{"vulnerability": "CVE-2025-2591", "sightings": [{"uuid": "1ad6d081-af2c-4b7e-addc-9655e83b671d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114184692845997403", "content": "", "creation_timestamp": "2025-03-18T17:49:03.245298Z"}, {"uuid": "5c04bf95-4383-4a80-8aa4-d856ab986e37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2591", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "f6aa61ea-95f2-4ce8-b3e6-53bffced960b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkmegys3tq2j", "content": "", "creation_timestamp": "2025-03-18T00:01:10.645544Z"}, {"uuid": "a40d6bb6-4264-42ea-84a1-5385bd28a79f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkoritqmbe2q", "content": "", "creation_timestamp": "2025-03-18T23:00:07.184168Z"}, {"uuid": "ecab779b-32ea-458f-af02-95acec5469ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "23baeacd-ce48-4764-bae8-41412a6e5cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7837", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25914\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter\n\ud83d\udccf Published: 2025-03-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T19:37:32.773Z\n\ud83d\udd17 References:\n1. https://github.com/872323857/CVE/blob/main/online-exam-mastering-system_sqlinject.md", "creation_timestamp": "2025-03-17T19:47:49.000000Z"}, {"uuid": "a12865ba-f040-4f1a-b974-8eeac130b378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2591", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8345", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2591\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.\n\ud83d\udccf Published: 2025-03-21T13:31:08.439Z\n\ud83d\udccf Modified: 2025-03-21T13:31:08.439Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300574\n2. https://vuldb.com/?ctiid.300574\n3. https://vuldb.com/?submit.517781\n4. https://github.com/assimp/assimp/issues/6009\n5. https://github.com/assimp/assimp/pull/6047\n6. https://github.com/assimp/assimp/issues/6009#issue-2877367021\n7. https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd", "creation_timestamp": "2025-03-21T14:19:21.000000Z"}, {"uuid": "c39a12fd-c977-4d92-987d-2e2d45056480", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "https://t.me/cvedetector/20523", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25914 - Online Exam Mastering System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25914 \nPublished : March 17, 2025, 8:15 p.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T23:20:00.000000Z"}, {"uuid": "06c68a2e-f454-4505-b1fa-9fa10cf27256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2591", "type": "seen", "source": "https://t.me/cvedetector/20810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2591 - \"Open Asset Import Library Assimp Divide By Zero Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2591 \nPublished : March 21, 2025, 2:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T15:58:40.000000Z"}, {"uuid": "8aacbcb6-f40f-4c67-a383-47741dcaeec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25916", "type": "seen", "source": "Telegram/OqtijlW6O0ZityJe562GbnWUuNQKTkLnHrDYscLPgzD6l66v", "content": "", "creation_timestamp": "2025-03-02T11:45:36.000000Z"}, {"uuid": "05714167-bf40-4b1e-a6ce-f3c85ef9efaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25914", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:30.000000Z"}, {"uuid": "97ebd8f7-1eff-4754-b416-38b517365893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25916", "type": "seen", "source": "https://t.me/cvedetector/19157", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25916 - Wuzhicms Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25916 \nPublished : Feb. 28, 2025, 3:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \\coreframe\\app\\member\\admin\\group.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T17:51:54.000000Z"}, {"uuid": "9a29a5c8-a3ea-4f1f-9744-6d5278613408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25916", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5906", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25916\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \\coreframe\\app\\member\\admin\\group.php.\n\ud83d\udccf Published: 2025-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T15:07:54.108Z\n\ud83d\udd17 References:\n1. https://github.com/wuzhicms/wuzhicms/issues/213\n2. https://gist.github.com/A7cc/e28b5790d8b40df8d418d1bd15c25d12", "creation_timestamp": "2025-02-28T15:26:35.000000Z"}]}