{"vulnerability": "CVE-2025-2338", "sightings": [{"uuid": "d23a4754-2998-4a9c-bd1e-739caf5258c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23385", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113906853958901505", "content": "", "creation_timestamp": "2025-01-28T16:10:57.875251Z"}, {"uuid": "0c991626-11ec-4f55-9b0a-39c49959973f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23385", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu4fvt2t2t", "content": "", "creation_timestamp": "2025-01-28T16:16:43.340353Z"}, {"uuid": "d5a78455-8679-4aa2-81fe-8800517e4513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ljjnlyr6aq24", "content": "", "creation_timestamp": "2025-03-04T04:41:47.921271Z"}, {"uuid": "6e900673-cf25-42de-8115-c257c6fe73c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2338", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkj65n6yek26", "content": "", "creation_timestamp": "2025-03-16T17:30:31.657086Z"}, {"uuid": "dfbe6f8b-7598-4329-9f22-0cd17b0189e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23384", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-07", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "10a22718-b6aa-4f7d-b0e2-3335ca749d37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljgyezbfo22j", "content": "", "creation_timestamp": "2025-03-03T03:16:45.298449Z"}, {"uuid": "b0ced8cf-9a58-4af5-b429-f37b06f5b410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23382", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtnbckui2l", "content": "", "creation_timestamp": "2025-03-19T18:43:42.390682Z"}, {"uuid": "89a422f8-5f90-49f8-91bd-af3464eacde4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-23388", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3ljjozwbdj224", "content": "", "creation_timestamp": "2025-03-04T05:07:28.492965Z"}, {"uuid": "2b56bba9-b3a5-4c92-b326-bdc7695d0226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-23389", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3ljjozwbdj224", "content": "", "creation_timestamp": "2025-03-04T05:07:28.592195Z"}, {"uuid": "e7532f48-e7f5-4a5a-a69d-2ad352f47ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ljjnlyr6aq24", "content": "", "creation_timestamp": "2025-03-04T04:41:48.004590Z"}, {"uuid": "87e24f0e-3891-476e-9d01-3e6cbb85c049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23387", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319534961696220", "content": "", "creation_timestamp": "2025-04-11T13:21:11.485522Z"}, {"uuid": "2e644b1c-8627-43b8-8449-0dfdd3cdf936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114319644483494898", "content": "", "creation_timestamp": "2025-04-11T13:49:01.604386Z"}, {"uuid": "54e751c2-3e92-4e3c-9f94-bbadad141004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114319644533856599", "content": "", "creation_timestamp": "2025-04-11T13:49:02.720191Z"}, {"uuid": "23b7fd69-0e5f-44ce-85e7-aedf5d8ba788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23382", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:26.000000Z"}, {"uuid": "febf3a3f-c181-4a0b-81d6-cc1958f733ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsnlebu2u", "content": "", "creation_timestamp": "2025-04-10T11:32:44.288350Z"}, {"uuid": "03675cb6-d971-442c-844c-39822b00399c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23382", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:27.000000Z"}, {"uuid": "a3e965bc-1719-4661-91c9-ad02af02658d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23386", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114318468848951469", "content": "", "creation_timestamp": "2025-04-11T08:50:02.562973Z"}, {"uuid": "fdf2933f-bc48-4041-ba1b-a0f84decbfb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmjwkr7k4y2g", "content": "", "creation_timestamp": "2025-04-11T11:37:44.391397Z"}, {"uuid": "f80b9574-172e-412e-9339-76e09e52d4ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmjwksultr2h", "content": "", "creation_timestamp": "2025-04-11T11:37:52.133246Z"}, {"uuid": "232a6794-ec26-45b5-846d-9943ac544c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114319475553563741", "content": "", "creation_timestamp": "2025-04-11T13:06:03.672080Z"}, {"uuid": "282457c3-acb5-4956-bac8-ecd9494ed9d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319534961696220", "content": "", "creation_timestamp": "2025-04-11T13:21:10.867472Z"}, {"uuid": "29b8c24e-34dd-4c48-9d8d-863028a13ba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319534961696220", "content": "", "creation_timestamp": "2025-04-11T13:21:11.022936Z"}, {"uuid": "e5f90d9a-bda6-4316-8852-c4b4630aae75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:45.000000Z"}, {"uuid": "d3bed1d0-0bf7-4061-9fdb-a6f38e0f616d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:45.000000Z"}, {"uuid": "10f4f97b-4c62-4672-bedc-c437cdab8a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23384", "type": "seen", "source": "https://t.me/cvedetector/20080", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23384 - Siemens OpenVPN Username Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23384 \nPublished : March 11, 2025, 10:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). Affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T13:26:59.000000Z"}, {"uuid": "54a05798-6f72-4368-9677-72797d4ae620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2338", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2338\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-16T12:31:04.547Z\n\ud83d\udccf Modified: 2025-03-16T12:31:04.547Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299802\n2. https://vuldb.com/?ctiid.299802\n3. https://vuldb.com/?submit.510781\n4. https://github.com/tbeu/matio/issues/269\n5. https://github.com/tbeu/matio/issues/269#issue-2883920922", "creation_timestamp": "2025-03-16T12:47:20.000000Z"}, {"uuid": "d79246ff-d648-40c3-a515-c5b0007f8381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23385", "type": "published-proof-of-concept", "source": "Telegram/4lfrJzyKgz7Xfkmo9hP10nh0kqZGrFrgmtcVT2t75Nf85eU", "content": "", "creation_timestamp": "2026-01-12T19:06:39.000000Z"}, {"uuid": "98ab8077-82b0-4480-bae6-c2363779eb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23383", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9253", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23383\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.\n\ud83d\udccf Published: 2025-03-28T02:01:42.119Z\n\ud83d\udccf Modified: 2025-03-28T02:01:42.119Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-28T02:28:08.000000Z"}, {"uuid": "8f1ca5be-dcfa-46cd-84e8-d2f208e0ea1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11418", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23388\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\n\ud83d\udccf Published: 2025-04-11T10:48:51.349Z\n\ud83d\udccf Modified: 2025-04-11T10:48:51.349Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388\n2. https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q", "creation_timestamp": "2025-04-11T11:50:50.000000Z"}, {"uuid": "a25c7e48-3e43-4418-af82-7cf01defbf29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23386", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23386\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.\n\ud83d\udccf Published: 2025-04-10T09:42:18.391Z\n\ud83d\udccf Modified: 2025-04-10T09:42:18.391Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23386", "creation_timestamp": "2025-04-10T09:48:58.000000Z"}, {"uuid": "5d731bb5-46c8-4219-a9bf-40ad1f5e3971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23387", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11417", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23387\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\n\ud83d\udccf Published: 2025-04-11T10:52:44.866Z\n\ud83d\udccf Modified: 2025-04-11T10:52:44.866Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387\n2. https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8", "creation_timestamp": "2025-04-11T11:50:46.000000Z"}, {"uuid": "a5733213-7031-40de-8814-ec7fdbfb1f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11419", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23389\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.\nThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\n\ud83d\udccf Published: 2025-04-11T10:46:43.655Z\n\ud83d\udccf Modified: 2025-04-11T10:46:43.655Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389\n2. https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4", "creation_timestamp": "2025-04-11T11:50:51.000000Z"}, {"uuid": "d75da699-7090-416d-b27b-3d9ddd394d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2338", "type": "seen", "source": "https://t.me/cvedetector/20411", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2338 - Apache Tbeu Heap-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2338 \nPublished : March 16, 2025, 1:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T16:22:36.000000Z"}, {"uuid": "c9b37d49-0d3c-4190-8cce-a9c5fe5748d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23385", "type": "seen", "source": "https://t.me/cvedetector/16610", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23385 - JetBrains ReSharper and ETW Host Service Local Privilege Escalation Vuln\", \n  \"Content\": \"CVE ID : CVE-2025-23385 \nPublished : Jan. 28, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T18:47:19.000000Z"}, {"uuid": "6749e0d1-480d-48ec-a73d-fca29b117c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23383", "type": "seen", "source": "https://t.me/cvedetector/21363", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23383 - Dell Unity OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23383 \nPublished : March 28, 2025, 3:15 a.m. | 51\u00a0minutes ago \nDescription : Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T05:12:13.000000Z"}, {"uuid": "d886824e-c926-48a4-97d2-7f34f1201614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23389", "type": "seen", "source": "https://t.me/cvedetector/22727", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23389 - SUSE Rancher SAML Impersonation Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23389 \nPublished : April 11, 2025, 11:15 a.m. | 18\u00a0minutes ago \nDescription : A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.  \nThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:33.000000Z"}, {"uuid": "e31ccca0-b6e1-45b9-aa50-143947e64857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23388", "type": "seen", "source": "https://t.me/cvedetector/22726", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23388 - SUSE Rancher Stack-based Buffer Overflow Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-23388 \nPublished : April 11, 2025, 11:15 a.m. | 18\u00a0minutes ago \nDescription : A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:33.000000Z"}, {"uuid": "e7269b9a-52e8-4c66-af8c-20bcb3f9bdfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23387", "type": "seen", "source": "https://t.me/cvedetector/22725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23387 - SUSE Rancher Unauthenticated Token Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-23387 \nPublished : April 11, 2025, 11:15 a.m. | 18\u00a0minutes ago \nDescription : A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:32.000000Z"}, {"uuid": "8e71b91c-f8ca-4c91-b838-0175a06d482d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23386", "type": "seen", "source": "https://t.me/cvedetector/22644", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23386 - Gerbera OpenSUSE Tumbleweed Default Permissions Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-23386 \nPublished : April 10, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T13:41:24.000000Z"}, {"uuid": "9dc52e32-f0a2-4c85-9775-517c1340e490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2338", "type": "published-proof-of-concept", "source": "Telegram/SX2zCCFmDlcWOpdr0yL158RNKAJQRvS3GbuwjH8rybFfEvg", "content": "", "creation_timestamp": "2025-03-16T14:30:17.000000Z"}, {"uuid": "a4a06fa0-7421-4e64-9a24-c07c8d8d3387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23382", "type": "seen", "source": "https://t.me/cvedetector/20655", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23382 - Dell Secure Connect Gateway (SCG) Remote Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-23382 \nPublished : March 19, 2025, 4:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T18:49:34.000000Z"}, {"uuid": "aebe7cf7-660f-4528-9f63-795a14c29fa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23383", "type": "seen", "source": "Telegram/JL2AEDUW3nn7wJMvX5Y1pZ6RRzjZ9DRWcg7AcNic7FT7f9E", "content": "", "creation_timestamp": "2025-03-28T04:03:38.000000Z"}]}