{"vulnerability": "CVE-2025-24859", "sightings": [{"uuid": "43b59a7f-eced-4dd7-a95f-cc6e73d43abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lml5bepu352t", "content": "", "creation_timestamp": "2025-04-11T23:10:25.369027Z"}, {"uuid": "2b25b263-135f-4b19-8b39-3845c5a3d078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114336254356067939", "content": "", "creation_timestamp": "2025-04-14T12:13:08.055608Z"}, {"uuid": "1090f385-2d46-4660-bd4b-a73e7e5e42ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmt24vutee2w", "content": "", "creation_timestamp": "2025-04-15T02:35:32.563758Z"}, {"uuid": "5a709618-a875-4172-95ce-e9fa416c2dcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lmtaohuwf22j", "content": "", "creation_timestamp": "2025-04-15T04:32:46.920630Z"}, {"uuid": "58764a62-2356-4e82-a242-0e3ccdd0c25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmthsimrl22h", "content": "", "creation_timestamp": "2025-04-15T06:40:18.707508Z"}, {"uuid": "3addf0c8-bbfb-4a1d-8221-ca7ee8064414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/youranonriots.bsky.social/post/3lmura3o7522d", "content": "", "creation_timestamp": "2025-04-15T19:01:39.170028Z"}, {"uuid": "105e9ea4-b196-48c6-8187-6f358514f375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmucnrdj3g2j", "content": "", "creation_timestamp": "2025-04-15T14:40:48.246979Z"}, {"uuid": "35526abb-8d06-40dd-9cb7-6e8b3d883ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmucojn5na2s", "content": "", "creation_timestamp": "2025-04-15T14:41:14.053244Z"}, {"uuid": "4a849254-530a-48d1-82df-cd6b657c4584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/0x58/statuses/114342923481006389", "content": "", "creation_timestamp": "2025-04-15T16:29:10.822943Z"}, {"uuid": "1de53b83-1f1b-4968-b6f6-9cbaa5bf7560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html", "content": "", "creation_timestamp": "2025-04-15T11:44:00.000000Z"}, {"uuid": "905bb38c-24e6-4c06-8275-24657eaabe30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmvqrffntf2h", "content": "", "creation_timestamp": "2025-04-16T04:26:01.693544Z"}, {"uuid": "ff7a29b6-46d3-4bba-8780-ade3589cd72a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3lmvsfh4ki626", "content": "", "creation_timestamp": "2025-04-16T04:55:08.823627Z"}, {"uuid": "cdf4cfaa-4e80-4577-bb42-1c50c9e24f21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lmxreqvqra2d", "content": "", "creation_timestamp": "2025-04-16T23:42:11.408326Z"}, {"uuid": "7fa4fb48-827a-479e-bcda-b8c00ef17913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogm4m2t", "content": "", "creation_timestamp": "2025-04-17T01:03:47.139593Z"}, {"uuid": "66f253f4-5b16-4627-a040-2b3a63369e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogsxe2t", "content": "", "creation_timestamp": "2025-04-17T01:03:50.286488Z"}, {"uuid": "fb036b4d-c2a0-405a-928c-c0bf4f2ac1b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogtwm2t", "content": "", "creation_timestamp": "2025-04-17T01:03:53.447316Z"}, {"uuid": "05ec5de3-c919-4beb-b753-abf705c40b80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogtwn2t", "content": "", "creation_timestamp": "2025-04-17T01:03:56.600168Z"}, {"uuid": "04802741-e299-4540-8c88-0e28bfb37c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwoguvv2t", "content": "", "creation_timestamp": "2025-04-17T01:03:59.693240Z"}, {"uuid": "1f09c4be-e451-4122-9dd0-13c76706e672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv52t", "content": "", "creation_timestamp": "2025-04-17T01:04:02.766264Z"}, {"uuid": "e7080a92-1478-49ea-a7a6-7bdf651c04a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv62t", "content": "", "creation_timestamp": "2025-04-17T01:04:05.926963Z"}, {"uuid": "7694d31a-9d4c-408b-ab93-90edad06fd46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogvv72t", "content": "", "creation_timestamp": "2025-04-17T01:04:09.201160Z"}, {"uuid": "ab356f3d-e049-4153-8640-f66834d72b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwui2t", "content": "", "creation_timestamp": "2025-04-17T01:04:15.621795Z"}, {"uuid": "b20240d8-01f0-4b6f-9812-d4c83784777f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogxtt2t", "content": "", "creation_timestamp": "2025-04-17T01:04:28.257449Z"}, {"uuid": "18b3a191-f8ca-43cf-8259-46d3e3715e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuk2t", "content": "", "creation_timestamp": "2025-04-17T01:04:21.903451Z"}, {"uuid": "d4eb5586-aaee-4769-84c8-6fdfd22031e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114347307004640778", "content": "", "creation_timestamp": "2025-04-16T11:03:58.687119Z"}, {"uuid": "513f7a42-3398-44c7-b957-a08c31bbd97d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3lmwqa7d2i22x", "content": "", "creation_timestamp": "2025-04-16T13:49:04.282574Z"}, {"uuid": "dda518c3-ee5a-4285-87fe-6e6cd06a1e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuh2t", "content": "", "creation_timestamp": "2025-04-17T01:04:12.441327Z"}, {"uuid": "0be3fd51-1540-4f77-87ec-491fab8ad35a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwuj2t", "content": "", "creation_timestamp": "2025-04-17T01:04:18.740018Z"}, {"uuid": "478fda16-ec37-4ddb-9408-632e52bbd69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/cybersecuritybrief.bsky.social/post/3lmxvwogwul2t", "content": "", "creation_timestamp": "2025-04-17T01:04:25.096029Z"}, {"uuid": "fe49699a-cb71-480b-a481-1784c7d0f705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ln52jzmns22p", "content": "", "creation_timestamp": "2025-04-19T02:09:32.838506Z"}, {"uuid": "7f357c5f-8993-444f-aa6a-9a06e894e24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmzzwzoqis26", "content": "", "creation_timestamp": "2025-04-17T21:20:53.648180Z"}, {"uuid": "bfdad1b7-79e2-4d55-9be2-f8d9d31b6f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmzzztadps26", "content": "", "creation_timestamp": "2025-04-17T21:22:35.487411Z"}, {"uuid": "a61c3f9a-bcba-4aeb-8bd1-ac87b0d41f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ln22beoh3226", "content": "", "creation_timestamp": "2025-04-17T21:26:44.035436Z"}, {"uuid": "79bc466b-21e3-4db5-83a6-6a25440234c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/ton618cyber/8864", "content": "Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence\n\nApache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.\n\nThe Hacker News | thehackernews.com \u2022 Apr 15, 2025", "creation_timestamp": "2025-04-15T15:54:56.000000Z"}, {"uuid": "dc1a3088-3b4e-4d95-9dd7-b2fdbe00ea03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://bsky.app/profile/idenhaus.bsky.social/post/3lnnunenv2e2e", "content": "", "creation_timestamp": "2025-04-25T18:39:15.490159Z"}, {"uuid": "0014080f-7356-4277-8150-89a4702fa8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24859\n\ud83d\udd25 CVSS Score: 10 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.\n\nThis issue affects Apache Roller versions up to and including 6.1.4.\n\nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.\n\ud83d\udccf Published: 2025-04-14T08:18:54.729Z\n\ud83d\udccf Modified: 2025-04-14T08:18:54.729Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/vxv52vdr8nhtjlj6v02w43fdvo0cxw23\n2. https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f", "creation_timestamp": "2025-04-14T08:55:48.000000Z"}, {"uuid": "6f9d42e8-2be1-495e-beb1-ef82fe6b88bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/cvedetector/22835", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24859 - Apache Roller Session Management Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-24859 \nPublished : April 14, 2025, 9:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.  \n  \nThis issue affects Apache Roller versions up to and including 6.1.4.  \n  \nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T12:59:21.000000Z"}, {"uuid": "150908ee-1209-4a87-b0da-6deee2a7de0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/true_secator/6951", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u0412 \u041f\u041e Apache Roller\u00a0\u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Java \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-24859 \u0438 \u0438\u043c\u0435\u0435\u0442 CVSS 10,0. \n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Roller \u0434\u043e 6.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438 \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0425\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u043c \u041c\u044d\u043d\u043e\u043c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e\u0441\u043b\u0435 \u0441\u043c\u0435\u043d\u044b \u043f\u0430\u0440\u043e\u043b\u044f.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u0440\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u044b \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u0441\u043c\u0435\u043d\u044b \u043f\u0430\u0440\u043e\u043b\u044f.\n\n2. SSD Disclosure \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 RCE-\u043e\u0448\u0438\u0431\u043a\u0443\u00a0\u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Calix Gigacenter.\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432\u044b\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0432\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CPE \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 TCP 6998 \u0438 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435. \n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043c\u043e\u0434\u0435\u043b\u0438 \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u044b \u0442\u0440\u0435\u0442\u044c\u0435\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u043e\u0439 \u043f\u043e\u0434 \u0431\u0440\u0435\u043d\u0434\u043e\u043c Calix \u0438 \u0442\u0435\u043f\u0435\u0440\u044c EoL.\n\n3. Checkmarx \u0438\u0437\u0443\u0447\u0430\u0435\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u044e\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c RCE \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c 9,8 (CVE-2025-27520) \u0432 BentoML, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Python \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u0418\u0418.\n\n\u0427\u0438\u0441\u043b\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u044c\u0448\u0435, \u0447\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u043d\u043e \u0432 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438, \u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435 \u0443\u043c\u0435\u043d\u044c\u0448\u0430\u0435\u0442: \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0418\u0418.\n\n4. Coinspect \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u0430\u0445 Stellar Freighter, Frontier Wallet \u0438 Coin98, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u043a\u0440\u0430\u0436\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Praetorian \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0441\u0440\u0435\u0434 DICOM \u043d\u0430 \u0431\u0430\u0437\u0435 Windows, \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0432 Linux. C\u0432\u043e\u0439 PoC \u043e\u043d\u0438 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u043e\u0439 ELFDICOM.\n\n6. \u0423\u0447\u0430\u0441\u0442\u043d\u0438\u043a Red Team, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Vari.sh, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e Doppelganger, \u043d\u043e\u0432\u043e\u043c \u043c\u0435\u0442\u043e\u0434\u0435\u00a0(\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435), \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0434\u043b\u044f \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f LSASS \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043a\u0440\u0435\u0442\u043e\u0432 \u0431\u0435\u0437 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0439 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u0435.\n\n7. Quarkslab \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP, \u0432\u044b\u044f\u0432\u0438\u0432 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 17 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n8. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Positive Technologies \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u0443\u044e \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0443 c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u0443\u0434\u0430 \u0432\u043e\u0448\u043b\u0438 11 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Microsoft, VMware \u0438 Apache.", "creation_timestamp": "2025-04-15T19:52:12.000000Z"}, {"uuid": "d7126478-1bb7-42d0-86b0-7c46b001f19e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/ton618cyber/3552", "content": "Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence\n\nApache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.\n\nThe Hacker News | thehackernews.com \u2022 Apr 15, 2025", "creation_timestamp": "2025-04-15T15:54:57.000000Z"}, {"uuid": "e900e296-7568-4b45-920a-1c7ed8a5c3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "Telegram/80K6TgGoFaGJjRrrbrAhB7o6uqKXlmOpUWGZBaBhIq61pw", "content": "", "creation_timestamp": "2025-04-15T20:27:41.000000Z"}, {"uuid": "3f562d12-b04f-4018-a6c5-07dae54b030c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "Telegram/QSd_W2sEquutRe-R0caK0ZbRUjEEXQKH7sZGhQJrd0BLNk0", "content": "", "creation_timestamp": "2025-04-14T10:30:49.000000Z"}, {"uuid": "b5996f9f-bcaf-4f89-bb01-c147c3387735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24859", "type": "seen", "source": "https://t.me/thehackernews/6663", "content": "\ud83d\udea8 Apache Roller Hit by 10.0 CVSS Flaw!\n\nOld sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.\n\nAll versions \u22646.1.4 affected.\n\n\ud83d\udc49 Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html\n\n\ud83d\udd12 Fixed in v6.1.5. Patch now.", "creation_timestamp": "2025-04-15T15:43:13.000000Z"}]}