{"vulnerability": "CVE-2025-6264", "sightings": [{"uuid": "0c1c5e9c-bf21-4bbd-ba54-634010b403ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrz4qjqujj2k", "content": "", "creation_timestamp": "2025-06-20T03:44:14.764353Z"}, {"uuid": "d0f2915d-2825-41b5-8815-f86762e46418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-10-14T18:10:02.000000Z"}, {"uuid": "6e719468-651e-4ceb-9c39-7563571418aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3m36jhoi5o422", "content": "", "creation_timestamp": "2025-10-14T20:01:59.963446Z"}, {"uuid": "cc50e23d-8255-4f9a-8b39-911710feaeed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4915843", "content": "", "creation_timestamp": "2025-10-14T17:36:15.934390Z"}, {"uuid": "8fe09ca7-66c0-405d-8db3-ace81420c90d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/115419638516042467", "content": "", "creation_timestamp": "2025-10-22T20:11:59.018444Z"}, {"uuid": "3d837ccf-7d58-4c5f-8565-3245749c0416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://gist.github.com/Darkcrai86/98473e8b0105788f5f533d243d3436cc", "content": "", "creation_timestamp": "2025-10-09T12:00:02.000000Z"}, {"uuid": "06fe4a94-6d9b-48cb-a145-607603057d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m3dmxgmeyk2j", "content": "", "creation_timestamp": "2025-10-16T20:47:49.077950Z"}, {"uuid": "7f7e754a-9322-44db-86a9-d17648d31f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "e92402ac-b04a-4e73-ad0b-3c8344ca18bd", "vulnerability": "CVE-2025-6264", "type": "exploited", "source": "https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/", "content": "", "creation_timestamp": "2025-10-09T19:28:19.772315Z"}, {"uuid": "d511ba22-868d-433f-8591-a7af049c2c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "seen", "source": "https://bsky.app/profile/sakaijjang.bsky.social/post/3m46tgkfkl22v", "content": "", "creation_timestamp": "2025-10-27T16:25:35.695485Z"}, {"uuid": "51bfd1d3-b1d2-4731-95c9-dadf827bcdea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-10-15T03:48:10.000000Z"}, {"uuid": "9ad1beb2-4768-4f53-b070-7e53f690bfb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3m3aq34u7um2k", "content": "", "creation_timestamp": "2025-10-15T17:05:34.911203Z"}, {"uuid": "23aa1292-8254-4211-8d6c-e497dba89a69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-2b24c166-c09da0683257f1f7", "content": "", "creation_timestamp": "2025-10-11T06:57:36.078077Z"}, {"uuid": "c1679aca-ffdc-4b50-ad97-359c06cb63e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-62645", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3m3h2t527nm26", "content": "", "creation_timestamp": "2025-10-18T05:33:56.185994Z"}, {"uuid": "ae4a7918-28c4-45b3-b435-081675206795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-961/", "content": "", "creation_timestamp": "2025-10-27T04:00:00.000000Z"}, {"uuid": "2b33d803-49ec-40ae-8b9b-57d5dfb3179e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3vb25v3sy2a", "content": "", "creation_timestamp": "2025-10-23T21:02:36.940812Z"}, {"uuid": "3279f7b8-b1ef-4455-9ec0-4a45846bb163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m3qcajruea2c", "content": "", "creation_timestamp": "2025-10-21T21:40:38.827802Z"}, {"uuid": "c29e78d6-59a7-480d-b8ee-cde25330bb7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "published-proof-of-concept", "source": "Telegram/YayxELDr7bbgB7UjhDLw2luzrG44OM1tc-dUordibmBL6dY", "content": "", "creation_timestamp": "2025-12-02T03:00:06.000000Z"}, {"uuid": "71c2293b-1bff-4bfc-831f-3b5d2f1cb7da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6264\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.\u00a0 To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch.\n\nThe Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the \"Investigator\" role) to collect it from endpoints and update the configuration. \n\nThis can lead to arbitrary command execution and endpoint takeover.\n\nTo successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the \"Investigator' role).\n\ud83d\udccf Published: 2025-06-20T02:01:33.993Z\n\ud83d\udccf Modified: 2025-06-20T02:01:33.993Z\n\ud83d\udd17 References:\n1. https://docs.velociraptor.app/announcements/advisories/cve-2025-6264/", "creation_timestamp": "2025-06-20T02:43:10.000000Z"}, {"uuid": "9eb83be7-4b1c-4403-b570-e4d710bc68b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-62641", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61313", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-62641 advnced exploit code by LordWare team\nURL\uff1ahttps://github.com/Al-Lord0x/CVE-2025-62641\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-12-01T21:08:57.000000Z"}, {"uuid": "86658c1b-e61f-4747-8c65-e541f4fa1495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6264", "type": "exploited", "source": "https://t.me/hackyourmom/12895", "content": "Storm-2603 (Gold Salem) \u043f\u0435\u0440\u0435\u0442\u0432\u043e\u0440\u0438\u0432 \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u0438\u0439 DFIR-\u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 Velociraptor \u043d\u0430 \u0437\u0430\u0441\u0456\u0431 \u043d\u0430\u043f\u0430\u0434\u0443, \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u0432\u0448\u0438 \u0435\u043a\u0441\u043f\u043b\u043e\u0457\u0442 SharePoint ToolShell \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0443 \u0442\u0430 \u0437\u0430\u0441\u0442\u0430\u0440\u0456\u043b\u0443 \u0432\u0435\u0440\u0441\u0456\u044e Velociraptor \u0437 \u0443\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044e CVE-2025-6264 \u2328\ufe0f\n\n\ud83e\udde0 \u0417\u043b\u043e\u043c\u0438\u0441\u043d\u0438\u043a\u0438 \u0441\u0442\u0432\u043e\u0440\u044e\u0432\u0430\u043b\u0438 \u0434\u043e\u043c\u0435\u043d\u043d\u0456 \u0430\u0434\u043c\u0456\u043d\u0456\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u0456 \u0430\u043a\u0430\u0443\u043d\u0442\u0438, \u0440\u0443\u0445\u0430\u043b\u0438\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Smbexec, \u0432\u0438\u043c\u0438\u043a\u0430\u043b\u0438 \u0430\u043d\u0442\u0438\u0432\u0456\u0440\u0443\u0441 \u0456 \u0437\u043c\u0456\u043d\u044e\u0432\u0430\u043b\u0438 GPO \u0432 Active Directory, \u043e\u0434\u043d\u043e\u0447\u0430\u0441\u043d\u043e \u0440\u043e\u0437\u0433\u043e\u0440\u0442\u0430\u044e\u0447\u0438 Babuk, LockBit \u0456 Warlock, \u0449\u043e \u0443\u0441\u043a\u043b\u0430\u0434\u043d\u044e\u0432\u043b\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0456\u044e \ud83e\udd14\ud83d\udcbb #cybernews", "creation_timestamp": "2025-10-11T18:35:52.000000Z"}]}