{"vulnerability": "CVE-2025-4727", "sightings": [{"uuid": "20dc5a10-e2bd-4332-b4ec-629b9642db09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47272", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmncljnora2", "content": "", "creation_timestamp": "2025-06-02T11:11:34.561355Z"}, {"uuid": "9e45ec91-eb81-435f-a4a0-47165956740b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-47277", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3lq443nugt42d", "content": "", "creation_timestamp": "2025-05-26T21:20:10.248609Z"}, {"uuid": "e32fc259-4df8-436e-8339-b0310d12bc5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47277", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3lppj3lewon2w", "content": "", "creation_timestamp": "2025-05-21T21:08:09.721426Z"}, {"uuid": "f93ca76a-64d2-4321-97e5-a97799306704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lpwphn64oc2g", "content": "", "creation_timestamp": "2025-05-24T17:50:57.604261Z"}, {"uuid": "f44e7103-13d5-4999-9cee-a78a2556e4f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lryklokwek2i", "content": "", "creation_timestamp": "2025-06-19T22:19:26.711874Z"}, {"uuid": "2417a383-0c78-433a-80cf-7f8e0516c364", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47272", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqmzydeerf2j", "content": "", "creation_timestamp": "2025-06-02T14:57:46.607431Z"}, {"uuid": "21321485-0a4c-4354-a840-6375fc2c155f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lq62jwsajs2p", "content": "", "creation_timestamp": "2025-05-27T15:57:44.015211Z"}, {"uuid": "97df8f65-7a6d-49f2-9200-9cedb87d0cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lpwy7s5n7c2g", "content": "", "creation_timestamp": "2025-05-24T20:27:37.717022Z"}, {"uuid": "846dc5ea-d851-4f53-8347-e954189a5798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lq5lvnntbs2p", "content": "", "creation_timestamp": "2025-05-27T11:35:51.052282Z"}, {"uuid": "b6dba04e-948a-4eda-9a51-cce3091413ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lqcml3nlik2n", "content": "", "creation_timestamp": "2025-05-29T11:31:08.193031Z"}, {"uuid": "7fac2358-80e3-4593-9d65-040cf4ca6cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lscackib6225", "content": "", "creation_timestamp": "2025-06-23T18:42:00.398643Z"}, {"uuid": "4f46e116-6c99-43a2-84b9-a283aa372610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lqsn26zo4k2e", "content": "", "creation_timestamp": "2025-06-04T20:22:12.255556Z"}, {"uuid": "956183d4-a8ca-494b-86cc-0edcbe55d37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpf22qx2g72w", "content": "", "creation_timestamp": "2025-05-17T17:12:40.344320Z"}, {"uuid": "00bebb83-57a2-42a5-be1d-5b77b8085f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47275", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lpla352hcc2h", "content": "", "creation_timestamp": "2025-05-20T04:16:16.034593Z"}, {"uuid": "9a9658a0-6940-40f6-aac8-a03603036bff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47271", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loy7dtwqat2e", "content": "", "creation_timestamp": "2025-05-12T14:42:35.640334Z"}, {"uuid": "97fff8b9-e456-4d3d-8641-f96a0e52d4bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47277", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114541634791270960", "content": "", "creation_timestamp": "2025-05-20T18:44:05.163924Z"}, {"uuid": "e6eb4744-1bc3-4ea0-8c6d-cc657cb0dd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lsvrnpsmya2e", "content": "", "creation_timestamp": "2025-07-01T13:13:01.584262Z"}, {"uuid": "526e5243-e402-44c2-ab54-a568da82134b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47270", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loy7duqxwj2h", "content": "", "creation_timestamp": "2025-05-12T14:42:39.463831Z"}, {"uuid": "726ad141-bd01-4fc8-9d84-94d82d7caf75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47275", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpinfvyel22k", "content": "", "creation_timestamp": "2025-05-19T03:36:54.447499Z"}, {"uuid": "84ea34d6-3c55-4cb8-bdc9-1cc8bec2e254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47277", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq7zahbg322m", "content": "", "creation_timestamp": "2025-05-28T10:39:50.816826Z"}, {"uuid": "8a1c2acf-e011-409b-9d68-e2a29f2e5578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47278", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vhuiw2ar2", "content": "", "creation_timestamp": "2025-05-13T16:30:19.049680Z"}, {"uuid": "ff108d06-4da0-4b72-928c-947a07d35b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47276", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vikxd6wr2", "content": "", "creation_timestamp": "2025-05-13T16:31:02.694254Z"}, {"uuid": "237c93fa-acfb-47a2-9c4f-312042606291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47276", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wsucnv42w", "content": "", "creation_timestamp": "2025-05-13T16:48:03.434918Z"}, {"uuid": "742106b0-d201-4327-a234-8e37d0b11380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47278", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wsug3ox22", "content": "", "creation_timestamp": "2025-05-13T16:48:04.014938Z"}, {"uuid": "fbb76925-2413-4ea7-acc0-f6e8df579983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lun6wlbysk23", "content": "", "creation_timestamp": "2025-07-23T14:07:05.022513Z"}, {"uuid": "0b975239-6ed8-418b-96cb-0bc655f77e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lukxo4fxek2n", "content": "", "creation_timestamp": "2025-07-22T16:51:44.658447Z"}, {"uuid": "d974e277-0ee6-49f4-ac48-01c32afdedf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47279", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpa7b7wpv52p", "content": "", "creation_timestamp": "2025-05-15T19:02:30.974873Z"}, {"uuid": "1fb291b7-6d8c-4d08-8603-246e0ca557ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47275", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114514077067044674", "content": "", "creation_timestamp": "2025-05-15T21:55:47.745525Z"}, {"uuid": "6ff9a956-d0fe-4522-9b36-bb920f417322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47275", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpalbvsn7g2r", "content": "", "creation_timestamp": "2025-05-15T22:37:34.706274Z"}, {"uuid": "5b0fe3b5-eb01-4bb6-bc55-d20ffb8aef26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwahyivcd22y", "content": "", "creation_timestamp": "2025-08-12T23:34:57.984095Z"}, {"uuid": "3a5fc4c9-8191-44bc-b961-424fa3c82977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvq6x7u2k22v", "content": "", "creation_timestamp": "2025-08-06T12:10:38.752596Z"}, {"uuid": "fb639709-6586-4e8a-ad38-5bb1c836055c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvwbcizbqc2t", "content": "", "creation_timestamp": "2025-08-08T22:08:42.494073Z"}, {"uuid": "704be4e5-6d43-467d-872b-afd584ea0376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lvrv6wwsrw2z", "content": "", "creation_timestamp": "2025-08-07T04:21:16.769579Z"}, {"uuid": "a48baf8e-539a-4542-9e20-a45dcf6bc983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lvrv7ebwk4p2", "content": "", "creation_timestamp": "2025-08-07T04:22:42.027735Z"}, {"uuid": "3add39b9-3e1f-4a4b-8364-85fdc1b77f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lwahyl4hqs62", "content": "", "creation_timestamp": "2025-08-12T23:35:04.329852Z"}, {"uuid": "cc074617-f995-4291-aabd-9ac7a11b96bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3m767t3uk6e2b", "content": "", "creation_timestamp": "2025-12-04T14:50:12.400425Z"}, {"uuid": "28f5a629-1653-40c0-9eb9-fe962d0bf21e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3m6mmbvm3sc2c", "content": "", "creation_timestamp": "2025-11-27T14:45:18.721355Z"}, {"uuid": "1c8697d2-8855-464e-ba05-5af7d72f2187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3megjxphspc23", "content": "", "creation_timestamp": "2026-02-09T13:19:04.381269Z"}, {"uuid": "b26e3391-f1a3-46e0-a64a-4d11b4519c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0315/", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "4225ab8c-171e-4c01-ba6e-0302a9ebfb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-47273", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "03fca2ae-75dd-4149-8223-34f23a3485bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47278", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16163", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47278\n\ud83d\udd25 CVSS Score: 1.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-13T15:57:40.409Z\n\ud83d\udccf Modified: 2025-05-13T15:57:40.409Z\n\ud83d\udd17 References:\n1. https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g\n2. https://github.com/pallets/flask/commit/73d6504063bfa00666a92b07a28aaf906c532f09\n3. https://github.com/pallets/flask/releases/tag/3.1.1", "creation_timestamp": "2025-05-13T16:30:45.000000Z"}, {"uuid": "9234e794-a062-4ee0-a09d-1f03a3261927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47275", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47275\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected.\n\ud83d\udccf Published: 2025-05-15T21:13:01.150Z\n\ud83d\udccf Modified: 2025-05-15T21:14:59.460Z\n\ud83d\udd17 References:\n1. https://github.com/auth0/auth0-PHP/security/advisories/GHSA-g98g-r7gf-2r25\n2. https://github.com/auth0/laravel-auth0/security/advisories/GHSA-9fwj-9mjf-rhj3\n3. https://github.com/auth0/symfony/security/advisories/GHSA-9wg9-93h9-j8ch\n4. https://github.com/auth0/wordpress/security/advisories/GHSA-2f4r-34m4-3w8q\n5. https://github.com/auth0/auth0-PHP/commit/52a79480fdb246f59dbc089b81a784ae049bd389\n6. https://github.com/auth0/auth0-PHP/releases/tag/8.14.0", "creation_timestamp": "2025-05-15T21:33:29.000000Z"}, {"uuid": "cef5d75c-6795-4e24-b536-6b184dc9ef14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47279", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47279\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.\n\ud83d\udccf Published: 2025-05-15T17:16:02.738Z\n\ud83d\udccf Modified: 2025-05-15T17:16:02.738Z\n\ud83d\udd17 References:\n1. https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3\n2. https://github.com/nodejs/undici/issues/3895\n3. https://github.com/nodejs/undici/pull/4088", "creation_timestamp": "2025-05-15T17:34:33.000000Z"}, {"uuid": "20d1c93a-dae9-4f8c-bb39-36024feb3bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47274", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47274\n\ud83d\udd25 CVSS Score: 2.4 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).\n\ud83d\udccf Published: 2025-05-12T14:57:46.781Z\n\ud83d\udccf Modified: 2025-05-12T22:06:42.029Z\n\ud83d\udd17 References:\n1. https://github.com/stacklok/toolhive/security/advisories/GHSA-xj5p-w2v5-fjm6\n2. https://github.com/stacklok/toolhive/commit/e8efa1b1d7b0776a39339257d30bf6c4a171f2b8\n3. https://github.com/stacklok/toolhive/releases/tag/v0.0.33", "creation_timestamp": "2025-05-12T22:29:15.000000Z"}, {"uuid": "31c65c58-2ae0-4e1f-871c-6bb08e92450a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4727", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16587", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4727\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.2 is able to address this issue. The identifier of the patch is f7ea6817b90952baaea9baace2a3b4366fee6a63. It is recommended to upgrade the affected component.\n\ud83d\udccf Published: 2025-05-15T23:00:08.288Z\n\ud83d\udccf Modified: 2025-05-15T23:00:08.288Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309029\n2. https://vuldb.com/?ctiid.309029\n3. https://vuldb.com/?submit.570441\n4. https://github.com/meteor/meteor/issues/13713\n5. https://github.com/meteor/meteor/pull/13721\n6. https://github.com/meteor/meteor/commit/f7ea6817b90952baaea9baace2a3b4366fee6a63\n7. https://github.com/meteor/meteor/releases/tag/release/METEOR%403.2.2", "creation_timestamp": "2025-05-15T23:36:30.000000Z"}, {"uuid": "596c1356-cc0b-48dc-a47d-7e2b1387029c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47274", "type": "seen", "source": "https://t.me/cvedetector/25085", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47274 - ToolHive Inadvertent Secrets Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-47274 \nPublished : May 12, 2025, 3:16 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T18:37:15.000000Z"}, {"uuid": "a065fe8a-eae0-41a3-bdb8-7f0625af66dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47277", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17023", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47277\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the\u00a0`PyNcclPipe`\u00a0class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the\u00a0`PyNcclCommunicator`\u00a0class, while CPU-side control message passing is handled via the\u00a0`send_obj`\u00a0and\u00a0`recv_obj`\u00a0methods on the CPU side.\u200b The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.\n\ud83d\udccf Published: 2025-05-20T17:32:27.034Z\n\ud83d\udccf Modified: 2025-05-20T17:32:27.034Z\n\ud83d\udd17 References:\n1. https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv\n2. https://github.com/vllm-project/vllm/pull/15988\n3. https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7\n4. https://docs.vllm.ai/en/latest/deployment/security.html", "creation_timestamp": "2025-05-20T17:43:46.000000Z"}, {"uuid": "1ab72fef-888c-4e6a-aa1b-eece0a9b8b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47276", "type": "seen", "source": "https://t.me/cvedetector/25199", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47276 - Actualizer Weak Password Hashing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-47276 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's  \"-passwd\" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy's Debian's yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and \"Alpha\" users' passwords. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:40.000000Z"}, {"uuid": "510ed511-8653-473e-8759-b932b0c75e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47271", "type": "seen", "source": "https://t.me/cvedetector/25074", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47271 - GitHub OZI Action Command Injection\", \n  \"Content\": \"CVE ID : CVE-2025-47271 \nPublished : May 12, 2025, 11:15 a.m. | 1\u00a0hour ago \nDescription : The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T14:26:22.000000Z"}, {"uuid": "a6a643e3-22d9-4b03-8e94-386337b37b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47278", "type": "seen", "source": "https://t.me/cvedetector/25201", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47278 - Flask itsdangerous Incorrect Fallback Key Configuration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-47278 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:42.000000Z"}, {"uuid": "a6182154-1172-4f9e-9550-00a88679dadb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47270", "type": "seen", "source": "https://t.me/cvedetector/25073", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47270 - Nimiq Albatross Denial of Service Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-47270 \nPublished : May 12, 2025, 11:15 a.m. | 1\u00a0hour ago \nDescription : nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory allocation. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. Since this length is a `u32`, a peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this vulnerability can be exploited repeatedly. The patch for this vulnerability is formally released as part of v1.1.0. The patch implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. No known workarounds are available. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T14:26:21.000000Z"}]}