CVE-2025-8580 (GCVE-0-2025-8580)
Vulnerability from
Published
2025-08-07 01:30
Modified
2025-08-07 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T13:30:08.852332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T13:31:14.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "139.0.7258.66",
"status": "affected",
"version": "139.0.7258.66",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T01:30:39.448Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/411544197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-8580",
"datePublished": "2025-08-07T01:30:39.448Z",
"dateReserved": "2025-08-05T02:46:28.422Z",
"dateUpdated": "2025-08-07T13:31:14.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8581 (GCVE-0-2025-8581)
Vulnerability from
Published
2025-08-07 01:30
Modified
2025-08-07 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T13:27:01.290820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T13:29:32.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "139.0.7258.66",
"status": "affected",
"version": "139.0.7258.66",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T01:30:39.671Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/416942878"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-8581",
"datePublished": "2025-08-07T01:30:39.671Z",
"dateReserved": "2025-08-05T02:46:28.612Z",
"dateUpdated": "2025-08-07T13:29:32.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8583 (GCVE-0-2025-8583)
Vulnerability from
Published
2025-08-07 01:30
Modified
2025-08-07 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T13:18:15.966467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T13:20:06.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "139.0.7258.66",
"status": "affected",
"version": "139.0.7258.66",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T01:30:40.083Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/373794472"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-8583",
"datePublished": "2025-08-07T01:30:40.083Z",
"dateReserved": "2025-08-05T02:46:28.879Z",
"dateUpdated": "2025-08-07T13:20:06.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8292 (GCVE-0-2025-8292)
Vulnerability from
Published
2025-07-30 01:18
Modified
2025-07-31 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T03:55:56.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "138.0.7204.183",
"status": "affected",
"version": "138.0.7204.183",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:18:27.241Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html"
},
{
"url": "https://issues.chromium.org/issues/426054987"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-8292",
"datePublished": "2025-07-30T01:18:27.241Z",
"dateReserved": "2025-07-28T21:37:30.884Z",
"dateUpdated": "2025-07-31T03:55:56.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5199 (GCVE-0-2025-5199)
Vulnerability from
Published
2025-07-11 23:21
Modified
2025-07-14 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5199",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:45:10.993022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:12:58.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/canonical/multipass/security/advisories/GHSA-2j82-p5cq-62p3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Multipass",
"platforms": [
"MacOS"
],
"product": "Multipass",
"repo": "https://github.com/canonical/multipass",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Isaac Ordonez"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup."
}
],
"value": "In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T23:21:30.996Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/canonical/multipass/security/advisories/GHSA-2j82-p5cq-62p3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/multipass/pull/4115"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LPE on Multipass for macOS"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2025-5199",
"datePublished": "2025-07-11T23:21:30.996Z",
"dateReserved": "2025-05-26T12:29:30.522Z",
"dateUpdated": "2025-07-14T20:12:58.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30399 (GCVE-0-2025-30399)
Vulnerability from
Published
2025-06-13 01:08
Modified
2025-07-11 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | PowerShell 7.4 |
Version: 7.4.0 < 7.4.11 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:46:01.058158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:46:09.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.17",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.4.11",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.5.2",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.17",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:36:12.015Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-30399",
"datePublished": "2025-06-13T01:08:00.208Z",
"dateReserved": "2025-03-21T19:09:29.816Z",
"dateUpdated": "2025-07-11T16:36:12.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47136 (GCVE-0-2025-47136)
Vulnerability from
Published
2025-07-08 21:49
Modified
2025-07-10 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound) ()
Summary
InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | InDesign Desktop |
Version: 0 ≤ 19.5.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:55:54.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "19.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T21:49:00.379Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-47136",
"datePublished": "2025-07-08T21:49:00.379Z",
"dateReserved": "2025-04-30T20:47:55.003Z",
"dateUpdated": "2025-07-10T03:55:54.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43592 (GCVE-0-2025-43592)
Vulnerability from
Published
2025-07-08 21:49
Modified
2025-07-10 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-824 - Access of Uninitialized Pointer ()
Summary
InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | InDesign Desktop |
Version: 0 ≤ 19.5.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:55:53.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "19.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Access of Uninitialized Pointer (CWE-824)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T21:49:02.841Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "InDesign Desktop | Access of Uninitialized Pointer (CWE-824)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43592",
"datePublished": "2025-07-08T21:49:02.841Z",
"dateReserved": "2025-04-16T16:23:13.183Z",
"dateUpdated": "2025-07-10T03:55:53.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43594 (GCVE-0-2025-43594)
Vulnerability from
Published
2025-07-08 21:49
Modified
2025-07-10 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | InDesign Desktop |
Version: 0 ≤ 19.5.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:55:52.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "19.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T21:49:02.057Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "InDesign Desktop | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43594",
"datePublished": "2025-07-08T21:49:02.057Z",
"dateReserved": "2025-04-16T16:23:13.183Z",
"dateUpdated": "2025-07-10T03:55:52.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47134 (GCVE-0-2025-47134)
Vulnerability from
Published
2025-07-08 21:49
Modified
2025-07-10 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | InDesign Desktop |
Version: 0 ≤ 19.5.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:55:51.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "19.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T21:49:01.174Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "InDesign Desktop | Heap-based Buffer Overflow (CWE-122)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-47134",
"datePublished": "2025-07-08T21:49:01.174Z",
"dateReserved": "2025-04-30T20:47:55.003Z",
"dateUpdated": "2025-07-10T03:55:51.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 1141 - 1150 organizations in total 2594