{"vulnerability": "CVE-2025-20720", "sightings": [{"uuid": "35b928b3-9c39-4c9f-9108-2551d0746d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20720", "type": "seen", "source": "https://gist.github.com/Darkcrai86/32425f3e5e9c4b16c78794cb3b4f40f7", "content": "", "creation_timestamp": "2025-10-14T13:27:35.000000Z"}, {"uuid": "752172c2-7a3d-462f-9f1a-cd58f947242d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20720", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115372817715516192", "content": "", "creation_timestamp": "2025-10-14T13:44:50.996510Z"}, {"uuid": "4842ba7b-f0b1-47c8-9bc7-2e9377ca38bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20720", "type": "seen", "source": "https://t.me/GithubRedTeam/92800", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Exploit #CVE #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2025-20720\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 08:04:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2025-20720 \u2014 PolyShell: Magento 2 Unauthenticated Arbitrary File Upload RCE | GIF89a polyglot bypass | guest-cart REST API | 79.5% stores targeted\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:05.368934Z"}, {"uuid": "a1e87344-1248-4db3-b5a9-7de782b5c7a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20720", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92800", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Exploit #CVE #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2025-20720\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 08:04:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2025-20720 \u2014 PolyShell: Magento 2 Unauthenticated Arbitrary File Upload RCE | GIF89a polyglot bypass | guest-cart REST API | 79.5% stores targeted\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:07.561452Z"}]}