{"vulnerability": "CVE-2025-12357", "sightings": [{"uuid": "d50e92ea-9ce0-4390-bb28-b29b91a1cd0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12357", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m4j43rhnsb2n", "content": "", "creation_timestamp": "2025-10-31T18:27:10.089428Z"}, {"uuid": "0ac563d4-147b-4e9f-9c68-e33de8748174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12357", "type": "seen", "source": "https://bsky.app/profile/fluxius.bsky.social/post/3mfcqjzc4cc25", "content": "", "creation_timestamp": "2026-02-20T18:31:11.574339Z"}, {"uuid": "430ee6f5-3667-4e0f-a62e-5ba4f76d44f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12357", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01", "content": "", "creation_timestamp": "2025-10-30T11:00:00.000000Z"}, {"uuid": "50e7ee18-6c28-4de2-bb47-272522f46f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12357", "type": "seen", "source": "https://t.me/NinjaSec/299", "content": "Code execution, and bypass vulnerabilities \u2014 for educational purposes only:\n\n\n1. CVE-2025-47241 \u2013 Whitelist bypass in Browser Use tool (CVSS 9.3)\n2. CVE-2025-25014 \u2013 Prototype pollution in Kibana (CVSS 9.1)\n3. CVE-2025-29927 \u2013 Next.js middleware authorization bypass (CVSS 9.1)\n4. CVE-2025-24813 \u2013 Apache Tomcat path traversal RCE (Critical)\n5. CVE-2025-2783 \u2013 Chrome Mojo use-after-free (High)\n6. CVE-2025-2636 \u2013 WordPress InstaWP plugin LFI (High)\n7. CVE-2025-2505 \u2013 WordPress Age Gate plugin LFI (High)\n8. CVE-2025-2746 \u2013 Kentico CMS auth bypass (CVSS 9.8)\n9. CVE-2025-2747 \u2013 Kentico CMS staging sync auth bypass (CVSS 9.8)\n10. CVE-2025-3066 \u2013 Chrome Site Isolation use-after-free (High)\n11. CVE-2025-46728 \u2013 cpp-httplib DoS vulnerability\n12. CVE-2025-12345 \u2013 Buffer overflow in XYZ app (CVSS 9.0)\n13. CVE-2025-12346 \u2013 SQL injection in ABC web app (CVSS 8.5)\n14. CVE-2025-12347 \u2013 XSS in DEF platform (CVSS 7.8)\n15. CVE-2025-12348 \u2013 Auth bypass in GHI system (CVSS 9.2)\n16. CVE-2025-12349 \u2013 RCE in JKL service via crafted packets (CVSS 9.5)\n17. CVE-2025-12350 \u2013 Privilege escalation in MNO app (CVSS 8.7)\n18. CVE-2025-12351 \u2013 Info disclosure in PQR system (CVSS 7.5)\n19. CVE-2025-12352 \u2013 DoS in STU server (CVSS 6.8)\n20. CVE-2025-12353 \u2013 Directory traversal in VWX app (CVSS 8.0)\n21. CVE-2025-12354 \u2013 Command injection in YZA tool (CVSS 9.1)\n22. CVE-2025-12355 \u2013 Insecure deserialization in BCD lib (CVSS 9.3)\n23. CVE-2025-12356 \u2013 CSRF in EFG portal (CVSS 7.2)\n24. CVE-2025-12357 \u2013 Memory corruption in HIJ driver (CVSS 8.9)\n25. CVE-2025-12358 \u2013 Improper auth in KLM API (CVSS 9.0)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}]}