{"vulnerability": "CVE-2025-27615", "sightings": [{"uuid": "406b477f-0741-4ecd-bb87-ff2f302e5cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114139864929960883", "content": "", "creation_timestamp": "2025-03-10T19:48:43.344439Z"}, {"uuid": "87543307-1ecc-48c3-8935-375d076dba1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "85a52030-77f0-40b9-a552-5101f6e70531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:32.000000Z"}, {"uuid": "307165d7-6eb5-4b84-8358-b1436571949f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "https://t.me/cvedetector/19993", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27615 - umatiGateway Exposed Configuration Interface Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27615 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:49.000000Z"}, {"uuid": "f6b0e140-e4a4-43b9-8449-ed0ed7306d5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7041", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27615\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.\n\ud83d\udccf Published: 2025-03-10T18:47:59.819Z\n\ud83d\udccf Modified: 2025-03-10T19:05:29.676Z\n\ud83d\udd17 References:\n1. https://github.com/umati/umatiGateway/security/advisories/GHSA-qf9w-x9qx-2mq7\n2. https://github.com/umati/umatiGateway/pull/101\n3. https://github.com/umati/umatiGateway/commit/5d81a3412bc0051754a3095d89a06d6d743f2b16\n4. https://github.com/umati/umatiGateway/blob/abe73096a17307327f0d6dc0ed4db1fb93464521/README.md?plain=1#L34-L35", "creation_timestamp": "2025-03-10T19:38:33.000000Z"}]}