{"vulnerability": "CVE-2025-2443", "sightings": [{"uuid": "84b33634-44de-437a-ae8d-4836d138b786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24431", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-134/", "content": "", "creation_timestamp": "2025-03-13T04:00:00.000000Z"}, {"uuid": "7f16fb79-898e-42e9-a457-6d7277f04f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24430", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbjpqr5b2s", "content": "", "creation_timestamp": "2025-02-11T18:19:59.134325Z"}, {"uuid": "d3adb739-a6d9-439b-bceb-e524991136e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24437", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbk6c2u42g", "content": "", "creation_timestamp": "2025-02-11T18:20:14.372971Z"}, {"uuid": "ef05481e-58bf-4a89-b062-e63f26115c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24432", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbjtao772h", "content": "", "creation_timestamp": "2025-02-11T18:20:02.822858Z"}, {"uuid": "97e0eb86-030f-4fa9-964d-3320b20a6b50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24436", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbk3n52x2a", "content": "", "creation_timestamp": "2025-02-11T18:20:11.568228Z"}, {"uuid": "fa931f8d-b8bf-4b9f-b103-76782e649d94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24434", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113986746590747940", "content": "", "creation_timestamp": "2025-02-11T18:48:51.138579Z"}, {"uuid": "875356b9-caf5-46e0-a41c-635796d2baf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24434", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbjvyjru2g", "content": "", "creation_timestamp": "2025-02-11T18:20:06.049179Z"}, {"uuid": "a70ab9b5-3ecd-46c3-a745-31fe111c2433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24435", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbjz6bmr2z", "content": "", "creation_timestamp": "2025-02-11T18:20:09.024744Z"}, {"uuid": "e1c00dfe-e4b0-40f4-ac8f-e22ab0a651b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24438", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbkaqqd62a", "content": "", "creation_timestamp": "2025-02-11T18:20:18.588299Z"}, {"uuid": "2527aeb3-a4b7-4200-bc40-d5787dcd85fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24438", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113986746653556148", "content": "", "creation_timestamp": "2025-02-11T18:48:51.333792Z"}, {"uuid": "cca11c77-9896-45b1-ab98-35b809632fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2443", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnliq7rlbk2f", "content": "", "creation_timestamp": "2025-04-24T20:00:47.961597Z"}, {"uuid": "0a45d531-06bc-4348-99af-8e8064ba4b8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24435", "type": "seen", "source": "https://t.me/cvedetector/17739", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24435 - Adobe Commerce Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24435 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:30.000000Z"}, {"uuid": "3ee52441-690c-442d-be9c-a61ca2a5c19e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2443", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ls2xfoxy462a", "content": "", "creation_timestamp": "2025-06-20T21:14:01.812557Z"}, {"uuid": "58ad8f90-0a2c-4cc8-b5c2-42949f0dd442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24434", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4110", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24434\n\ud83d\udd25 CVSS Score: 9.1 (CVSS_V3)\n\ud83d\udd39 Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.\n\ud83d\udccf Published: 2025-02-11T18:31:43Z\n\ud83d\udccf Modified: 2025-02-12T17:52:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-24434\n2. https://github.com/magento/magento2\n3. https://helpx.adobe.com/security/products/magento/apsb25-08.html", "creation_timestamp": "2025-02-12T18:08:22.000000Z"}, {"uuid": "6a09fb17-e59c-45aa-a7ce-917061fc145d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24432", "type": "seen", "source": "https://t.me/cvedetector/17749", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24432 - Adobe Commerce TOCTOU Race Condition Security Feature Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-24432 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:43.000000Z"}, {"uuid": "94fc789e-5a14-4d5f-8506-97a39236b697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24430", "type": "seen", "source": "https://t.me/cvedetector/17746", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24430 - Adobe Commerce TOCTOU Race Condition Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24430 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:38.000000Z"}, {"uuid": "27b4461a-2747-406b-aac6-18f6ffe6ad0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24434", "type": "seen", "source": "https://t.me/cvedetector/17742", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24434 - Adobe Commerce Privilege Escalation Improper Authorization\", \n  \"Content\": \"CVE ID : CVE-2025-24434 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:35.000000Z"}, {"uuid": "39258015-4841-469f-9685-85d1e19b89f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24438", "type": "seen", "source": "https://t.me/cvedetector/17741", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24438 - Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24438 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:31.000000Z"}, {"uuid": "a295a7b0-c57e-498d-88d3-598882700a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24436", "type": "seen", "source": "https://t.me/cvedetector/17740", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24436 - Adobe Commerce Privilege Escalation Improper Access Control\", \n  \"Content\": \"CVE ID : CVE-2025-24436 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:30.000000Z"}, {"uuid": "71ee3659-3285-4528-9aac-4edcc51a7043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24437", "type": "seen", "source": "https://t.me/cvedetector/17743", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24437 - Adobe Commerce Improper Access Control Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-24437 \nPublished : Feb. 11, 2025, 6:15 p.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T21:33:36.000000Z"}, {"uuid": "597b5f90-7c40-4f75-81f1-53fdfbd5aeab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24434", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5413", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24434\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.\n\ud83d\udccf Published: 2025-02-11T17:37:53.501Z\n\ud83d\udccf Modified: 2025-02-25T21:39:46.383Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/magento/apsb25-08.html", "creation_timestamp": "2025-02-25T22:23:59.000000Z"}, {"uuid": "3dfc3b8b-455e-4264-8676-e2418f9791ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24431\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-03-11T18:10:16.624Z\n\ud83d\udccf Modified: 2025-03-12T04:01:15.651Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/acrobat/apsb25-14.html", "creation_timestamp": "2025-03-12T04:43:02.000000Z"}, {"uuid": "a1875075-fcc6-4dbf-b12b-2bfca566c991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24435", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5410", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24435\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.\n\ud83d\udccf Published: 2025-02-11T17:37:31.405Z\n\ud83d\udccf Modified: 2025-02-25T21:39:47.576Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/magento/apsb25-08.html", "creation_timestamp": "2025-02-25T22:23:53.000000Z"}, {"uuid": "62687e43-bb85-440b-b6b9-c0a5fec62126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7267", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24439\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-03-11T17:36:14.645Z\n\ud83d\udccf Modified: 2025-03-12T04:01:27.880Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html", "creation_timestamp": "2025-03-12T04:42:54.000000Z"}, {"uuid": "ae8689c7-ec55-45d4-b6e0-935db9e99880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2443", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19010", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2443\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.\n\ud83d\udccf Published: 2025-06-20T17:12:54.738Z\n\ud83d\udccf Modified: 2025-06-20T17:27:26.650Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/525363\n2. https://hackerone.com/reports/3037340", "creation_timestamp": "2025-06-20T17:46:25.000000Z"}]}