{"vulnerability": "CVE-2025-2428", "sightings": [{"uuid": "c3b2f1b5-206f-4e1c-ace8-a455754ceaec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lsajquefeh2m", "content": "", "creation_timestamp": "2025-06-23T02:25:42.915087Z"}, {"uuid": "8dd370d8-c983-49d2-af5a-0b7c86074f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2428", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-4ebdede6-5217a3193b0d7a46", "content": "", "creation_timestamp": "2025-07-10T09:25:23.008877Z"}, {"uuid": "39a0a326-1e47-4084-ad60-b64111793e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24288", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrwe5tg2hf2r", "content": "", "creation_timestamp": "2025-06-19T01:18:57.903066Z"}, {"uuid": "e95b51bb-154c-4758-94e2-f513e0b457df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ls5tvzwbqc25", "content": "", "creation_timestamp": "2025-06-22T00:49:38.553187Z"}, {"uuid": "302b8fde-ae49-49ca-9f75-bead3620ce9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24287", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ls5tvzwbqc25", "content": "", "creation_timestamp": "2025-06-22T00:49:38.647914Z"}, {"uuid": "0c445807-66f5-42f0-b46c-0bd8eb62a842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ls5u66izlc25", "content": "", "creation_timestamp": "2025-06-22T00:54:11.540251Z"}, {"uuid": "b19271c8-b300-4fbd-9472-d9ad731970e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-625/", "content": "", "creation_timestamp": "2025-07-21T03:00:00.000000Z"}, {"uuid": "de8a539e-1376-45f5-8873-ad65069ee07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24287", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-649/", "content": "", "creation_timestamp": "2025-07-24T03:00:00.000000Z"}, {"uuid": "aadfe282-e673-417c-9f44-83802c4cc374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24285", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lwuvbsjk3y26", "content": "", "creation_timestamp": "2025-08-21T02:26:09.460256Z"}, {"uuid": "02644ad6-17e0-4345-8163-9d44414abcc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_12/2025", "content": "", "creation_timestamp": "2025-06-18T12:04:07.000000Z"}, {"uuid": "299d1f32-66bc-427d-9b48-0481c15dbc1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-24287", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_12/2025", "content": "", "creation_timestamp": "2025-06-18T12:04:07.000000Z"}, {"uuid": "51bde721-24fe-4df9-8938-6032dbdf93a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24288", "type": "seen", "source": "Telegram/o4VR5fP0RObkYE5GC_SWcOZP4OP4WWVDrridRceJ4mc_eL0", "content": "", "creation_timestamp": "2025-06-19T01:05:08.000000Z"}, {"uuid": "7fb67646-88a9-4a18-baea-e9f505d47605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "Telegram/o4VR5fP0RObkYE5GC_SWcOZP4OP4WWVDrridRceJ4mc_eL0", "content": "", "creation_timestamp": "2025-06-19T01:05:08.000000Z"}, {"uuid": "4f16f7ec-6931-48cc-a7d1-1e49ecf0063a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24287", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18827", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24287\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)\n\ud83d\udd39 Description: A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.\n\ud83d\udccf Published: 2025-06-18T23:30:47.508Z\n\ud83d\udccf Modified: 2025-06-18T23:30:47.508Z\n\ud83d\udd17 References:\n1. https://www.veeam.com/kb4743", "creation_timestamp": "2025-06-18T23:41:40.000000Z"}, {"uuid": "8851c77f-b874-4e72-a52e-1cee2a6aae2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24281", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9805", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24281\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.\n\ud83d\udccf Published: 2025-03-31T22:24:12.958Z\n\ud83d\udccf Modified: 2025-03-31T22:24:12.958Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/122373", "creation_timestamp": "2025-03-31T23:31:47.000000Z"}, {"uuid": "4f9b896e-f270-4d73-9518-4553cc9f3385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24280", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9829", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24280\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.\n\ud83d\udccf Published: 2025-03-31T22:24:07.706Z\n\ud83d\udccf Modified: 2025-04-01T04:19:53.142Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/122373\n2. https://support.apple.com/en-us/122374", "creation_timestamp": "2025-04-01T04:31:58.000000Z"}, {"uuid": "34910945-8f78-4673-9eda-a52919e7d791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24282", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24282\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.\n\ud83d\udccf Published: 2025-03-31T22:22:31.180Z\n\ud83d\udccf Modified: 2025-04-03T13:17:58.206Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/122373", "creation_timestamp": "2025-04-03T13:34:57.000000Z"}, {"uuid": "cc0766d8-443f-49f1-8adc-899cc9392dc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24288", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24288\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.  \n\nWorkarounds or Mitigation: \n\nVersa recommends the following  security controls:\n\n1) Change default passwords to complex passwords\n2) Passwords must be complex with at least 8 characters that comprise of upper case, and lower case alphabets,  as well as at at least one digit, and one special character\n3) Passwords must be changed at least every 90 days\n4) Password change history is checked to ensure that the at least the last 5 passwords must be used when changing password.\n5) Review and audit logs for all authentication attempts to check for unauthorized/suspicious login attempts and enforce remediation steps.\n\ud83d\udccf Published: 2025-06-18T23:30:55.344Z\n\ud83d\udccf Modified: 2025-06-18T23:30:55.344Z\n\ud83d\udd17 References:\n1. https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719\n2. https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4", "creation_timestamp": "2025-06-18T23:41:28.000000Z"}, {"uuid": "3bc99034-3908-454c-9134-1997a8cae115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24286", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18821", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24286\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.\n\ud83d\udccf Published: 2025-06-18T23:30:51.882Z\n\ud83d\udccf Modified: 2025-06-18T23:30:51.882Z\n\ud83d\udd17 References:\n1. https://www.veeam.com/kb4743", "creation_timestamp": "2025-06-18T23:41:34.000000Z"}, {"uuid": "88e51715-541b-4ad0-b7c6-b61d39f5eeae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24289", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24289\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.\n\ud83d\udccf Published: 2025-06-29T19:25:06.254Z\n\ud83d\udccf Modified: 2025-06-29T19:25:06.254Z\n\ud83d\udd17 References:\n1. https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d", "creation_timestamp": "2025-06-29T19:58:42.000000Z"}]}