{"vulnerability": "CVE-2025-2528", "sightings": [{"uuid": "8eb2dcdd-a75a-4713-bd8e-548b3aa1eab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25283", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyv4plnzj2g", "content": "", "creation_timestamp": "2025-02-12T19:15:57.014701Z"}, {"uuid": "f555b59b-ecde-4331-aca0-f80136841d67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25283", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhz7fibjk42z", "content": "", "creation_timestamp": "2025-02-12T22:19:48.720700Z"}, {"uuid": "580e926f-ffaa-443a-9da4-9792d861b4a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25283", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113992340797617356", "content": "", "creation_timestamp": "2025-02-12T18:31:23.474027Z"}, {"uuid": "624993ad-02d3-491d-a7f4-a2fc01da89f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li2ypaz45c2t", "content": "", "creation_timestamp": "2025-02-13T15:25:26.715255Z"}, {"uuid": "200583cb-8cb8-4798-ad2b-1e323bd48418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25287", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li33lv5kz42p", "content": "", "creation_timestamp": "2025-02-13T16:17:08.142453Z"}, {"uuid": "6ecfc3f9-ec04-45de-a9a3-1b747b102c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li37ptxyop2e", "content": "", "creation_timestamp": "2025-02-13T17:30:57.044202Z"}, {"uuid": "ac26be09-4fad-4354-b82b-c08a4ceede6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113994296257127308", "content": "", "creation_timestamp": "2025-02-13T02:48:41.683575Z"}, {"uuid": "823789c9-d141-41d3-9f29-37fe619ce7f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25281", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998670944986174", "content": "", "creation_timestamp": "2025-02-13T21:21:14.071398Z"}, {"uuid": "79420f9c-b270-4729-a9f9-5d5fe5f8d473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhztsqu3xi2e", "content": "", "creation_timestamp": "2025-02-13T04:25:09.913891Z"}, {"uuid": "3cadeb85-141a-4cb5-b0d0-cb908a5c40d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25284", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwyiw3g2y", "content": "", "creation_timestamp": "2025-02-18T19:16:22.442365Z"}, {"uuid": "9ba99946-78c3-47eb-bda0-4e8a48ea4885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25281", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3po2qwav2s", "content": "", "creation_timestamp": "2025-02-13T22:16:15.920304Z"}, {"uuid": "df30b52c-a3cc-40f5-92e8-49635e08e9d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li3viecofn2t", "content": "", "creation_timestamp": "2025-02-14T00:00:28.033304Z"}, {"uuid": "56656c2b-78cf-4272-be75-de49dfb1e29c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25281", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "6e57f1f4-fa8b-48f6-932f-e71e991c283a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25285", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003913812916358", "content": "", "creation_timestamp": "2025-02-14T19:34:33.682410Z"}, {"uuid": "4645b313-ef19-4cc7-8756-4761a54fb90e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25288", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003936399738557", "content": "", "creation_timestamp": "2025-02-14T19:40:18.280023Z"}, {"uuid": "c976062d-f67d-4acc-9c0c-1875f892be0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25289", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003936414922745", "content": "", "creation_timestamp": "2025-02-14T19:40:19.456843Z"}, {"uuid": "b7158c18-4b7f-43e9-b742-5ad440405eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25285", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfmw52y2n", "content": "", "creation_timestamp": "2025-02-14T20:15:50.082878Z"}, {"uuid": "b1dafeee-3aba-46d5-940c-dd5181ffbfa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25288", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfpufoi2y", "content": "", "creation_timestamp": "2025-02-14T20:15:53.278934Z"}, {"uuid": "6c7c85f9-e35e-496f-b910-e1e5650acd5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25289", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfsd3ay2a", "content": "", "creation_timestamp": "2025-02-14T20:15:55.707510Z"}, {"uuid": "4e2badc8-6ecd-4e4e-896e-9e7c12f6c618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25285", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bzmhnmw2p", "content": "", "creation_timestamp": "2025-02-14T22:50:10.480872Z"}, {"uuid": "2c7d17c3-7f9f-4820-bb59-140967915eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25288", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bzmqmlk2v", "content": "", "creation_timestamp": "2025-02-14T22:50:11.215665Z"}, {"uuid": "528532b1-25c7-4c83-a369-b2f0debd9dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25289", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bzn2box2y", "content": "", "creation_timestamp": "2025-02-14T22:50:13.025331Z"}, {"uuid": "f0312a59-849c-42b5-8c51-915a8671f84e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25280", "type": "seen", "source": "https://t.me/cvedetector/19320", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25280 - Century Systems Co., Ltd. FutureNet AS and FA Series Remote Reboot Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25280 \nPublished : March 3, 2025, 9:15 a.m. | 46\u00a0minutes ago \nDescription : Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T11:21:36.000000Z"}, {"uuid": "b14a90aa-3305-46c2-a55b-724018c2dbbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "59864ef8-47c9-4db9-8627-ecbb2a31c20b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6ciuqw2e", "content": "", "creation_timestamp": "2025-02-18T02:56:12.042683Z"}, {"uuid": "d089d537-b64e-48c8-9f90-8dcc6304ebf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6ckr2e2z", "content": "", "creation_timestamp": "2025-02-18T02:56:12.609857Z"}, {"uuid": "9474185c-cc26-4386-bdf8-7f04e500cb7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6dldfw2g", "content": "", "creation_timestamp": "2025-02-18T02:56:13.836675Z"}, {"uuid": "2034ef1b-e16f-4bdb-9d93-e7ca89909f80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://bsky.app/profile/vulns.bsky.social/post/3ligb6gmskk2g", "content": "", "creation_timestamp": "2025-02-18T02:56:16.241844Z"}, {"uuid": "452ba7bc-cc12-4779-bd0c-7e530ddd50da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25282", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114044550171978219", "content": "", "creation_timestamp": "2025-02-21T23:48:55.407030Z"}, {"uuid": "54d6ab20-ec7b-4389-8b84-9f09b9a1b491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2528", "type": "seen", "source": "https://t.me/cvedetector/21204", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2528 - Devolutions Remote Desktop Manager Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-2528 \nPublished : March 26, 2025, 6:15 p.m. | 31\u00a0minutes ago \nDescription : Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to   \nuse a configuration different from the one mandated by the system administrators.  \n  \n  \n  \n  \n  \nThis issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T20:34:49.000000Z"}, {"uuid": "722a626e-b8ff-4686-aa32-dd0ede135f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25282", "type": "seen", "source": "https://t.me/cvedetector/18698", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25282 - RAGFlow IDOR: Cross-Tenant Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25282 \nPublished : Feb. 21, 2025, 9:15 p.m. | 1\u00a0hour, 33\u00a0minutes ago \nDescription : RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET //user/list), add user account to other tenant (POST //user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:36.000000Z"}, {"uuid": "77d7495a-fa1c-4210-a90a-ccb7d01c72f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25287", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25287\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T16:16:49.187\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/lakejason0/mediawiki-skins-Lakeus/blob/82ad2cd341f85b814a6a0f37969e6210ebf2521d/includes/SkinLakeus.php#L27\n2. https://github.com/lakejason0/mediawiki-skins-Lakeus/blob/82ad2cd341f85b814a6a0f37969e6210ebf2521d/resources/themeDesigner.js\n3. https://github.com/lakejason0/mediawiki-skins-Lakeus/commit/fb79928f06efa47677fff27e0f4755eb32b1c8d9\n4. https://github.com/lakejason0/mediawiki-skins-Lakeus/security/advisories/GHSA-mq77-3q68-v64v", "creation_timestamp": "2025-02-13T17:14:59.000000Z"}, {"uuid": "55047014-9c5a-4922-a41a-e6f5d86249b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25284", "type": "seen", "source": "https://t.me/cvedetector/18342", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25284 - ZOO-Project WPS Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25284 \nPublished : Feb. 18, 2025, 7:15 p.m. | 39\u00a0minutes ago \nDescription : The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn't properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT's raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit `5f155a8` and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:40.000000Z"}, {"uuid": "04fdaabd-071b-485a-8b06-0f9ae9395024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25281", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4398", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25281\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: An attacker may modify the URL to discover sensitive information about the target network.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-25281\n2. https://old.outbackpower.com/about-outback/contact/contact-us\n3. https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17", "creation_timestamp": "2025-02-14T01:16:16.000000Z"}, {"uuid": "12044f06-a4a0-4365-a21f-e804a79fe2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8952", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2528\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to \nuse a configuration different from the one mandated by the system administrators.\n\n\n\n\n\nThis issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.\n\ud83d\udccf Published: 2025-03-26T17:20:00.521Z\n\ud83d\udccf Modified: 2025-03-26T18:55:36.027Z\n\ud83d\udd17 References:\n1. https://devolutions.net/security/advisories/DEVO-2025-0005/", "creation_timestamp": "2025-03-26T19:26:31.000000Z"}, {"uuid": "79addb19-7211-4727-bcfb-95b51ce089c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25281", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25281\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T22:15:13.263\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://old.outbackpower.com/about-outback/contact/contact-us\n2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17", "creation_timestamp": "2025-02-13T23:11:13.000000Z"}, {"uuid": "a71c01d1-deef-4602-aabf-fce68ecb5669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25280", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6167", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25280\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.\n\ud83d\udccf Published: 2025-03-03T08:25:16.938Z\n\ud83d\udccf Modified: 2025-03-03T08:25:16.938Z\n\ud83d\udd17 References:\n1. https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html\n2. https://jvn.jp/en/vu/JVNVU96398949/", "creation_timestamp": "2025-03-03T09:35:37.000000Z"}, {"uuid": "66b107ee-985a-45e4-999e-925717937a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25287", "type": "seen", "source": "https://t.me/cvedetector/18024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25287 - MediaWiki Lakeus Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-25287 \nPublished : Feb. 13, 2025, 4:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Lakeus is a simple skin made for MediaWiki. Starting in version 1.8.0 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rights can edit system messages that are improperly handled in order to send raw HTML. In the case of `lakeus-footermessage`, this will affect all users if the server is configured to link back to this repository. Otherwise, the system messages in themeDesigner.js are only used when the user enables it in their preferences. Versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0 contain a patch. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T18:50:29.000000Z"}, {"uuid": "3e488988-3c69-453e-8b7a-11ae10d4b3b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "https://t.me/cvedetector/17960", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25286 - Crayfish/Homarus Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25286 \nPublished : Feb. 13, 2025, 1:15 a.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in `islandora/crayfish:4.1.0`. Some workarounds are available. The exploit requires making a request against the Homarus's `/convert` endpoint; therefore, the ability to exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Homarus. Alternatively or additionally, configure auth in Crayfish to be more strongly required, such that requests with `Authorization` headers that do not validate are rejected before the problematic CLI interpolation occurs. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T04:36:58.000000Z"}, {"uuid": "f8ecb75d-7dac-4ea2-b9d1-dd7c40d1ce54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25288", "type": "seen", "source": "https://t.me/cvedetector/18146", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25288 - Octokit Plugin Paginate Rest ReDoS Attack\", \n  \"Content\": \"CVE ID : CVE-2025-25288 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : @octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance\u2014particularly with a malicious `link` parameter in the `headers` section of the `request`\u2014can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:48.000000Z"}, {"uuid": "cb39ee5b-f5f7-4398-9554-e14ebe8bcd0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25285", "type": "seen", "source": "https://t.me/cvedetector/18145", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25285 - Octokit/Endpoint Regular Expression Denial of Service (ReDoS)\", \n  \"Content\": \"CVE ID : CVE-2025-25285 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : @octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. Version 10.1.3 contains a patch for the issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:47.000000Z"}, {"uuid": "920d2d52-6653-4d76-94ca-4b9d4ad18a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25289", "type": "seen", "source": "https://t.me/cvedetector/18143", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25289 - Octokit Regular Expression Denial of Service (ReDoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25289 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : @octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and \"@\", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:42.000000Z"}, {"uuid": "9ec4e17b-c0db-44c6-9842-fd4efb99d789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25283", "type": "seen", "source": "https://t.me/cvedetector/17928", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25283 - Parse-Duraton CPU Denial of Service (DoS) and Out-of-Memory Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25283 \nPublished : Feb. 12, 2025, 7:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively, and an out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. Version 2.1.3 contains a patch. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T22:45:26.000000Z"}, {"uuid": "c2b24e7c-c7c3-4d01-9662-78b5c53bd251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "Telegram/iIi3KzIjULUXGypju4KFbWF_wBXen_gNRgrYAEOt14MXqBOb", "content": "", "creation_timestamp": "2025-02-14T10:06:08.000000Z"}, {"uuid": "c3c671d7-e864-47ea-8442-65e4288630af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25282", "type": "published-proof-of-concept", "source": "Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ", "content": "", "creation_timestamp": "2025-02-21T23:31:55.000000Z"}, {"uuid": "80840a41-7c3a-42f2-b8e0-ae3b1316e65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25284", "type": "published-proof-of-concept", "source": "Telegram/2uxF_1qoFB3hlCxfLn3xIrN9O42tmrJDZ5kGfls8NVGPMqg", "content": "", "creation_timestamp": "2025-02-18T20:31:23.000000Z"}, {"uuid": "7061f16e-15d4-4e84-829e-3d42c07fe1ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25286", "type": "seen", "source": "Telegram/r090prh8PzjJEh682vcQnlDcJfJK4dwz44titdcQaapqPXQ", "content": "", "creation_timestamp": "2025-02-13T03:00:57.000000Z"}]}