{"vulnerability": "CVE-2025-2526", "sightings": [{"uuid": "2c5798be-824d-43fb-8d0f-815b5afdad73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25266", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-08", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "12b22698-44cd-48ef-a444-5eae9f63100b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25267", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-08", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "0ab6e826-319d-4718-ad7e-0dc27afc6285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2526", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114300295196424023", "content": "", "creation_timestamp": "2025-04-08T03:48:15.439936Z"}, {"uuid": "b8a59ddc-8531-4924-9f06-e67d1a17cd75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2526", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmbmccktqw26", "content": "", "creation_timestamp": "2025-04-08T04:12:45.501250Z"}, {"uuid": "37b668d2-c7ce-425b-ad76-3dfea13ba86b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25264", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114692654840452522", "content": "", "creation_timestamp": "2025-06-16T10:50:27.662002Z"}, {"uuid": "93d72109-6465-480b-9349-aee356fb0e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25268", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114816355954472736", "content": "", "creation_timestamp": "2025-07-08T07:09:17.029852Z"}, {"uuid": "c9da864c-c042-4649-8e0c-7a94b8f867f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25269", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114816355954472736", "content": "", "creation_timestamp": "2025-07-08T07:09:17.239323Z"}, {"uuid": "1840e679-10cc-4f44-a2f0-a5b01c049cf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25268", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3ltgqm2dg2r72", "content": "", "creation_timestamp": "2025-07-08T07:10:35.497662Z"}, {"uuid": "4b4d910d-732c-42dd-9b26-03ff85f9fdbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25269", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3ltgqm2dg2r72", "content": "", "creation_timestamp": "2025-07-08T07:10:35.708669Z"}, {"uuid": "ac79382b-bb9f-4833-8f9d-d861e2c0ea43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25268", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ltgzolppdr27", "content": "", "creation_timestamp": "2025-07-08T09:51:56.412467Z"}, {"uuid": "ba1a5877-06f0-4106-b247-4fec07679ad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25269", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ltgxwxmk6m2o", "content": "", "creation_timestamp": "2025-07-08T09:20:49.936732Z"}, {"uuid": "e6f0a440-49dd-4d24-b909-998b50672775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25265", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114692654840452522", "content": "", "creation_timestamp": "2025-06-16T10:50:27.763802Z"}, {"uuid": "ead15eac-f108-48ee-8a11-a08f145c8f49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25264", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lrpsp4dfo5g2", "content": "", "creation_timestamp": "2025-06-16T10:50:39.971700Z"}, {"uuid": "8a44d9d1-6480-4c37-8b86-ab071496d65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25265", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lrpsp4dfo5g2", "content": "", "creation_timestamp": "2025-06-16T10:50:40.070832Z"}, {"uuid": "206b9c6c-f26b-4282-9154-115e8c9e21f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25264", "type": "seen", "source": "Telegram/rWCmDShs9kyN-Ac2IJ6oBoNksY3QzSzid5WB25gwy_nslFg", "content": "", "creation_timestamp": "2025-06-16T10:33:51.000000Z"}, {"uuid": "fbe4f3ca-15bf-4f9b-94ad-420437e2e93a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrpucqpgr42r", "content": "", "creation_timestamp": "2025-06-16T11:19:24.763214Z"}, {"uuid": "7551b29d-c378-41fd-ba7b-3ea28f616078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25265", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrpw2awn6k2r", "content": "", "creation_timestamp": "2025-06-16T11:50:27.193580Z"}, {"uuid": "4ab3025a-80b6-43a0-bec6-8c832621a350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25267", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:35.000000Z"}, {"uuid": "ba0b924d-64fb-457e-9e42-e177b6633132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25268", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-622/", "content": "", "creation_timestamp": "2025-07-21T03:00:00.000000Z"}, {"uuid": "8863eceb-458f-42a2-9cc3-532468f1689e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25269", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-621/", "content": "", "creation_timestamp": "2025-07-21T03:00:00.000000Z"}, {"uuid": "52d6aa44-ad06-414a-9f0a-24bc3f15241d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25265", "type": "seen", "source": "Telegram/rWCmDShs9kyN-Ac2IJ6oBoNksY3QzSzid5WB25gwy_nslFg", "content": "", "creation_timestamp": "2025-06-16T10:33:51.000000Z"}, {"uuid": "89667867-9ac4-4445-bef5-71ad098590ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25266", "type": "seen", "source": "https://t.me/cvedetector/20076", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25266 - Tecnomatix Plant Simulation Unrestricted File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25266 \nPublished : March 11, 2025, 10:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality.  \nThis could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T13:26:52.000000Z"}, {"uuid": "03543d2a-8f4e-4d2a-9c89-f56107afbbe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25264", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25264\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.\n\ud83d\udccf Published: 2025-06-16T09:45:31.613Z\n\ud83d\udccf Modified: 2025-06-16T09:45:31.613Z\n\ud83d\udd17 References:\n1. https://certvde.com/en/advisories/VDE-2025-018/", "creation_timestamp": "2025-06-16T10:39:09.000000Z"}, {"uuid": "af5e4ea7-3862-4fc5-88c1-0ee318b013f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25267", "type": "seen", "source": "https://t.me/cvedetector/20067", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25267 - Tecnomatix Plant Simulation File Access Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25267 \nPublished : March 11, 2025, 10:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system. \nSeverity: 6.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T13:26:43.000000Z"}, {"uuid": "85b1ea3b-244e-40f2-90d7-6ab97e47f86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25265", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18436", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25265\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system\u2019s file structure.\n\ud83d\udccf Published: 2025-06-16T09:46:13.998Z\n\ud83d\udccf Modified: 2025-06-16T09:46:13.998Z\n\ud83d\udd17 References:\n1. https://certvde.com/en/advisories/VDE-2025-018/", "creation_timestamp": "2025-06-16T10:39:08.000000Z"}, {"uuid": "e6b18cc7-9ed9-4317-b7ef-2565a83b21b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2526", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10823", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2526\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.\n\ud83d\udccf Published: 2025-04-08T01:44:20.971Z\n\ud83d\udccf Modified: 2025-04-08T01:44:20.971Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve\n2. https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881\n3. https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", "creation_timestamp": "2025-04-08T02:45:45.000000Z"}, {"uuid": "ead73042-da71-497a-bc9e-86e7254440bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2526", "type": "seen", "source": "https://t.me/cvedetector/22379", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2526 - Streamit Theme for WordPress Privilege Escalation via Account Takeover\", \n  \"Content\": \"CVE ID : CVE-2025-2526 \nPublished : April 8, 2025, 2:15 a.m. | 52\u00a0minutes ago \nDescription : The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T05:37:33.000000Z"}, {"uuid": "a5a315dc-2594-443a-8cbf-02698c4bcda0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2526", "type": "published-proof-of-concept", "source": "Telegram/1nHwHmzl0TbVdYR1_lL3wCzW0pI2bWsxfRrs1LunCdsisi4", "content": "", "creation_timestamp": "2025-04-08T05:02:07.000000Z"}, {"uuid": "cc7f7129-1d9d-4eec-b819-976afc7cb7b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25266", "type": "seen", "source": "Telegram/7ohonUKXJXc8nNP-FA_LzHo1dYyqTYbEicJy56ekdY_6IuU", "content": "", "creation_timestamp": "2025-03-11T11:35:12.000000Z"}]}