{"vulnerability": "CVE-2025-3163", "sightings": [{"uuid": "90f3223e-873f-4997-a8dd-29ec58e4f5fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3163", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwlvmfuql2i", "content": "", "creation_timestamp": "2025-04-03T19:06:22.848907Z"}, {"uuid": "6286f7ff-b284-47e4-b637-4e4ef71357b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31637", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodn4l6r2r", "content": "", "creation_timestamp": "2025-05-16T18:37:33.050318Z"}, {"uuid": "f02d769c-4761-48a8-91e4-23b336110794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3163", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12640", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3163\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T15:31:04.865Z\n\ud83d\udccf Modified: 2025-04-21T11:27:57.023Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303109\n2. https://vuldb.com/?ctiid.303109\n3. https://vuldb.com/?submit.542527\n4. https://github.com/InternLM/lmdeploy/issues/3254\n5. https://github.com/InternLM/lmdeploy/issues/3254#issue-2918865448", "creation_timestamp": "2025-04-21T12:01:37.000000Z"}, {"uuid": "2948d1cc-7f34-4cc7-96ca-f693277fffd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31635", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17731", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31635\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6.\n\ud83d\udccf Published: 2025-06-09T15:56:36.111Z\n\ud83d\udccf Modified: 2025-06-09T17:23:00.644Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/lbg-audio11-html5-shoutcast_history/vulnerability/wordpress-clever-2-6-arbitrary-file-download-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T18:11:18.000000Z"}, {"uuid": "22aeb910-2ea8-41bb-b7be-cb76db863816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3163", "type": "seen", "source": "https://t.me/cvedetector/21991", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3163 - InternLM LMDeploy Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3163 \nPublished : April 3, 2025, 4:15 p.m. | 47\u00a0minutes ago \nDescription : A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T19:24:59.000000Z"}]}