{"vulnerability": "CVE-2021-25281", "sightings": [{"uuid": "39aac781-f891-45a8-8116-d3cf582072f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/saltstack_salt_wheel_async_rce.rb", "content": "", "creation_timestamp": "2021-03-31T19:58:01.000000Z"}, {"uuid": "09032b4d-9adc-47ba-9b32-74bffe74060b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:35.000000Z"}, {"uuid": "5e0ad3db-f94e-4ada-a6b8-ae14bb8de610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "74171707-7abd-4a50-bb6e-4046fc8e7c52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiaecuqm2r", "content": "", "creation_timestamp": "2026-01-15T21:03:02.074889Z"}, {"uuid": "6829797a-058c-45fd-b9e1-da445e191d12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://t.me/cibsecurity/24281", "content": "\u203c CVE-2021-25281 \u203c\n\nAn issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-27T07:40:09.000000Z"}, {"uuid": "5ff104d8-b74a-4134-ab77-8aa72345863a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://t.me/cKure/4084", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Interesting thread: CVE-2021-25281 and CVE-2021-25282.\n\nhttps://mobile.twitter.com/chybeta/status/1365203494869721090", "creation_timestamp": "2021-02-26T10:46:06.000000Z"}, {"uuid": "83534dbc-7e0c-4f9b-b014-68cbde7f0b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/763", "content": "CVE-2021-25281&CVE-2021-25282&CVE-2021-25283 Saltstack\u672a\u6388\u6b0aRCE\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-25281%26CVE-2021-25282%26CVE-2021-25283_Saltstack%E6%9C%AA%E6%8E%88%E6%AC%8ARCE%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:17.000000Z"}, {"uuid": "dba2965b-cedb-483a-beb6-a00dddc13f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25281", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2803", "content": "#exploit\n1. CVE-2021-27403:\nAskey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS\nhttps://github.com/bokanrb/CVE-2021-27403\n\n2. CVE-2021-27404:\nAskey RTF8115VW Internet Fiber Modem - Authenticated Host Header Injection\nhttps://github.com/bokanrb/CVE-2021-27404 \n\n]-> Chaining CVE-2021-25281 and CVE-2021-25282 to exploit a SaltStack:\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-25281", "creation_timestamp": "2024-06-24T21:17:07.000000Z"}]}