{"vulnerability": "CVE-2025-53094", "sightings": [{"uuid": "8c5e5662-f004-4c2e-8abb-4eb3e009064b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53094", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsmiqcpzd325", "content": "", "creation_timestamp": "2025-06-27T20:39:27.343962Z"}, {"uuid": "803a5a38-197a-4cff-ab53-08bdc68a0771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53094", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114772686123078662", "content": "", "creation_timestamp": "2025-06-30T14:03:28.380129Z"}, {"uuid": "893fcdc9-936b-4cf6-9e52-1fd86a06336f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53094", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19782", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-53094\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\\r`) or LF (`\\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9.\n\ud83d\udccf Published: 2025-06-27T19:57:15.032Z\n\ud83d\udccf Modified: 2025-06-27T20:19:14.457Z\n\ud83d\udd17 References:\n1. https://github.com/ESP32Async/ESPAsyncWebServer/security/advisories/GHSA-87j8-6f7g-h8wh\n2. https://github.com/ESP32Async/ESPAsyncWebServer/pull/211\n3. https://github.com/ESP32Async/ESPAsyncWebServer/blob/1095dfd1ecf1a903aede29854232af1b24f089b1/src/AsyncWebHeader.cpp#L6-L32", "creation_timestamp": "2025-06-27T20:52:27.000000Z"}, {"uuid": "adfb9e08-13c0-42c2-8d19-c8d3fce9cb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53094", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lsmhwirigj2p", "content": "", "creation_timestamp": "2025-06-27T20:25:01.148861Z"}]}