{"vulnerability": "CVE-2025-4918", "sightings": [{"uuid": "d0bd17e0-85c8-4873-89b9-0ddd25c8ced6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "dc525914-0bee-4c92-8877-09e4a028665e", "vulnerability": "CVE-2025-4918", "type": "exploited", "source": "https://www.zerodayinitiative.com/blog/2025/5/16/pwn2own-berlin-2025-day-two-results", "content": "", "creation_timestamp": "2025-05-24T09:42:11.477999Z"}, {"uuid": "dc7f929f-4092-420e-9926-bd5b043301a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq43wib6yc23", "content": "", "creation_timestamp": "2025-05-26T21:17:17.131180Z"}, {"uuid": "30e6c06e-d10c-433d-83f7-7b71aa0b4ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/hackmanac.com/post/3lpjnceck2k2j", "content": "", "creation_timestamp": "2025-05-19T13:07:53.729280Z"}, {"uuid": "7838047b-e61c-4894-8f9d-0f31b2b39dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lpk6blfwvk26", "content": "", "creation_timestamp": "2025-05-19T18:11:21.145668Z"}, {"uuid": "93dc079e-9304-4c38-9822-519b5e844b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html", "content": "", "creation_timestamp": "2025-05-19T08:37:00.000000Z"}, {"uuid": "49eb3beb-140d-454b-aa08-d22b0ebb151f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114534135731269951", "content": "", "creation_timestamp": "2025-05-19T10:56:57.999612Z"}, {"uuid": "438d15ae-674e-41ce-9c24-fd1ac9e8b853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lpjhlobrwn2d", "content": "", "creation_timestamp": "2025-05-19T11:25:24.475093Z"}, {"uuid": "ca09a288-6858-4104-96ad-bc406f52c5ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpfuvpzhrk2e", "content": "", "creation_timestamp": "2025-05-18T01:13:01.119526Z"}, {"uuid": "c0f71277-ac0d-4490-9d28-46528693662b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49181", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrgf55h54d2q", "content": "", "creation_timestamp": "2025-06-12T16:53:52.785666Z"}, {"uuid": "62f0ab42-3a35-4d46-9e17-fb5354f645a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpxm5jn2ab2u", "content": "", "creation_timestamp": "2025-05-25T02:24:14.268805Z"}, {"uuid": "aa394695-ef93-46e7-a898-ebc79b967f23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpklrn7lwk2x", "content": "", "creation_timestamp": "2025-05-19T22:12:58.985603Z"}, {"uuid": "b918e166-70a9-4f12-9125-c04ae9da6bbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpklvwhb522x", "content": "", "creation_timestamp": "2025-05-19T22:15:28.093148Z"}, {"uuid": "83d5a64e-7871-4c71-8a30-7e23a84f6747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpkzjsdt6u2p", "content": "", "creation_timestamp": "2025-05-20T02:19:08.105614Z"}, {"uuid": "1c200967-f010-487c-a973-590ff8804eed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lpmbusnz5i26", "content": "", "creation_timestamp": "2025-05-20T14:21:07.647897Z"}, {"uuid": "bfaf55f2-7dd9-4865-825c-20591117d108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lpmbuzwq5y2g", "content": "", "creation_timestamp": "2025-05-20T14:21:14.742671Z"}, {"uuid": "ee05e985-b5bb-427f-b2f1-761a4f03221a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpfl5r5apqk2", "content": "", "creation_timestamp": "2025-05-17T22:19:22.172500Z"}, {"uuid": "492de81f-176e-417a-8d30-7571026cf383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lq24gargcq2z", "content": "", "creation_timestamp": "2025-05-26T02:20:46.303012Z"}, {"uuid": "f006d2e4-6b0b-4994-994e-7650f9203edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq7y5yfzu22m", "content": "", "creation_timestamp": "2025-05-28T10:20:38.404769Z"}, {"uuid": "75227b2b-d56e-4e55-9130-495dcf98f63a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://gist.github.com/EbonJaeger/4959b52b5b6898ca4e109d36bb8b6d36", "content": "", "creation_timestamp": "2025-05-23T22:39:43.000000Z"}, {"uuid": "3b51567f-2ee3-4116-b91b-2b21a6ba22f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49184", "type": "seen", "source": "Telegram/3J8gN047RrG3nDpdzy3WcJEBXnEU7VJIUHtMysLlMM66bfE", "content": "", "creation_timestamp": "2025-06-12T14:33:17.000000Z"}, {"uuid": "0446fbd1-0010-4f79-9b7c-8fd3c48dbf97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpv362bepy2e", "content": "", "creation_timestamp": "2025-05-24T02:14:58.598202Z"}, {"uuid": "b4840efb-8aad-4092-9c10-ba7143bdea05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49183", "type": "seen", "source": "Telegram/3J8gN047RrG3nDpdzy3WcJEBXnEU7VJIUHtMysLlMM66bfE", "content": "", "creation_timestamp": "2025-06-12T14:33:17.000000Z"}, {"uuid": "7a5a1bdb-23ab-4d50-96e2-179e922bb4bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49182", "type": "seen", "source": "Telegram/3J8gN047RrG3nDpdzy3WcJEBXnEU7VJIUHtMysLlMM66bfE", "content": "", "creation_timestamp": "2025-06-12T14:33:17.000000Z"}, {"uuid": "d9700502-7912-4741-a80a-c76eab8e6707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49181", "type": "seen", "source": "Telegram/3J8gN047RrG3nDpdzy3WcJEBXnEU7VJIUHtMysLlMM66bfE", "content": "", "creation_timestamp": "2025-06-12T14:33:17.000000Z"}, {"uuid": "0ad3e4ac-b40d-4acf-afd3-7a4bf463093a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/37503", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-4918 \u2013 Out-of-Bounds Memory Corruption in Mozilla Firefox\nURL\uff1ahttps://github.com/Totunm/CVE-2025-4918\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-20T14:33:20.000000Z"}, {"uuid": "82c474e9-733f-4d7f-9c05-2537314e96b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "Telegram/4Vx4R6xo_u6qXHv3AbtTLRrpL9hIHAaokGjUtgj9B731Cf0", "content": "", "creation_timestamp": "2026-04-13T17:55:39.000000Z"}, {"uuid": "c150606d-69a3-4284-a9ce-45edcdd9f7a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49182", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18164", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49182\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.\n\ud83d\udccf Published: 2025-06-12T13:15:02.172Z\n\ud83d\udccf Modified: 2025-06-12T13:15:02.172Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T13:32:50.000000Z"}, {"uuid": "8312a966-5f90-42d2-88ee-55600ad1085e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16775", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4918\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox &lt; 138.0.4, Firefox ESR &lt; 128.10.1, and Firefox ESR &lt; 115.23.1.\n\ud83d\udccf Published: 2025-05-17T21:07:26.745Z\n\ud83d\udccf Modified: 2025-05-18T19:21:12.530Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1966612\n2. https://www.mozilla.org/security/advisories/mfsa2025-36/\n3. https://www.mozilla.org/security/advisories/mfsa2025-37/\n4. https://www.mozilla.org/security/advisories/mfsa2025-38/", "creation_timestamp": "2025-05-18T19:37:59.000000Z"}, {"uuid": "603e18d3-cdf3-46aa-af63-b8e584535b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49181", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18165", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49181\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)\n\ud83d\udd39 Description: Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET\nrequests to gather sensitive information. An attacker could also send HTTP POST requests to modify\nthe log files\u2019 root path as well as the TCP ports the service is running on, leading to a Denial of Service\nattack.\n\ud83d\udccf Published: 2025-06-12T13:14:07.750Z\n\ud83d\udccf Modified: 2025-06-12T13:14:07.750Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T13:32:51.000000Z"}, {"uuid": "630ec886-d1dd-49f2-b109-476ac5145531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "Telegram/HzwxRkOxyPq-KgzhvDXI6bAmnCpatBL0tZq7NgxRkseGtQ", "content": "", "creation_timestamp": "2025-05-19T17:06:42.000000Z"}, {"uuid": "79367173-976b-4dac-a681-474b3c076d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49183", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49183\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\n\ud83d\udccf Published: 2025-06-12T13:21:57.463Z\n\ud83d\udccf Modified: 2025-06-13T08:18:11.333Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T08:34:29.000000Z"}, {"uuid": "77e5ca6f-c345-4d8f-9488-68f50b173b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49186", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18262", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49186\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.\n\ud83d\udccf Published: 2025-06-12T13:27:43.484Z\n\ud83d\udccf Modified: 2025-06-13T06:22:52.738Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T06:36:18.000000Z"}, {"uuid": "d1ccddaf-ba7d-482a-8ccd-6fc83def6f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49189", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18261", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49189\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The HttpOnlyflag of the session cookie \\\"@@\\\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.\n\ud83d\udccf Published: 2025-06-12T14:03:39.842Z\n\ud83d\udccf Modified: 2025-06-13T06:24:54.677Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T06:36:17.000000Z"}, {"uuid": "773d4ab6-6536-48e3-bfa6-86db63e6b209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49180", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19181", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49180\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.\n\ud83d\udccf Published: 2025-06-17T15:00:18.145Z\n\ud83d\udccf Modified: 2025-06-23T06:34:54.352Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:9303\n2. https://access.redhat.com/errata/RHSA-2025:9304\n3. https://access.redhat.com/errata/RHSA-2025:9305\n4. https://access.redhat.com/errata/RHSA-2025:9306\n5. https://access.redhat.com/security/cve/CVE-2025-49180\n6. https://bugzilla.redhat.com/show_bug.cgi?id=2369981", "creation_timestamp": "2025-06-23T06:45:50.000000Z"}, {"uuid": "d21575ec-628b-4eb2-9e55-5eadd1d7a80f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49188", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18658", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49188\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.\n\ud83d\udccf Published: 2025-06-12T14:02:36.838Z\n\ud83d\udccf Modified: 2025-06-17T19:04:38.200Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-17T19:39:37.000000Z"}, {"uuid": "176959e5-2cc4-489b-8778-dea19558153e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/37485", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-47646 - WordPress PSW Front-end Login Registration Plugin \u2264 1.12 Unauthenticated Privilege Escalation\nURL\uff1ahttps://github.com/cyruscostini/CVE-2025-4918-RCE\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-20T10:28:12.000000Z"}, {"uuid": "f8392fb0-1464-4fbb-ae26-529841245561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "exploited", "source": "https://t.me/CyberUnderworlds/7", "content": "\ud83c\udf11 @CyberUnderworlds | Shadows of the Digital Realm \ud83c\udf11\nMay 27, 2025 \u2013 In the silent pulse of cyberspace, threats weave their intricate dance. Here\u2019s the latest from the frontlines of the digital underworld:\n\n\ud83d\udd0d China\u2019s Silent Strike: The UNC5221 group exploits Ivanti Endpoint Manager flaws (CVE-2025-4427, CVE-2025-4428), infiltrating critical sectors across Europe, North America, and Asia-Pacific. Espionage executed with surgical precision.\n\n\ud83c\uddf7\ud83c\uddfa APT28\u2019s Shadow Play: Russian hackers target NATO-aligned logistics and tech firms aiding Ukraine, wielding malware, phishing, and seven CVEs to spy on vital aid routes.\n\n\ud83d\udc89 Lumma\u2019s Global Plague: 394,000 Windows devices fall to Lumma malware. From Booking.com phishing scams to crypto wallet heists, this digital scourge spares no one.\n\n\ud83c\uddec\ud83c\udde7 UK Retail Under Siege: Scattered Spider is suspected in attacks on Marks &amp; Spencer, Co-op, and Harrods. Customer data stolen, though payment details and passwords remain secure\u2014for now.\n\n\ud83d\udcb0 Coinbase\u2019s Costly Breach: Hackers bribed rogue support agents, siphoning customer data and causing $45M in losses with $400M in damages. Coinbase rejected a $20M ransom, offering a bounty instead.\n\n\ud83e\udd16 AI Ascends as Top Threat: Arctic Wolf\u2019s 2025 Trends Report crowns AI, including LLMs, as the new king of cybersecurity fears, dethroning ransomware.\n\n\u26a0\ufe0f Critical Exploits: Firefox (CVE-2025-4918, CVE-2025-4919) and Chrome (CVE-2025-4664) vulnerabilities are actively exploited for data theft and remote code execution. Patch now, or pay the price later.\n\n@CyberUnderworlds \u2013 #CyberUnderworlds", "creation_timestamp": "2025-05-27T05:05:05.000000Z"}, {"uuid": "50e2a40d-9d66-4f6b-8d27-79fb1c3c3bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "exploited", "source": "https://t.me/thehackernews/6851", "content": "\ud83d\uded1 2 critical Firefox zero-days \u2014 CVE-2025-4918 &amp; CVE-2025-4919 \u2014 proven exploitable.\n\nAttackers can read/write sensitive data or trigger remote code execution.\n\nAffects all versions before: \u2022 Firefox 138.0.4 \u2022 ESR 128.10.1 / 115.23.1\n\ud83d\udd17 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html", "creation_timestamp": "2025-05-19T12:41:09.000000Z"}, {"uuid": "9428f70b-19a1-43ef-af8b-3160577b4a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "exploited", "source": "Telegram/yBzfSKDekFO7HHiPgi-ex5h-Zy_cWbN6nhkX_k-OsEE1bg", "content": "", "creation_timestamp": "2025-05-19T12:52:36.000000Z"}, {"uuid": "cb2857d2-919c-421c-a18b-7d9dfc9683cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://t.me/CybNux/7968", "content": "\ud83d\uded1 \u062b\u063a\u0631\u062a\u0627\u0646 \u062e\u0637\u064a\u0631\u062a\u0627\u0646 \u0641\u064a Firefox \u2014 CVE-2025-4918 \u0648CVE-2025-4919 \u2014 \u062a\u0645 \u0625\u062b\u0628\u0627\u062a \u0642\u0627\u0628\u0644\u064a\u062a\u0647\u0645\u0627 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0642\u0631\u0627\u0621\u0629 \u0623\u0648 \u0643\u062a\u0627\u0628\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u062a\u0634\u063a\u064a\u0644 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f.\n\n\u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062c\u0645\u064a\u0639 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0633\u0627\u0628\u0642\u0629: \u2022 Firefox 138.0.4 \u2022 ESR 128.10.1 / 115.23.1\n#\u0623\u062e\u0628\u0627\u0631", "creation_timestamp": "2025-05-19T21:42:05.000000Z"}, {"uuid": "a43c976e-eeea-401a-8258-d031f2df9a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://t.me/CyberBulletin/3297", "content": "\u26a1\ufe0fThe first flaw, tracked under CVE-2025-4918, is an out-of-bounds read/write issue in the JavaScript engine when resolving Promise objects.", "creation_timestamp": "2025-05-20T04:24:42.000000Z"}, {"uuid": "a142cbb7-a133-4f52-ae1d-04d3c809ca86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://t.me/true_secator/7052", "content": "\ud83e\uddca Firefox \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 JavaScript, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 Pwn2Own Berlin 2025\n\nMozilla \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0438 \u0435\u0433\u043e \u0432\u0435\u0440\u0441\u0438\u0439 ESR, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Pwn2Own Berlin 2025. \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 JavaScript \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043d\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2025-4918, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u042d\u0434\u0443\u0430\u0440\u043e\u043c \u0411\u043e\u0448\u0435\u043d\u043e\u043c \u0438 \u0422\u0430\u043e \u042f\u043d\u043e\u043c \u0438\u0437 Palo Alto Networks. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Promise \u0432 JavaScript, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430. \n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2025-4919, \u0431\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u041c\u0430\u043d\u0444\u0440\u0435\u0434\u043e\u043c \u041f\u043e\u043b\u043e\u043c \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u0432 \u043f\u0440\u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u0445 \u0441\u0443\u043c\u043c, \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Berlin 2025, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u043e\u0439 Zero Day Initiative \u043e\u0442 Trend Micro. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u043e $50\u202f000 \u0438 \u043f\u043e 5 \u043e\u0447\u043a\u043e\u0432 \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \"Master of Pwn\" \u0437\u0430 \u0441\u0432\u043e\u0438 \u043d\u0430\u0445\u043e\u0434\u043a\u0438. Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0441\u0443\u0442\u043e\u043a \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \n\n\ud83d\udee1\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Firefox, Mozilla \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 c \u0446\u0435\u043b\u044c\u044e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2025-05-21T13:15:02.000000Z"}, {"uuid": "92a604c2-023e-408a-bbaa-436ebf0685f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4918", "type": "seen", "source": "https://t.me/Russian_OSINT/5566", "content": "\ud83e\uddca Firefox \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 JavaScript, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 Pwn2Own Berlin 2025\n\nMozilla \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0438 \u0435\u0433\u043e \u0432\u0435\u0440\u0441\u0438\u0439 ESR, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Pwn2Own Berlin 2025. \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 JavaScript \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043d\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2025-4918, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u042d\u0434\u0443\u0430\u0440\u043e\u043c \u0411\u043e\u0448\u0435\u043d\u043e\u043c \u0438 \u0422\u0430\u043e \u042f\u043d\u043e\u043c \u0438\u0437 Palo Alto Networks. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Promise \u0432 JavaScript, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430. \n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2025-4919, \u0431\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u041c\u0430\u043d\u0444\u0440\u0435\u0434\u043e\u043c \u041f\u043e\u043b\u043e\u043c \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u0432 \u043f\u0440\u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u0445 \u0441\u0443\u043c\u043c, \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Berlin 2025, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u043e\u0439 Zero Day Initiative \u043e\u0442 Trend Micro. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u043e $50\u202f000 \u0438 \u043f\u043e 5 \u043e\u0447\u043a\u043e\u0432 \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \"Master of Pwn\" \u0437\u0430 \u0441\u0432\u043e\u0438 \u043d\u0430\u0445\u043e\u0434\u043a\u0438. Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0441\u0443\u0442\u043e\u043a \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \n\n\ud83d\udee1\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Firefox, Mozilla \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 c \u0446\u0435\u043b\u044c\u044e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2025-05-19T12:21:17.000000Z"}]}