{"vulnerability": "CVE-2025-48219", "sightings": [{"uuid": "6ab5fa50-6daf-4a51-8d4b-0c4f1823a743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48219", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lphkjybdj52h", "content": "", "creation_timestamp": "2025-05-18T17:12:49.621089Z"}, {"uuid": "a4b967b0-91cc-420f-9a26-951a88b5c4cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48219", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lphg6x3gvoy2", "content": "", "creation_timestamp": "2025-05-18T15:55:58.309319Z"}, {"uuid": "f4ea86a1-47ae-4c92-a983-6a55d2c2a38d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48219", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16841", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48219\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229.\n\ud83d\udccf Published: 2025-05-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-19T13:01:28.991Z\n\ud83d\udd17 References:\n1. https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/\n2. https://news.ycombinator.com/item?id=44014046\n3. https://www.etsi.org/deliver/etsi_ts/124200_124299/124229/15.10.00_60/ts_124229v151000p.pdf\n4. https://www.ispreview.co.uk/index.php/2025/05/o2-uk-fixes-volte-flaw-that-exposed-user-mobile-location-data.html", "creation_timestamp": "2025-05-19T13:39:25.000000Z"}]}