{"vulnerability": "CVE-2025-2954", "sightings": [{"uuid": "7c05a458-986c-492c-ad56-2339594f2d4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lngewcrnyi2g", "content": "", "creation_timestamp": "2025-04-22T19:09:17.327037Z"}, {"uuid": "73135d97-47b0-4bd9-9880-7e28ec549b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29547", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnj3pgql4m2t", "content": "", "creation_timestamp": "2025-04-23T21:02:22.473063Z"}, {"uuid": "6052b2f4-347e-4b7e-8228-a646016afa20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2954", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9644", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2954\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-30T16:31:05.242Z\n\ud83d\udccf Modified: 2025-03-31T13:04:26.725Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302007\n2. https://vuldb.com/?ctiid.302007\n3. https://vuldb.com/?submit.521545\n4. https://magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41", "creation_timestamp": "2025-03-31T13:31:19.000000Z"}, {"uuid": "599ec2ab-5924-437c-8147-f6806317c932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29547\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000.\n\ud83d\udccf Published: 2025-04-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T19:31:51.240Z\n\ud83d\udd17 References:\n1. https://horizondatasys.com/rollback-rx-time-machine/rollback-rx-professional/\n2. https://packetstorm.news/files/id/190491/", "creation_timestamp": "2025-04-22T20:05:13.000000Z"}, {"uuid": "bc65ebd5-c2a2-4dce-87fb-5c5edff8ecfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29547", "type": "seen", "source": "https://t.me/cvedetector/23517", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29547 - Rollback Rx Professional Null Pointer Dereference Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29547 \nPublished : April 22, 2025, 3:16 p.m. | 44\u00a0minutes ago \nDescription : In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T18:24:10.000000Z"}, {"uuid": "54f9923c-8684-46a6-a374-563d42252951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2954", "type": "seen", "source": "https://t.me/cvedetector/21516", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2954 - Mannaandpoem OpenManus File Handler Improper Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2954 \nPublished : March 30, 2025, 5:15 p.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-30T20:36:07.000000Z"}]}