{"vulnerability": "CVE-2025-2577", "sightings": [{"uuid": "f0557e45-547a-4c3b-9225-410cd73f0a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25772", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:04.000000Z"}, {"uuid": "118b2972-8880-41fb-99bf-d54905448943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2577", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkxtz7yv5b2h", "content": "", "creation_timestamp": "2025-03-22T13:39:04.442452Z"}, {"uuid": "5cdd31b8-deff-4ede-8065-8b8e479df38a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnvczm75i42s", "content": "", "creation_timestamp": "2025-04-28T17:45:16.149310Z"}, {"uuid": "0c3ec42c-efad-4dad-b420-fdb90a59c1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk7cpumghs2k", "content": "", "creation_timestamp": "2025-03-12T19:25:42.327333Z"}, {"uuid": "706d171b-c3f8-4731-8d94-e41b19489a5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnlv7psxpg2d", "content": "", "creation_timestamp": "2025-04-24T23:44:11.576650Z"}, {"uuid": "5bdf270f-d088-4ef5-b31e-6f9e3b0df3a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25777", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114400329765897087", "content": "", "creation_timestamp": "2025-04-25T19:48:21.400588Z"}, {"uuid": "581faf6c-cf69-4ceb-92ee-8796588a629d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25775", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114400329847987378", "content": "", "creation_timestamp": "2025-04-25T19:48:22.713938Z"}, {"uuid": "871776e7-9ef8-4a06-bba9-c78046cd6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25775", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lno5mnpoj62b", "content": "", "creation_timestamp": "2025-04-25T21:19:55.366954Z"}, {"uuid": "c3f6db68-8e64-49ba-9eb2-718bf39b5557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25770", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:04.000000Z"}, {"uuid": "6d30db69-ce2d-4137-8d44-b38474778b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25774", "type": "seen", "source": "https://t.me/cvedetector/20147", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25774 - Open5GS AMF Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25774 \nPublished : March 12, 2025, 5:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-12T20:22:56.000000Z"}, {"uuid": "c8931c78-337f-45fb-aa70-6240d45ab590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25770", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25770\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T17:16:38.730Z\n\ud83d\udd17 References:\n1. https://flowus.cn/share/dddbd17e-e459-46c7-b3f9-9c9a90cee804", "creation_timestamp": "2025-02-24T17:21:32.000000Z"}, {"uuid": "e625cd73-d30b-4b87-acb1-d42db4aedde7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25775", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25775\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T16:58:41.878Z\n\ud83d\udd17 References:\n1. https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/\n2. https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775", "creation_timestamp": "2025-04-25T17:07:48.000000Z"}, {"uuid": "6e4a7e21-f27d-4585-96da-391cbc69d454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25772", "type": "seen", "source": "https://t.me/cvedetector/18689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25772 - Jspxcms CSRF: Administrator Account Creation\", \n  \"Content\": \"CVE ID : CVE-2025-25772 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:19.000000Z"}, {"uuid": "8b97a1dc-3d0c-4030-9fc4-ccb5730f9daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25770", "type": "seen", "source": "https://t.me/cvedetector/18684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25770 - Wangmarket Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2025-25770 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:12.000000Z"}, {"uuid": "fa5d1c43-831b-4fed-96e7-3a0f3e98c50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25775", "type": "seen", "source": "https://t.me/cvedetector/23779", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25775 - Codeastro Bus Ticket Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25775 \nPublished : April 25, 2025, 5:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T21:41:45.000000Z"}, {"uuid": "090b7af8-560b-4a49-8232-b19e00d451d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7350", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25774\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS).\n\ud83d\udccf Published: 2025-03-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T16:48:40.910Z\n\ud83d\udd17 References:\n1. https://github.com/open5gs/open5gs/issues/3671\n2. https://github.com/open5gs/open5gs/commit/2e68706f1eea029d5172ccad946e78b352c031d0\n3. https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20GMM%20State%20Handling%20in%20Handover", "creation_timestamp": "2025-03-12T17:41:40.000000Z"}, {"uuid": "8415e2c3-b00f-4024-822e-65c4b8ff4896", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25777", "type": "seen", "source": "https://t.me/cvedetector/23707", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25777 - Codeastro Bus Ticket Booking System IDOR\", \n  \"Content\": \"CVE ID : CVE-2025-25777 \nPublished : April 24, 2025, 9:15 p.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T00:47:54.000000Z"}, {"uuid": "98ad9534-4c86-4740-93c6-866aadf136ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2577", "type": "seen", "source": "https://t.me/cvedetector/20866", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2577 - Bitspecter Suite for WordPress Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2025-2577 \nPublished : March 22, 2025, 12:15 p.m. | 1\u00a0hour ago \nDescription : The Bitspecter Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-22T14:33:18.000000Z"}]}