{"vulnerability": "CVE-2025-2522", "sightings": [{"uuid": "fe273341-3935-4ecf-8ff7-51eb902f4fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3lmjek4bewb2j", "content": "", "creation_timestamp": "2025-04-11T06:15:15.472515Z"}, {"uuid": "87f8f92f-af1c-41ef-8dc3-17ffc522b120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114182802995800818", "content": "", "creation_timestamp": "2025-03-18T09:48:26.312697Z"}, {"uuid": "d43ba38f-22f3-4931-a6e9-c713dda0d42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25221", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lig3klldm32n", "content": "", "creation_timestamp": "2025-02-18T01:15:41.927661Z"}, {"uuid": "5d2556ee-ebc8-4c18-818b-a121a065cd87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25222", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lig3koajni2y", "content": "", "creation_timestamp": "2025-02-18T01:15:44.444001Z"}, {"uuid": "7acfaf4c-2b6a-416f-9d3b-c9f2e920e6d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25223", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lig3kqrvw723", "content": "", "creation_timestamp": "2025-02-18T01:15:47.267821Z"}, {"uuid": "de8e2d53-df66-4b0c-8b8f-a71bea03d135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25224", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lig3kt5ah72o", "content": "", "creation_timestamp": "2025-02-18T01:15:49.677648Z"}, {"uuid": "3983d957-1dec-4532-8a06-25aabc7965a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25224", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligjteppxs2a", "content": "", "creation_timestamp": "2025-02-18T05:31:09.009501Z"}, {"uuid": "906e9376-d89d-476c-a0fd-1620790723eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25223", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligjtff5ii2a", "content": "", "creation_timestamp": "2025-02-18T05:31:09.975975Z"}, {"uuid": "6e178cef-8dbc-4f24-bb74-f99c6a60306f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25221", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligjtfkhet23", "content": "", "creation_timestamp": "2025-02-18T05:31:10.553920Z"}, {"uuid": "8a426faf-0179-46ad-a8bd-9448dc9d256e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25222", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligjtfqty62p", "content": "", "creation_timestamp": "2025-02-18T05:31:11.150273Z"}, {"uuid": "b4bfc6df-8a79-42a5-a6d4-44e7183cd2a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lknn34elxy2x", "content": "", "creation_timestamp": "2025-03-18T12:08:12.046075Z"}, {"uuid": "e6a3738b-90d1-4879-b3c5-5a4822808958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25221", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25221\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.\n\ud83d\udccf Published: 2025-02-18T00:10:25.747Z\n\ud83d\udccf Modified: 2025-02-18T00:10:25.747Z\n\ud83d\udd17 References:\n1. https://www.luxsoft.eu/?download\n2. https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984\n3. https://jvn.jp/en/jp/JVN26024080/", "creation_timestamp": "2025-02-18T04:17:22.000000Z"}, {"uuid": "673dd537-7df0-47c4-861c-6d19d771fb99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmp227v4vc2q", "content": "", "creation_timestamp": "2025-04-13T12:23:25.880478Z"}, {"uuid": "23cf4caa-cca8-47c2-b80e-fe9817278cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25227", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmp227v4vc2q", "content": "", "creation_timestamp": "2025-04-13T12:23:25.974383Z"}, {"uuid": "f89bc42f-f5c1-47e4-bc34-c8d4b6384b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmp22c2wc22q", "content": "", "creation_timestamp": "2025-04-13T12:23:27.070350Z"}, {"uuid": "3a6c95dd-a7fd-45d6-8717-7fa649f2167d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25227", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmp22c2wc22q", "content": "", "creation_timestamp": "2025-04-13T12:23:27.153752Z"}, {"uuid": "2b496d8b-3c99-4e6c-9712-5f6985a10080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25228", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lncyswznp72d", "content": "", "creation_timestamp": "2025-04-21T10:54:40.244324Z"}, {"uuid": "0e62dd70-f573-42ad-9715-7d7471a3e21a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2522", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-03", "content": "", "creation_timestamp": "2025-07-24T10:00:00.000000Z"}, {"uuid": "f44495b3-d6c2-4fdd-a158-13d120a329d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:37.000000Z"}, {"uuid": "77a7fc29-7abd-4e27-8e0d-e24e7970d842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:37.000000Z"}, {"uuid": "8a176ebc-5ff0-4013-9712-7e39bde60f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "9f201aab-4fe6-4a25-932c-ff8fed308c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2522", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-247-01", "content": "", "creation_timestamp": "2025-09-04T10:00:00.000000Z"}, {"uuid": "d553a080-db0e-4962-9f46-9da145537077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:29.000000Z"}, {"uuid": "df567585-513b-4268-9504-9e7bfa8e11ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25224", "type": "seen", "source": "https://t.me/cvedetector/18272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25224 - LuxCal Web Calendar File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25224 \nPublished : Feb. 18, 2025, 1:15 a.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T05:05:52.000000Z"}, {"uuid": "d796ccad-4b46-4be5-9f13-1eb4ee0d2f93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25223", "type": "seen", "source": "https://t.me/cvedetector/18271", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25223 - LuxCal Web Calendar Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25223 \nPublished : Feb. 18, 2025, 1:15 a.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T05:05:52.000000Z"}, {"uuid": "48f03779-5a5a-40dd-a0d4-842a6c459e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25222", "type": "seen", "source": "https://t.me/cvedetector/18270", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25222 - LuxCal SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25222 \nPublished : Feb. 18, 2025, 1:15 a.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T05:05:51.000000Z"}, {"uuid": "f4c3d5c6-9ad5-4bc3-a1b9-2cb589c4649e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25221", "type": "seen", "source": "https://t.me/cvedetector/18269", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25221 - LuxCal Web Calendar SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25221 \nPublished : Feb. 18, 2025, 1:15 a.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T05:05:50.000000Z"}, {"uuid": "15edd190-a65b-4eea-819b-6dd48662099f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25222", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25222\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.\n\ud83d\udccf Published: 2025-02-18T00:11:03.172Z\n\ud83d\udccf Modified: 2025-02-18T00:11:03.172Z\n\ud83d\udd17 References:\n1. https://www.luxsoft.eu/?download\n2. https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984\n3. https://jvn.jp/en/jp/JVN26024080/", "creation_timestamp": "2025-02-18T04:17:21.000000Z"}, {"uuid": "89ad3850-00e0-4415-a88a-a74b270e132c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25223", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4728", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25223\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.\n\ud83d\udccf Published: 2025-02-18T00:11:36.413Z\n\ud83d\udccf Modified: 2025-02-18T00:11:36.413Z\n\ud83d\udd17 References:\n1. https://www.luxsoft.eu/?download\n2. https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984\n3. https://jvn.jp/en/jp/JVN26024080/", "creation_timestamp": "2025-02-18T04:17:21.000000Z"}, {"uuid": "b581f86e-70b7-44fb-8f92-ffe579149558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25224", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4727", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25224\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.\n\ud83d\udccf Published: 2025-02-18T00:12:21.912Z\n\ud83d\udccf Modified: 2025-02-18T00:12:21.912Z\n\ud83d\udd17 References:\n1. https://www.luxsoft.eu/?download\n2. https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984\n3. https://jvn.jp/en/jp/JVN26024080/", "creation_timestamp": "2025-02-18T04:17:20.000000Z"}, {"uuid": "388883d7-f229-4d5d-9083-950c01333a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25227", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10942", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25227\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insufficient state checks lead to a vector that allows to bypass 2FA checks.\n\ud83d\udccf Published: 2025-04-08T16:24:18.330Z\n\ud83d\udccf Modified: 2025-04-08T16:24:18.330Z\n\ud83d\udd17 References:\n1. https://developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.html", "creation_timestamp": "2025-04-08T16:46:31.000000Z"}, {"uuid": "8ed39e46-ad5d-485f-a838-6ba446ec3a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7896", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25220\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.\n\ud83d\udccf Published: 2025-03-18T08:26:13.758Z\n\ud83d\udccf Modified: 2025-03-18T08:26:13.758Z\n\ud83d\udd17 References:\n1. https://fsi-plusf.jp/news/25031701.html\n2. https://jvn.jp/en/jp/JVN11230428/", "creation_timestamp": "2025-03-18T08:57:23.000000Z"}, {"uuid": "6d62f9b2-e682-40ac-b0f1-89315004cd44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25225", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7691", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25225\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.\n\ud83d\udccf Published: 2025-03-15T18:06:41.769Z\n\ud83d\udccf Modified: 2025-03-15T18:06:41.769Z\n\ud83d\udd17 References:\n1. https://www.hikashop.com/\n2. https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25225", "creation_timestamp": "2025-03-15T18:45:18.000000Z"}, {"uuid": "1c48802f-a4ff-4e43-84cf-fb93ad58a3db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10941", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25226\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.\n\ud83d\udccf Published: 2025-04-08T16:24:34.710Z\n\ud83d\udccf Modified: 2025-04-08T16:24:34.710Z\n\ud83d\udd17 References:\n1. https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html", "creation_timestamp": "2025-04-08T16:46:30.000000Z"}, {"uuid": "fad22682-e6bd-4ed1-8543-16b6e0102f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "seen", "source": "https://t.me/cvedetector/22486", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25226 - Oracle Database SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25226 \nPublished : April 8, 2025, 5:15 p.m. | 17\u00a0minutes ago \nDescription : Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T19:51:35.000000Z"}, {"uuid": "0d44d6c1-6d40-4a4b-ae28-d27985fcf59a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25228", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12635", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25228\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.\n\ud83d\udccf Published: 2025-04-21T07:16:45.498Z\n\ud83d\udccf Modified: 2025-04-21T07:20:56.546Z\n\ud83d\udd17 References:\n1. https://virtuemart.net/\n2. https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25228", "creation_timestamp": "2025-04-21T08:01:24.000000Z"}, {"uuid": "2c9e6ee2-568e-4d7e-80a8-206481df512b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25228", "type": "seen", "source": "https://t.me/cvedetector/23432", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25228 - VirtueMart SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25228 \nPublished : April 21, 2025, 8:15 a.m. | 1\u00a0hour, 22\u00a0minutes ago \nDescription : A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T12:17:57.000000Z"}, {"uuid": "291676db-5122-4796-896d-d570e82ef937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25220", "type": "seen", "source": "https://t.me/cvedetector/20557", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25220 - Fujitsu FS010M OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2025-25220 \nPublished : March 18, 2025, 9:15 a.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T11:53:22.000000Z"}, {"uuid": "05d84e55-b77e-439d-a18e-eed1ae93a7ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25227", "type": "seen", "source": "https://t.me/cvedetector/22487", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25227 - Microsoft Azure Authenticator Two-Factor Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25227 \nPublished : April 8, 2025, 5:15 p.m. | 17\u00a0minutes ago \nDescription : Insufficient state checks lead to a vector that allows to bypass 2FA checks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T19:51:39.000000Z"}, {"uuid": "fa34fc2b-ac20-4315-93bf-448011dae543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25222", "type": "seen", "source": "Telegram/EwrRrkWKvTm9Mx_T5vGBlnMJZyMzwBgTgvzEXvRQjJKzOSWw", "content": "", "creation_timestamp": "2025-02-18T03:37:46.000000Z"}, {"uuid": "353ff4a1-c9af-4e2a-8bba-d43c3281bed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25225", "type": "seen", "source": "https://t.me/cvedetector/20372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25225 - Hikashop Joomla Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25225 \nPublished : March 15, 2025, 6:15 p.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T21:58:33.000000Z"}, {"uuid": "29e1dcbb-34db-447f-9939-001bcc7d2d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25221", "type": "seen", "source": "Telegram/c3wU5t6BnFtO_5DpVaLdDZouf-34Nsw2HTFEjkoBPvEn_uaq", "content": "", "creation_timestamp": "2025-02-18T03:37:46.000000Z"}, {"uuid": "65108cb2-94e5-4c0f-9e14-59f2267da6b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25224", "type": "seen", "source": "Telegram/KRkDjRShgfFQcRn1u6P_fYrsP_49_SUleK87CPXoRAZLSKnb", "content": "", "creation_timestamp": "2025-02-18T03:37:46.000000Z"}, {"uuid": "cd45bd03-9de7-450b-9ac2-d28dd5089ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25223", "type": "seen", "source": "Telegram/twboOtSzz0UjigiGXvhz1K6iVzDQUDIf0lE5vcfY9spfkgVc", "content": "", "creation_timestamp": "2025-02-18T03:37:46.000000Z"}, {"uuid": "096bf1b5-5833-419d-a721-517cc1dbf83a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25226", "type": "exploited", "source": "https://t.me/jj_8tl/206", "content": "\u26a1\ufe0fThe vulnerability details are now available: https://t.co/l3fmrvL8hO\n\n\ud83d\udea8\ud83d\udea8Two Critical Vulnerabilities in Joomla\n CVE-2025-25226: SQL injection flaw in quoteNameStr. Mishandled identifiers could let attackers manipulate your database.\nCVE-2025-25227: MFA bypass alert! Hackers could slip past multi-factor authentication, unlocking sensitive accounts.  \n\nZoomEye Dork\ud83d\udc49app=\"Joomla\"\nReveals 127.9k+ potentially exposed sites.\nZoomEye Link: https://t.co/deNA8NE7Fj\n\nRefer: https://t.co/yImcvH3thZ\n\n#ZoomEye #NetSecMapping #cybersecurity #CyberSpaceInsights2025\n\n\u2728 Shared via Awham AutoFeed \u2728\nChannel: @jj_8tl", "creation_timestamp": "2025-04-11T12:07:56.000000Z"}, {"uuid": "6eba99cb-b960-4f33-a647-2e9015e70eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25227", "type": "exploited", "source": "https://t.me/jj_8tl/206", "content": "\u26a1\ufe0fThe vulnerability details are now available: https://t.co/l3fmrvL8hO\n\n\ud83d\udea8\ud83d\udea8Two Critical Vulnerabilities in Joomla\n CVE-2025-25226: SQL injection flaw in quoteNameStr. Mishandled identifiers could let attackers manipulate your database.\nCVE-2025-25227: MFA bypass alert! Hackers could slip past multi-factor authentication, unlocking sensitive accounts.  \n\nZoomEye Dork\ud83d\udc49app=\"Joomla\"\nReveals 127.9k+ potentially exposed sites.\nZoomEye Link: https://t.co/deNA8NE7Fj\n\nRefer: https://t.co/yImcvH3thZ\n\n#ZoomEye #NetSecMapping #cybersecurity #CyberSpaceInsights2025\n\n\u2728 Shared via Awham AutoFeed \u2728\nChannel: @jj_8tl", "creation_timestamp": "2025-04-11T12:07:56.000000Z"}]}