{"vulnerability": "CVE-2025-1022", "sightings": [{"uuid": "1f5a359a-f6d9-4b81-a60f-6ce22132f4ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhg4lvulci2v", "content": "", "creation_timestamp": "2025-02-05T08:09:08.636981Z"}, {"uuid": "6d752d86-363e-45d2-b1fa-644587eca3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113949546296359039", "content": "", "creation_timestamp": "2025-02-05T05:08:11.250833Z"}, {"uuid": "1b504af1-4bf4-43a3-ab94-a925f88168fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhfsvjh7k62t", "content": "", "creation_timestamp": "2025-02-05T05:15:33.497826Z"}, {"uuid": "4baf9d3c-875e-4c0e-b8cf-7537d9a7f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113949941052909151", "content": "", "creation_timestamp": "2025-02-05T06:48:35.410465Z"}, {"uuid": "90441704-160d-4158-84c8-5d8e2bc2fb02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10226", "type": "seen", "source": "https://gist.github.com/Darkcrai86/d914b77972c59de952f828745c0e4e86", "content": "", "creation_timestamp": "2025-09-10T14:20:14.000000Z"}, {"uuid": "34946e48-923b-4bf7-a9f3-5cf9187e40f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://bsky.app/profile/intelrob.bsky.social/post/3lmqcq2no222i", "content": "", "creation_timestamp": "2025-04-14T00:31:25.615458Z"}, {"uuid": "acbd15a2-e755-4061-9f22-4ee683a71e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10226", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyiiszef5v2f", "content": "", "creation_timestamp": "2025-09-10T15:01:28.830382Z"}, {"uuid": "56f7d193-aef3-4cef-be43-243b4de8037f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10220", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyij3xrehn2m", "content": "", "creation_timestamp": "2025-09-10T15:06:29.258659Z"}, {"uuid": "d8e6bed8-bb50-4a35-b210-ebe809ce9841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10225", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyijew6lkq2g", "content": "", "creation_timestamp": "2025-09-10T15:11:29.469080Z"}, {"uuid": "3cae4ef6-2361-4b4a-8361-88f33602a886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10229", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyjfvngzax2t", "content": "", "creation_timestamp": "2025-09-10T23:41:55.416113Z"}, {"uuid": "0bc3f718-7a73-4fac-89fb-8a787a76d244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1022\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.\n\ud83d\udccf Published: 2025-02-05T05:00:15.399Z\n\ud83d\udccf Modified: 2025-03-11T12:19:33.865Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496747\n2. https://github.com/spatie/browsershot/commit/bcfd608b264fab654bf78e199bdfbb03e9323eb7\n3. https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72\n4. https://gist.github.com/mrdgef/a820837c530e09e1dd725e013e0d4341", "creation_timestamp": "2025-03-11T12:40:34.000000Z"}, {"uuid": "3384c08e-cacd-4cb5-95d6-ad88365ad16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-10226", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lyjm23fhfl2d", "content": "", "creation_timestamp": "2025-09-11T01:31:47.801061Z"}, {"uuid": "35a7f2b7-dbe8-4b77-a198-1913345f44e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "https://t.me/cvedetector/17273", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1022 - Spatie Browsershot Improper Input Validation\", \n  \"Content\": \"CVE ID : CVE-2025-1022 \nPublished : Feb. 5, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T07:26:55.000000Z"}, {"uuid": "896b8e0b-6995-4262-adef-bac9247bb844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-10220", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lyjr326whw2w", "content": "", "creation_timestamp": "2025-09-11T03:01:48.761291Z"}, {"uuid": "71611878-3eb8-42d4-bd3b-c6fbd3f5782b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "Telegram/fvVyI8zLw2GacidzTsbV-S2_NcpVZf7310jClgI5CVYubv4A", "content": "", "creation_timestamp": "2025-02-06T02:44:20.000000Z"}, {"uuid": "4daf9fd7-7fa1-4732-baf3-2d4c15c206df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "seen", "source": "Telegram/Xp_tXcGikWSXTH5Lbm7nTZZVYdCiuno_zLVF5RDlxX4Lfapq", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "dfa370e6-fffb-4b2f-ba43-446b75869fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1022", "type": "published-proof-of-concept", "source": "Telegram/NNZd2D3Ktbe1Rh32JnzouhfiQqZrGcYJW6J1RbrF6_NKRNA", "content": "", "creation_timestamp": "2025-02-05T07:30:57.000000Z"}]}