{"vulnerability": "cve-2025-6547", "sightings": [{"uuid": "c7381abf-30e9-4740-81c8-e608c8cd9b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6547", "type": "published-proof-of-concept", "source": "Telegram/O2eh7gLrpcZbONgN5-OX68m3ZbpQKWlr4HE6_2LMc1M7414", "content": "", "creation_timestamp": "2025-06-23T20:32:26.000000Z"}, {"uuid": "a0ac725e-eae3-424b-895b-8cada7432b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lscgbi44ax2r", "content": "", "creation_timestamp": "2025-06-23T20:28:44.597472Z"}, {"uuid": "28c74d93-3583-46a5-a3fb-2dc4b5e04ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65473", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m7qhikdkcu2u", "content": "", "creation_timestamp": "2025-12-11T20:55:23.128253Z"}, {"uuid": "d5fad61b-acf9-457f-aa82-e57a34b54457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65478", "type": "seen", "source": "https://gist.github.com/0xSY-SEC/4b5b3cd646104a79f1ed926bb6345b2c", "content": "# Security Advisory: CVE-2025-65478\n\n## Summary\n\nA path traversal vulnerability (CWE-22) exists in the webui module of Mirth Connect Administrator 3.5.x. Remote attackers can read arbitrary files on the server by injecting `../` sequences into the `file_name` parameter.\n\n## Details\n\n- **CVE ID:** CVE-2025-65478\n- **CWE:** CWE-22 (Path Traversal)\n- **Vendor:** Mirth Corporation\n- **Affected Product:** Mirth Connect Administrator 3.5.x\n- **Attack Type:** Remote\n- **Impact:** Information Disclosure (arbitrary file read)\n- **Discoverer:** EMonkey\n\n## Vulnerability Description\n\nThe file download function for the `sys_dia_data_down` interface in the webui module fails to properly sanitize the `file_name` parameter. An attacker can inject path traversal sequences (`../`) to read arbitrary files outside the intended directory, without authentication.\n\n## Proof of Concept\n\n```\nGET /webui/?g=sys_dia_data_down&file_name=../../../../../etc/passwd HTTP/1.1\nHost: \nConnection: keep-alive\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141.0.0.0 Safari/537.36\n```\n\n## Impact\n\nRemote attackers can read sensitive server files (e.g., `/etc/passwd`) without authentication, leading to sensitive information disclosure.\n\n## Timeline\n\n- Reported to MITRE CVE Assignment Team\n- CVE ID Assigned: CVE-2025-65478 (RESERVED)", "creation_timestamp": "2026-05-31T08:13:27.000000Z"}]}