{"vulnerability": "CVE-2025-4067", "sightings": [{"uuid": "c4969e9b-c706-4369-9f13-c9be818aaa23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr6ap5pvp22e", "content": "", "creation_timestamp": "2025-06-09T11:13:10.433000Z"}, {"uuid": "452158c1-ff3e-420b-92e9-71e569c429d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40672", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq5e73kthem2", "content": "", "creation_timestamp": "2025-05-27T09:18:06.135481Z"}, {"uuid": "070a2344-07ab-4ec2-9d04-7a71757b9f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4067", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnxn3354yb24", "content": "", "creation_timestamp": "2025-04-29T15:50:27.724909Z"}, {"uuid": "06e9c993-aae6-4172-ad77-2cdea4458b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40673", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqa6ilhy6pc2", "content": "", "creation_timestamp": "2025-05-28T12:14:01.296011Z"}, {"uuid": "1ee0af05-adb7-48ef-8f67-afc236627b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr6pvtlda52k", "content": "", "creation_timestamp": "2025-06-09T15:45:20.801986Z"}, {"uuid": "2544db86-89af-450d-99d8-335870e69e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3maijfmdoa52m", "content": "", "creation_timestamp": "2025-12-21T10:33:25.998753Z"}, {"uuid": "6a38694f-1780-4748-ab8d-f845829f56ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lz4hcikiby2c", "content": "", "creation_timestamp": "2025-09-18T13:27:35.217042Z"}, {"uuid": "328ce706-93b9-485c-9ef6-c13bf0bc4682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ma7kpnsmh42r", "content": "", "creation_timestamp": "2025-12-17T21:03:02.586587Z"}, {"uuid": "b94d5383-fcf5-4060-9660-da6c5fcebfd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40673", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqadgi5exb2m", "content": "", "creation_timestamp": "2025-05-28T13:42:08.528703Z"}, {"uuid": "6fcca6c2-3f55-40ae-a498-486456e1923c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40670", "type": "published-proof-of-concept", "source": "Telegram/AvRPE1FYyApk1Jln3Af0piOZ09oDjaUbhCE1oirCL83hBqc", "content": "", "creation_timestamp": "2025-06-09T13:02:03.000000Z"}, {"uuid": "4163b163-a92f-441d-82d8-ea82b7dc93b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4067", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13831", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4067\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-29T15:00:06.890Z\n\ud83d\udccf Modified: 2025-04-29T15:00:06.890Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306504\n2. https://vuldb.com/?ctiid.306504\n3. https://vuldb.com/?submit.559514\n4. https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_71.html", "creation_timestamp": "2025-04-29T15:11:35.000000Z"}, {"uuid": "6db8cd34-1648-436f-97ce-2c12649b9f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40672", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17541", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40672\n\ud83d\udd25 CVSS Score: 8.5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 from Grupo Espiral MS. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. \nThis would allow an attacker to obtain administrator permissions to \nperform whatever activities he/she wants, shuch as accessing sensitive \ninformation, executing code remotely, and even causing a denial of \nservice (DoS).\n\ud83d\udccf Published: 2025-05-26T09:05:40.862Z\n\ud83d\udccf Modified: 2025-05-26T09:05:40.862Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group", "creation_timestamp": "2025-05-26T09:49:10.000000Z"}, {"uuid": "4118c6e4-eeca-4329-8d1a-5b35004a9844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40671", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17540", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40671\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the \u2018fk_remoto_central\u2019 parameter on the \u2018/webservices/articles.php\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-26T09:08:05.238Z\n\ud83d\udccf Modified: 2025-05-26T09:08:05.238Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-aes-multimedias-gestnet", "creation_timestamp": "2025-05-26T09:49:09.000000Z"}, {"uuid": "6a8ee01a-0008-4a3b-ab06-6b7b5e0e3927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40674", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18575", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40674\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.\n\ud83d\udccf Published: 2025-06-17T08:50:17.363Z\n\ud83d\udccf Modified: 2025-06-17T08:50:17.363Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-oscommerce", "creation_timestamp": "2025-06-17T09:41:30.000000Z"}, {"uuid": "b39ea026-2b95-4ee3-94cc-c3cfa65eb5dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/52616", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aSummar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677\nURL\uff1ahttps://github.com/PeterGabaldon/CVE-2025-40677\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-22T08:06:36.000000Z"}, {"uuid": "51de4a76-a46e-4ce0-a17a-0fc3fec2178d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "published-proof-of-concept", "source": "Telegram/5Vt8EpwjyHdujDgjdkJ-lTFzdb-CXmUsrvvwGaWPGRhGGIg", "content": "", "creation_timestamp": "2025-09-22T15:00:06.000000Z"}, {"uuid": "c9745d91-16f1-4ab3-885c-bfb6645d5e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40677", "type": "published-proof-of-concept", "source": "Telegram/4KH4fvgPREtz_kMSkNg2r16pvMbYZGydJXtUGpYRnrWI7_8", "content": "", "creation_timestamp": "2025-09-22T11:00:07.000000Z"}, {"uuid": "bf499989-18b6-4546-b6be-4849ef66652d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4067", "type": "seen", "source": "https://t.me/cvedetector/24032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4067 - ScriptAndTools Online-Travling-System Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4067 \nPublished : April 29, 2025, 3:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T19:20:52.000000Z"}]}