{"vulnerability": "CVE-2025-3797", "sightings": [{"uuid": "1c572cf8-5b64-4717-a426-28a044e9c6c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37979", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114541863164980272", "content": "", "creation_timestamp": "2025-05-20T19:42:09.864617Z"}, {"uuid": "9410fdd7-b804-47d9-bd34-4817b08b8cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3797", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctewf42u", "content": "", "creation_timestamp": "2025-04-19T08:39:11.438888Z"}, {"uuid": "74a8f79c-b4ed-4d25-ae88-3ec0080dfd77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3797", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5rld33x3r2", "content": "", "creation_timestamp": "2025-04-19T09:02:33.843559Z"}, {"uuid": "0f3470dd-682b-42d8-af1f-6219cd454ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37978", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114541915882776475", "content": "", "creation_timestamp": "2025-05-20T19:55:33.742948Z"}, {"uuid": "81ad4b88-f53f-4a59-96d1-076656aaa7e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37976", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37976\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process\n\n[ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ]\n\nCurrently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry\nto fetch the next entry from the destination ring. This is incorrect because\nath12k_hal_srng_src_get_next_entry is intended for source rings, not destination\nrings. This leads to invalid entry fetches, causing potential data corruption or\ncrashes due to accessing incorrect memory locations. This happens because the\nsource ring and destination ring have different handling mechanisms and using\nthe wrong function results in incorrect pointer arithmetic and ring management.\n\nTo fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with\nath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures\nthat the correct function is used for fetching entries from the destination\nring, preventing invalid memory accesses.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3\n\ud83d\udccf Published: 2025-05-20T16:58:19.992Z\n\ud83d\udccf Modified: 2025-05-20T16:58:19.992Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/0c1015493f0e3979bcbd3a12ebc0977578c87f21", "creation_timestamp": "2025-05-20T17:47:10.000000Z"}, {"uuid": "658602e6-b739-40a4-96f7-eb98d9fed5b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12632", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3797\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-19T07:00:12.724Z\n\ud83d\udccf Modified: 2025-04-21T02:36:52.642Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305650\n2. https://vuldb.com/?ctiid.305650\n3. https://vuldb.com/?submit.554660\n4. https://github.com/FSRM1/CVE/blob/main/seacms_sql2.md", "creation_timestamp": "2025-04-21T03:01:54.000000Z"}, {"uuid": "9e99a36d-ae69-473b-9b70-3a595fa851ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37978", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37978\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: integrity: Do not call set_page_dirty_lock()\n\nPlacing multiple protection information buffers inside the same page\ncan lead to oopses because set_page_dirty_lock() can't be called from\ninterrupt context.\n\nSince a protection information buffer is not backed by a file there is\nno point in setting its page dirty, there is nothing to synchronize.\nDrop the call to set_page_dirty_lock() and remove the last argument to\nbio_integrity_unpin_bvec().\n\ud83d\udccf Published: 2025-05-20T16:58:21.422Z\n\ud83d\udccf Modified: 2025-05-20T16:58:21.422Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4\n2. https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617\n3. https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b", "creation_timestamp": "2025-05-20T17:46:53.000000Z"}, {"uuid": "de71871f-3e63-4a2a-9266-811901ec1763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37977", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17038", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37977\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: exynos: Disable iocc if dma-coherent property isn't set\n\nIf dma-coherent property isn't set then descriptors are non-cacheable\nand the iocc shareability bits should be disabled. Without this UFS can\nend up in an incompatible configuration and suffer from random cache\nrelated stability issues.\n\ud83d\udccf Published: 2025-05-20T16:58:20.693Z\n\ud83d\udccf Modified: 2025-05-20T16:58:20.693Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/869749e48115ef944eeabec8e84138908471fa51\n2. https://git.kernel.org/stable/c/f0c6728a6f2e269ebb234a9b5bb6c2c24aafeb51\n3. https://git.kernel.org/stable/c/f92bb7436802f8eb7ee72dc911a33c8897fde366", "creation_timestamp": "2025-05-20T17:47:08.000000Z"}, {"uuid": "700b2223-b405-4545-9cd4-9c85da3ac719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37973", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17042", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37973\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation\n\nCurrently during the multi-link element defragmentation process, the\nmulti-link element length added to the total IEs length when calculating\nthe length of remaining IEs after the multi-link element in\ncfg80211_defrag_mle(). This could lead to out-of-bounds access if the\nmulti-link element or its corresponding fragment elements are the last\nelements in the IEs buffer.\n\nTo address this issue, correctly calculate the remaining IEs length by\ndeducting the multi-link element end offset from total IEs end offset.\n\ud83d\udccf Published: 2025-05-20T16:47:19.074Z\n\ud83d\udccf Modified: 2025-05-20T16:47:19.074Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/73dde269a1a43e6b1aa92eba13ad2df58bfdd38e\n2. https://git.kernel.org/stable/c/9423f6da825172b8dc60d4688ed3d147291c3be9\n3. https://git.kernel.org/stable/c/e1c6d0c6199bd5f4cfc7a66ae7032b6e805f904d\n4. https://git.kernel.org/stable/c/023c1f2f0609218103cbcb48e0104b144d4a16dc", "creation_timestamp": "2025-05-20T17:47:13.000000Z"}, {"uuid": "3ad81d2b-b065-4143-88c0-1712828308d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37974", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17041", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37974\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.\n\ud83d\udccf Published: 2025-05-20T16:47:19.676Z\n\ud83d\udccf Modified: 2025-05-20T16:47:19.676Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/be54b750c333a9db7c3b3686846bb06b07b011fe\n2. https://git.kernel.org/stable/c/2769b718e164df983c20c314b263a71a699be6cd\n3. https://git.kernel.org/stable/c/42420c50c68f3e95e90de2479464f420602229fc", "creation_timestamp": "2025-05-20T17:47:11.000000Z"}, {"uuid": "42f8d8ed-3d52-49fd-b162-560c4a4d6375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37975", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17040", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37975\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: module: Fix out-of-bounds relocation access\n\nThe current code allows rel[j] to access one element past the end of the\nrelocation section. Simplify to num_relocations which is equivalent to\nthe existing size expression.\n\ud83d\udccf Published: 2025-05-20T16:58:19.270Z\n\ud83d\udccf Modified: 2025-05-20T16:58:19.270Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a068ea00009d373d825c528f9c168501519211b4\n2. https://git.kernel.org/stable/c/95e4e1c1cf614d125f159db9726b7abb32e18385\n3. https://git.kernel.org/stable/c/0b4cce68efb93e31a8e51795d696df6e379cb41c", "creation_timestamp": "2025-05-20T17:47:10.000000Z"}, {"uuid": "f1e53868-8e1f-4726-896b-b408849041f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3797", "type": "seen", "source": "https://t.me/cvedetector/23378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3797 - SeaCMS SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3797 \nPublished : April 19, 2025, 7:15 a.m. | 1\u00a0hour, 35\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T10:58:27.000000Z"}]}