{"vulnerability": "CVE-2025-32370", "sightings": [{"uuid": "b5671af3-6327-41f6-909a-d4523de58035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114290995237686382", "content": "", "creation_timestamp": "2025-04-06T12:23:08.542897Z"}, {"uuid": "089246f9-7f78-420b-9d9d-f515d049e8f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lp2laczl6p2t", "content": "", "creation_timestamp": "2025-05-13T13:20:42.364391Z"}, {"uuid": "19eb3945-5074-4bb2-88b0-221b11f02937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm544lc5jd26", "content": "", "creation_timestamp": "2025-04-06T09:12:36.009775Z"}, {"uuid": "bba3b648-e340-4629-9511-e2f468154c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "published-proof-of-concept", "source": "Telegram/UniB57STuDvdE48xUY8fEONrPJBrVxr-UljY-0_y9mj8GYk", "content": "", "creation_timestamp": "2025-04-06T10:00:59.000000Z"}, {"uuid": "8b383265-4799-4281-9022-5035c6abf5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lp5viosnwz2n", "content": "", "creation_timestamp": "2025-05-14T21:02:28.059036Z"}, {"uuid": "b172894f-0c6f-4ca9-874f-5ca0b9db9907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10632", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32370\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\ud83d\udd39 Description: Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T06:50:42.609Z\n\ud83d\udd17 References:\n1. https://devnet.kentico.com/download/hotfixes\n2. https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/", "creation_timestamp": "2025-04-06T07:38:01.000000Z"}, {"uuid": "b6f26d54-663f-4595-8f74-6053c78fe991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/cvedetector/22220", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32370 - Kentico Xperience Zip File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32370 \nPublished : April 6, 2025, 7:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T11:48:15.000000Z"}, {"uuid": "6c461714-0b66-4518-9b28-5626f22eae97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/arpsyndicate/5393", "content": "\ud83d\udea8 Stay ahead with real-time CVE scoring updates!\n\nTrack daily changes in EPSS & VEDAS at: \n\ud83d\udc49 https://vedas.arpsyndicate.io\n\nWe also push bulk updates to GitHub:\n\ud83d\udcc8 https://github.com/ARPSyndicate/cve-scores\n\nNeed deeper CVE insights? \nTry our enrichment API:\n\ud83d\udd0d https://api.exploit.observer/?keyword=CVE-2025-32370&enrich=True", "creation_timestamp": "2025-05-21T05:46:11.000000Z"}]}