500X, NP-PA550W, NP-PA500U, NP-PA600XG, NP-PA500XG, NP-PA550WG, NP-PA500UG, NP-PA600X+, NP-PA500X+, NP-PA550W+, NP-PA500U+ NP-M280XS+, NP-M320XS+, NP-M350XS+, NP-M350XSG, NP-M300XS+, NP-M300XSG, NP-M300XS, NP-M300WS+, NP-M300WSG, NP-M300WS, NP-M260WS+, NP-M260WSG, NP-M260XS+, NP-M260XSG, NP-P420X+, NP-P420XG, NP-P420X, NP-P350X+, NP-P350XG, NP-P350X, NP-P350WA, NP-P350WG, NP-P350W, NP-M350X, NP-M300X, NP-M260X, NP-M230X, NP-M300W, NP-M260W, NP-M350XG, NP-M300XG, NP-M260XG, NP-M230XG, NP-M300WG, NP-M260WG, NP-M350X+, NP-M300X+, NP-M260X+, NP-M230X+, NP-M300W+, NP-M260W+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Pahl of University Luxembourg"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions."
}
],
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T05:18:58.492Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11545.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2025-11545",
"datePublished": "2025-12-22T05:18:58.492Z",
"dateReserved": "2025-10-09T06:46:44.715Z",
"dateUpdated": "2025-12-22T14:32:57.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11151 (GCVE-0-2025-11151)
Vulnerability from cvelistv5 – Published: 2025-10-21 13:15 – Updated: 2026-06-04 19:42| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-25-0351 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. | CityPLus |
Affected:
0 , < V24.29500.1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T13:41:11.361615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:08:10.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CityPLus",
"vendor": "Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co.",
"versions": [
{
"lessThan": "V24.29500.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleyna KABAL"
}
],
"datePublic": "2025-10-21T12:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.\u003cp\u003eThis issue affects CityPLus: before V24.29500.1.0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.\n\nThis issue affects CityPLus: before V24.29500.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-143",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-143 Detect Unpublicized Web Pages"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T19:42:25.194Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0351"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0351"
}
],
"source": {
"advisory": "TR-25-0351",
"defect": [
"TR-25-0351"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Beyaz Computer\u0027s CityPLus",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-11151",
"datePublished": "2025-10-21T13:15:39.524Z",
"dateReserved": "2025-09-29T10:54:50.571Z",
"dateUpdated": "2026-06-04T19:42:25.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10264 (GCVE-0-2025-10264)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:06 – Updated: 2025-09-12 15:52- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Digiever | DS-1200 |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-2100 Pro |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-2100 Pro+ |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-2100 UHD |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-2200 UHD |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-2200 UHD+ |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-4200 Pro |
Affected:
0 , ≤ *.*.*.78
(custom)
|
|
| Digiever | DS-4200 Pro+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-4200 UHD |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-4200 UHD+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-4100-RM |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-4200-RM Pro+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-4200-RM UHD |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-8x00-RM Pro+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-8x00-SRM Pro+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-8x00-RM UHD |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-16x00-RM Pro+ |
Affected:
0 , ≤ x.x.x.78
(custom)
|
|
| Digiever | DS-16x00-RM UHD |
Affected:
0 , ≤ x.x.x.78
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T15:49:49.277357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T15:52:40.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DS-1200",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-2100 Pro",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-2100 Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-2100 UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-2200 UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-2200 UHD+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200 Pro",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "*.*.*.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200 Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200 UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200 UHD+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4100-RM",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200-RM Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-4200-RM UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-8x00-RM Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-8x00-SRM Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-8x00-RM UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-16x00-RM Pro+",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DS-16x00-RM UHD",
"vendor": "Digiever",
"versions": [
{
"lessThanOrEqual": "x.x.x.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-12T09:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras."
}
],
"value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:06:12.163Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update firmware version to x.x.x.79 and later"
}
],
"value": "Update firmware version to x.x.x.79 and later"
}
],
"source": {
"advisory": "TVN-202509001",
"discovery": "EXTERNAL"
},
"title": "Digiever\uff5cNVR - Exposure of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2025-10264",
"datePublished": "2025-09-12T10:06:12.163Z",
"dateReserved": "2025-09-11T11:42:41.676Z",
"dateUpdated": "2025-09-12T15:52:40.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9986 (GCVE-0-2025-9986)
Vulnerability from cvelistv5 – Published: 2026-02-11 08:34 – Updated: 2026-06-05 11:00- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0056 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Vadi Corporate Information Systems Ltd. Co. | DIGIKENT |
Affected:
0 , ≤ 13092025
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:20:43.320650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:21:02.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIGIKENT",
"vendor": "Vadi Corporate Information Systems Ltd. Co.",
"versions": [
{
"lessThanOrEqual": "13092025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferhat U\u00c7AR"
}
],
"datePublic": "2026-02-11T08:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\u003cp\u003eThis issue affects DIGIKENT: through 13092025.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\n\nThis issue affects DIGIKENT: through 13092025."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T11:00:55.226Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0056"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0056"
}
],
"source": {
"advisory": "TR-26-0056",
"defect": [
"TR-26-0056"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Vadi Corporate Information System\u0027s DIGIKENT",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-9986",
"datePublished": "2026-02-11T08:34:13.377Z",
"dateReserved": "2025-09-04T13:43:47.685Z",
"dateUpdated": "2026-06-05T11:00:55.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9364 (GCVE-0-2025-9364)
Vulnerability from cvelistv5 – Published: 2025-09-09 12:41 – Updated: 2025-09-09 13:36- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk® Analytics™ LogixAI® |
Affected:
Versions 3.00 and 3.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:36:25.672379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:36:31.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk\u00ae Analytics\u2122 LogixAI\u00ae",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Versions 3.00 and 3.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:41:24.092Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1748.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersion 3.02 and later\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Upgrade to\u00a0\n\nVersion 3.02 and later"
}
],
"source": {
"advisory": "SD1748",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation FactoryTalk\u00ae Analytics\u2122 LogixAI\u00ae Exposed Redis DB",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9364",
"datePublished": "2025-09-09T12:41:23.124Z",
"dateReserved": "2025-08-22T15:52:49.830Z",
"dateUpdated": "2025-09-09T13:36:31.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9110 (GCVE-0-2025-9110)
Vulnerability from cvelistv5 – Published: 2026-01-02 15:17 – Updated: 2026-01-02 19:14| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QTS |
Affected:
5.2.x , < 5.2.8.3332 build 20251128
(custom)
|
|
| QNAP Systems Inc. | QuTS hero |
Affected:
h5.2.x , < h5.2.8.3321 build 20251117
(custom)
Affected: h5.3.x , < h5.3.1.3250 build 20250912 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T19:14:27.110080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T19:14:42.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.2.8.3332 build 20251128",
"status": "affected",
"version": "5.2.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.2.8.3321 build 20251117",
"status": "affected",
"version": "h5.2.x",
"versionType": "custom"
},
{
"lessThan": "h5.3.1.3250 build 20250912",
"status": "affected",
"version": "h5.3.x",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.8.3332_build_20251128",
"versionStartIncluding": "5.2.x",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "h5.2.8.3321_build_20251117",
"versionStartIncluding": "h5.2.x",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "h5.3.1.3250_build_20250912",
"versionStartIncluding": "h5.3.x",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nanyu Zhong @ VARAS IIE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.8.3332 build 20251128 and later\u003cbr\u003eQuTS hero h5.2.8.3321 build 20251117 and later\u003cbr\u003eQuTS hero h5.3.1.3250 build 20250912 and later\u003cbr\u003e"
}
],
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later\nQuTS hero h5.3.1.3250 build 20250912 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T15:17:29.481Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-51"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.8.3332 build 20251128 and later\u003cbr\u003eQuTS hero h5.2.8.3321 build 20251117 and later\u003cbr\u003eQuTS hero h5.3.1.3250 build 20250912 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later\nQuTS hero h5.3.1.3250 build 20250912 and later"
}
],
"source": {
"advisory": "QSA-25-51",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2025-9110",
"datePublished": "2026-01-02T15:17:29.481Z",
"dateReserved": "2025-08-18T08:29:16.532Z",
"dateUpdated": "2026-01-02T19:14:42.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8700 (GCVE-0-2025-8700)
Vulnerability from cvelistv5 – Published: 2025-08-26 12:23 – Updated: 2025-08-26 13:48 X_Open Source- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/08/tcc-bypass/ | third-party-advisory |
| https://invoiceninja.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| Invoice Ninja | Invoice Ninja |
Affected:
0 , < 5.0.175
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T13:25:40.807054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:48:30.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Invoice Ninja",
"repo": "https://github.com/invoiceninja/invoiceninja",
"vendor": "Invoice Ninja",
"versions": [
{
"lessThan": "5.0.175",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek - AFINE Team"
}
],
"datePublic": "2025-08-26T17:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eInvoice Ninja\u0027s configuration on macOS, specifically the presence of entitlement \"com.apple.security.get-task-allow\", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application\u0027s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission.\u003c/div\u003e\u003cdiv\u003eAccording to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator\u0027s credentials. Since there is no prompt when the target process has \"get-task-allow\" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack.\u003c/div\u003e\u003cbr\u003eThis issue was fixed in version 5.0.175\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Invoice Ninja\u0027s configuration on macOS, specifically the presence of entitlement \"com.apple.security.get-task-allow\", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application\u0027s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission.\n\nAccording to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator\u0027s credentials. Since there is no prompt when the target process has \"get-task-allow\" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack.\n\n\nThis issue was fixed in version 5.0.175"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T12:23:04.838Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/08/tcc-bypass/"
},
{
"tags": [
"product"
],
"url": "https://invoiceninja.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "Privilege Escalation via get-task-allow entitlement in Invoice Ninja",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-8700",
"datePublished": "2025-08-26T12:23:04.838Z",
"dateReserved": "2025-08-07T11:58:23.461Z",
"dateUpdated": "2025-08-26T13:48:30.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.