{"vulnerability": "CVE-2025-3085", "sightings": [{"uuid": "a9640562-84e9-4742-bbdf-789063071a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3085", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9876", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3085\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.\nRequired Configuration :\u00a0MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled\n\ud83d\udccf Published: 2025-04-01T12:05:05.401Z\n\ud83d\udccf Modified: 2025-04-01T12:05:05.401Z\n\ud83d\udd17 References:\n1. https://jira.mongodb.org/browse/SERVER-95445", "creation_timestamp": "2025-04-01T12:32:29.000000Z"}, {"uuid": "9555df24-9351-48f1-9ef1-98a65824d0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3085", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019339403950", "content": "", "creation_timestamp": "2025-04-01T13:48:33.699320Z"}, {"uuid": "cd7570e9-a3aa-4964-aa54-5479f97194b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3085", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019339403950", "content": "", "creation_timestamp": "2025-04-01T13:48:33.691350Z"}, {"uuid": "d23066ef-26ee-4bdc-a54f-9bee3e4f1db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3085", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lluiyzj2ms2x", "content": "", "creation_timestamp": "2025-04-02T23:09:18.248407Z"}, {"uuid": "f5adab75-abbd-4653-8fc3-0e314722d5bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30855", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9599", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30855\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.\n\ud83d\udccf Published: 2025-03-31T06:07:10.648Z\n\ud83d\udccf Modified: 2025-03-31T06:07:10.648Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/quick-adsense-reloaded/vulnerability/wordpress-ads-by-wpquads-plugin-2-0-87-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:07.000000Z"}, {"uuid": "cb52f5fe-3c88-4b65-ad4e-0117d3a2dba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30853", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10086", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30853\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0.\n\ud83d\udccf Published: 2025-04-01T20:58:07.634Z\n\ud83d\udccf Modified: 2025-04-02T14:21:24.802Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-10-0-broken-authentication-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T14:34:06.000000Z"}, {"uuid": "4fadb082-4caf-480c-8138-cc3730d0602d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30852", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10061", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30852\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1.\n\ud83d\udccf Published: 2025-04-01T20:58:07.479Z\n\ud83d\udccf Modified: 2025-04-02T13:28:19.414Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/oracle-cards/vulnerability/wordpress-oracle-cards-lite-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T13:33:29.000000Z"}, {"uuid": "bf129f36-8a0a-4157-9723-4e02d7468a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30855", "type": "seen", "source": "https://t.me/cvedetector/21547", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30855 - WPQuads Ads Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30855 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:04.000000Z"}, {"uuid": "98bc867c-d24c-4a2b-a570-1bb961648d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3085", "type": "seen", "source": "https://t.me/cvedetector/21748", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3085 - MongoDB TLS Intermediate Certificate Revocation Status Checking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3085 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.  \nRequired Configuration :\u00a0MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:13.000000Z"}]}