{"vulnerability": "CVE-2025-3224", "sightings": [{"uuid": "b2fa8f49-6e19-44c2-ab9c-3794635060b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32240", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsljwju2u", "content": "", "creation_timestamp": "2025-04-10T11:32:33.816586Z"}, {"uuid": "eba8b3cd-5597-4bcd-908f-6e26b16df9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsm7gv32j", "content": "", "creation_timestamp": "2025-04-10T11:32:36.428816Z"}, {"uuid": "9acbf350-41d7-4508-87c7-e46f03c44400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsmg62x2h", "content": "", "creation_timestamp": "2025-04-10T11:32:37.620518Z"}, {"uuid": "beedd7c5-fca0-4edd-85c0-29adf2625928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32243", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsnhsah2h", "content": "", "creation_timestamp": "2025-04-10T11:32:43.657621Z"}, {"uuid": "1846b4c8-c057-4d59-b584-668d15f8e96d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32245", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodn7vdh2j", "content": "", "creation_timestamp": "2025-05-16T18:37:33.645903Z"}, {"uuid": "66dadc8b-ec61-483b-8b02-4b77765650e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3224", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114417325567011461", "content": "", "creation_timestamp": "2025-04-28T19:50:36.635144Z"}, {"uuid": "9e163f69-1cb0-4a07-9b81-6fca3b5c9483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3224", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5uycst2d", "content": "", "creation_timestamp": "2025-04-28T23:45:37.220999Z"}, {"uuid": "3e5d4643-38f8-4cb8-a301-be345573be49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32243", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11204", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32243\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.\n\ud83d\udccf Published: 2025-04-10T08:09:47.134Z\n\ud83d\udccf Modified: 2025-04-10T08:09:47.134Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/internal-link-finder/vulnerability/wordpress-internal-link-optimiser-plugin-5-1-2-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:48.000000Z"}, {"uuid": "42ab006d-6357-4316-8ddf-0f64964782fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32244", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11203", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32244\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.\n\ud83d\udccf Published: 2025-04-10T08:09:47.326Z\n\ud83d\udccf Modified: 2025-04-10T08:09:47.326Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/seo-help/vulnerability/wordpress-seo-help-plugin-6-6-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:48.000000Z"}, {"uuid": "17cb22b3-585f-43f1-a70c-1cef21aef632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32240", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11206", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32240\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.\n\ud83d\udccf Published: 2025-04-10T08:09:46.691Z\n\ud83d\udccf Modified: 2025-04-10T08:09:46.691Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/site-notify/vulnerability/wordpress-site-notify-1-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:50.000000Z"}, {"uuid": "cd2bb60d-a04b-4497-bf88-c8c6256c2ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32242", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32242\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2.\n\ud83d\udccf Published: 2025-04-10T08:09:46.853Z\n\ud83d\udccf Modified: 2025-04-10T08:09:46.853Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hive-support/vulnerability/wordpress-hive-support-plugin-1-2-2-broken-access-control-vulnerability-2?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:49.000000Z"}, {"uuid": "e8c8d816-8797-4549-9ff4-77f00315af90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3224", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3224\n\ud83d\udd25 CVSS Score: 7.3 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u00a0could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\\ProgramData\\Docker\\config with high privileges. However, this directory often does not exist by default, and C:\\ProgramData\\ allows normal users to create new directories. By creating a malicious Docker\\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.\n\ud83d\udccf Published: 2025-04-28T19:21:15.851Z\n\ud83d\udccf Modified: 2025-04-28T19:43:24.060Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks", "creation_timestamp": "2025-04-28T20:11:20.000000Z"}, {"uuid": "d76128ed-077f-4c1a-b913-1a04aab8939a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3224", "type": "seen", "source": "https://t.me/cvedetector/23946", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3224 - Docker Desktop for Windows Elevation of Privilege Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3224 \nPublished : April 28, 2025, 8:15 p.m. | 1\u00a0hour, 35\u00a0minutes ago \nDescription : A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u00a0could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\\ProgramData\\Docker\\config with high privileges. However, this directory often does not exist by default, and C:\\ProgramData\\ allows normal users to create new directories. By creating a malicious Docker\\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T00:06:21.000000Z"}, {"uuid": "cf8a70ed-43c3-4b97-9f78-c3aa2c205846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32243", "type": "seen", "source": "https://t.me/cvedetector/22628", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32243 - Toast Plugins Internal Link Optimiser Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32243 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:35.000000Z"}, {"uuid": "ab75c3db-5917-475d-a84f-34e34c6f17ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32240", "type": "seen", "source": "https://t.me/cvedetector/22636", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32240 - Site Notify Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32240 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:48.000000Z"}, {"uuid": "513aa593-0577-47cd-842b-b3a789066524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32244", "type": "seen", "source": "https://t.me/cvedetector/22629", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32244 - QuantumCloud SEO Help Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32244 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:38.000000Z"}, {"uuid": "a28b3255-2954-467f-9309-3a469d10bb20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32242", "type": "seen", "source": "https://t.me/cvedetector/22627", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32242 - Hive Support Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32242 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:34.000000Z"}]}