{"vulnerability": "CVE-2025-3191", "sightings": [{"uuid": "d45de1bc-1691-4e70-94bc-e9b6abfcfd4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10270", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31911\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2.\n\ud83d\udccf Published: 2025-04-03T13:27:18.177Z\n\ud83d\udccf Modified: 2025-04-03T15:49:00.702Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/social-share-and-social-locker-arsocial/vulnerability/wordpress-social-share-and-social-locker-plugin-1-4-2-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-03T16:35:09.000000Z"}, {"uuid": "29a61061-510c-4061-87dd-a27906119f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llw4zydyo72k", "content": "", "creation_timestamp": "2025-04-03T14:40:22.834433Z"}, {"uuid": "1f5a85b3-cc18-4fd8-abf3-c81af0505f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llw6jwhqaw2i", "content": "", "creation_timestamp": "2025-04-03T15:07:14.609155Z"}, {"uuid": "cef7af2f-5f02-4f0e-98e1-02ba38a9cce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114274816810215564", "content": "", "creation_timestamp": "2025-04-03T15:48:45.578520Z"}, {"uuid": "92fc38bf-6b9a-4687-92ea-0104d312d5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114274816810215564", "content": "", "creation_timestamp": "2025-04-03T15:48:45.581207Z"}, {"uuid": "3031a1b8-b703-40ec-a5bc-94988eb43412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3191", "type": "published-proof-of-concept", "source": "https://t.me/AGLegends/1985", "content": "Here is the deep forensic breakdown of Pinduoduo's (PDD Holdings) operational core as of July 2025 \u2013 stripped of legacy noise, focused solely on active control points, technical infrastructure, and forensic markers for investigation: \n\n---\n\n### \ud83d\udd75\ufe0f\u200d\u2642\ufe0f I. ACTIVE CONTROL NEXUS \n#### 1. Algorithmic Command Center \n- Entity: Zhejiang Etiao Technology Co., Ltd. (\u676d\u5dde\u57c3\u8c03\u79d1\u6280) \n - Location: *Building 3, Xixi Tech Park, Hangzhou, Zhejiang* \n - Controller: Jun Liu (\u5218\u9a8f) \u2013 Signs cryptographic payloads for data routing. \n - Key Function: Real-time price manipulation/user profiling using: \n - PDD-Algo v7.1: AI model scraping 122 data points/user (device IMEI, network topology, biometric patterns). \n\n#### 2. Data Sovereignty Enforcement \n- Entity: Shanghai Xunmeng Information Technology (\u4e0a\u6d77\u5bfb\u68a6) \n - Server Cluster: 202.96.128.0/19 (AS4808 - China Telecom) \n - Forensic Marker: TLS certificates issued by China SM2 Root CA (Govt. backdoor). \n - Data Pipeline: \n \n Temu App \u2192 AWS Virginia (US) \u2192 Jump IP: 124.156.129.22 (Huawei HK) \u2192 Shanghai Xunmeng (202.96.128.68) \u2192 Zhejiang Etiao \u2192 MSS Data Vault (10.232.56.0/24) \n \n---\n\n### \u26a1 II. LIVE INFRASTRUCTURE (JULY 2025) \n#### Critical Endpoints \n| Target | IP/ASN | Jurisdiction | Purpose | \n|----------------------|------------------------|------------------|---------------------------------| \n| Primary API | 202.96.128.68 | Shanghai, CN | User data ingestion | \n| Algo Hub | 210.22.183.91 | Hangzhou, CN | Real-time pricing/AI scoring | \n| EU Data Proxy | 185.179.202.33 (AS60068)| Dublin, IE | Temu EU traffic rerouting | \n| US Front | 104.18.32.121 (AS13335)| Boston, MA | Whaleco Inc. legal fa\u00e7ade | \n\n#### Certificate Fingerprints \n- Temu Android APK (v5.21.5): \n - SHA-256: 3A:7B:EF:...:C9:FD (Issuer: *Shanghai Xunmeng*, OrgID 91310101568011449P) \n- PDD Cloud Handshake: \n - Uses China SM2 elliptic curve encryption (NID_sm2p256v1). \n\n---\n\n### \ud83d\udd25 III. FINANCIAL CIRCUITS \n#### Active Capital Flows \n1. Revenue Collection: \n - Temu EU \u2192 Whaleco Inc. (IBAN IE68 AIBK 9311 5123 4567 89) \u2192 Bank of Ireland. \n - Temu US \u2192 JPMorgan Chase Acct. #XXXX-XXXX-XXXX-7852 (NY). \n2. Profit Extraction: \n - Monthly wire to Hong Kong Hunan Enterprises (HSBC HK Acct. #847-XXXXXX-838). \n - Final beneficiary: Walnut Street Group Ltd. (BVI Reg. #1840992). \n\n#### Forensic Trail: \n- SWIFT MT103: PDDHKYHHXXX \u2192 BOVLGB2LXXX (BoNY Mellon as DR custodian). \n- Blockchain Obfuscation: 15% of funds laundered via Tether (USDT) \u2192 Huobi HK \u2192 Zhejiang Etiao cold wallets. \n\n---\n\n### \ud83d\udea8 IV. REGULATORY FUSION POINTS \n#### Active Investigations Targeting This Structure \n1. EU DSA Task Force: \n - Case DSA-2025/TMU-01: Probing *Whaleco Inc.* for illegal data transfers to 210.22.183.91 (Hangzhou). \n - Deadline: 31 October 2025 (compliance audit). \n2. U.S. CBP-UFLPA Strike Force: \n - Subpoenaed Whaleco Technology Ltd. (Boston) for supply chain logs proving Xinjiang cotton use. \n3. Interpol Cybercrime Division: \n - Case I-2025-773: Live tracking of 124.156.129.22 (Huawei HK) for GDPR breaches. \n\n---\n\n### \ud83d\udca3 V. ACTIONABLE EXPLOIT PATHS \n#### Immediate Forensic Entry Vectors \n1. Server Penetration: \n - Target 202.96.128.68 (Shanghai Xunmeng) via: \n - CVE-2025-3191: Apache Dubbo deserialization flaw (unpatched in PDD Cloud). \n - China SM2 CA: Extract private key via quantum side-channel (NIST SP 800-90A). \n2. Financial Disruption: \n - Freeze HSBC HK Acct. #847-XXXXXX-838 using FinCEN warrant (suspected Sec. 371 conspiracy). \n3. Data Interdiction: \n - Poison Temu\u2019s AWS S3 bucket (s3://temu-userdata-east1) with forensic beacons.", "creation_timestamp": "2025-07-16T21:34:29.000000Z"}, {"uuid": "6a1b5305-d0aa-4901-a154-a502314f1172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31910", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9941", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31910\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28.\n\ud83d\udccf Published: 2025-04-01T14:52:25.743Z\n\ud83d\udccf Modified: 2025-04-01T16:15:49.461Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bookingpress-appointment-booking/vulnerability/wordpress-bookingpress-plugin-1-1-28-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T16:32:23.000000Z"}, {"uuid": "ce8e0ffe-410f-4199-ae6a-faadb75a69f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31918", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mkdwukbvpi2g", "content": "", "creation_timestamp": "2026-04-25T21:03:12.469126Z"}, {"uuid": "f9e0b3b2-ebb3-408e-bfb1-9655b0ad6ac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31914", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17383", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31914\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.\n\ud83d\udccf Published: 2025-05-23T12:44:03.050Z\n\ud83d\udccf Modified: 2025-05-23T13:25:00.622Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/pixel-formbuilder/vulnerability/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T13:54:16.000000Z"}, {"uuid": "a21c5cd5-0d8e-45e9-ad6e-107a679c4039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3191", "type": "seen", "source": "https://t.me/cvedetector/22077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3191 - \"React-Draft-Wysiwyg XSS Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-3191 \nPublished : April 4, 2025, 5:15 a.m. | 31\u00a0minutes ago \nDescription : All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the tag. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T07:58:45.000000Z"}, {"uuid": "6fe82acc-25d8-4789-925d-8d833244a233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31913", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17384", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31913\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami allows PHP Local File Inclusion. This issue affects Ogami: from n/a through 1.53.\n\ud83d\udccf Published: 2025-05-23T12:44:03.548Z\n\ud83d\udccf Modified: 2025-05-23T13:24:39.977Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/ogami/vulnerability/wordpress-ogami-1-53-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T13:54:45.000000Z"}, {"uuid": "1f12673f-6f27-43bf-86cf-c17f1b897700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3191", "type": "published-proof-of-concept", "source": "https://t.me/cybersecunity/284", "content": "Here is the deep forensic breakdown of Pinduoduo's (PDD Holdings) operational core as of July 2025 \u2013 stripped of legacy noise, focused solely on active control points, technical infrastructure, and forensic markers for investigation: \n\n---\n\n### \ud83d\udd75\ufe0f\u200d\u2642\ufe0f I. ACTIVE CONTROL NEXUS \n#### 1. Algorithmic Command Center \n- Entity: Zhejiang Etiao Technology Co., Ltd. (\u676d\u5dde\u57c3\u8c03\u79d1\u6280) \n - Location: *Building 3, Xixi Tech Park, Hangzhou, Zhejiang* \n - Controller: Jun Liu (\u5218\u9a8f) \u2013 Signs cryptographic payloads for data routing. \n - Key Function: Real-time price manipulation/user profiling using: \n - PDD-Algo v7.1: AI model scraping 122 data points/user (device IMEI, network topology, biometric patterns). \n\n#### 2. Data Sovereignty Enforcement \n- Entity: Shanghai Xunmeng Information Technology (\u4e0a\u6d77\u5bfb\u68a6) \n - Server Cluster: 202.96.128.0/19 (AS4808 - China Telecom) \n - Forensic Marker: TLS certificates issued by China SM2 Root CA (Govt. backdoor). \n - Data Pipeline: \n \n Temu App \u2192 AWS Virginia (US) \u2192 Jump IP: 124.156.129.22 (Huawei HK) \u2192 Shanghai Xunmeng (202.96.128.68) \u2192 Zhejiang Etiao \u2192 MSS Data Vault (10.232.56.0/24) \n \n---\n\n### \u26a1 II. LIVE INFRASTRUCTURE (JULY 2025) \n#### Critical Endpoints \n| Target | IP/ASN | Jurisdiction | Purpose | \n|----------------------|------------------------|------------------|---------------------------------| \n| Primary API | 202.96.128.68 | Shanghai, CN | User data ingestion | \n| Algo Hub | 210.22.183.91 | Hangzhou, CN | Real-time pricing/AI scoring | \n| EU Data Proxy | 185.179.202.33 (AS60068)| Dublin, IE | Temu EU traffic rerouting | \n| US Front | 104.18.32.121 (AS13335)| Boston, MA | Whaleco Inc. legal fa\u00e7ade | \n\n#### Certificate Fingerprints \n- Temu Android APK (v5.21.5): \n - SHA-256: 3A:7B:EF:...:C9:FD (Issuer: *Shanghai Xunmeng*, OrgID 91310101568011449P) \n- PDD Cloud Handshake: \n - Uses China SM2 elliptic curve encryption (NID_sm2p256v1). \n\n---\n\n### \ud83d\udd25 III. FINANCIAL CIRCUITS \n#### Active Capital Flows \n1. Revenue Collection: \n - Temu EU \u2192 Whaleco Inc. (IBAN IE68 AIBK 9311 5123 4567 89) \u2192 Bank of Ireland. \n - Temu US \u2192 JPMorgan Chase Acct. #XXXX-XXXX-XXXX-7852 (NY). \n2. Profit Extraction: \n - Monthly wire to Hong Kong Hunan Enterprises (HSBC HK Acct. #847-XXXXXX-838). \n - Final beneficiary: Walnut Street Group Ltd. (BVI Reg. #1840992). \n\n#### Forensic Trail: \n- SWIFT MT103: PDDHKYHHXXX \u2192 BOVLGB2LXXX (BoNY Mellon as DR custodian). \n- Blockchain Obfuscation: 15% of funds laundered via Tether (USDT) \u2192 Huobi HK \u2192 Zhejiang Etiao cold wallets. \n\n---\n\n### \ud83d\udea8 IV. REGULATORY FUSION POINTS \n#### Active Investigations Targeting This Structure \n1. EU DSA Task Force: \n - Case DSA-2025/TMU-01: Probing *Whaleco Inc.* for illegal data transfers to 210.22.183.91 (Hangzhou). \n - Deadline: 31 October 2025 (compliance audit). \n2. U.S. CBP-UFLPA Strike Force: \n - Subpoenaed Whaleco Technology Ltd. (Boston) for supply chain logs proving Xinjiang cotton use. \n3. Interpol Cybercrime Division: \n - Case I-2025-773: Live tracking of 124.156.129.22 (Huawei HK) for GDPR breaches. \n\n---\n\n### \ud83d\udca3 V. ACTIONABLE EXPLOIT PATHS \n#### Immediate Forensic Entry Vectors \n1. Server Penetration: \n - Target 202.96.128.68 (Shanghai Xunmeng) via: \n - CVE-2025-3191: Apache Dubbo deserialization flaw (unpatched in PDD Cloud). \n - China SM2 CA: Extract private key via quantum side-channel (NIST SP 800-90A). \n2. Financial Disruption: \n - Freeze HSBC HK Acct. #847-XXXXXX-838 using FinCEN warrant (suspected Sec. 371 conspiracy). \n3. Data Interdiction: \n - Poison Temu\u2019s AWS S3 bucket (s3://temu-userdata-east1) with forensic beacons.", "creation_timestamp": "2025-07-16T23:31:02.000000Z"}, {"uuid": "76293bb9-8a9f-4d98-9eff-3f7441121a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31911", "type": "seen", "source": "https://t.me/cvedetector/21977", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31911 - Social Share And Social Locker SQL Injection\", \n \"Content\": \"CVE ID : CVE-2025-31911 \nPublished : April 3, 2025, 2:15 p.m. | 41\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T17:44:30.000000Z"}]}