{"vulnerability": "cve-2025-8426", "sightings": [{"uuid": "3bb26e2e-17f8-43ce-8f5c-70508365de61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-8426", "type": "seen", "source": "https://t.me/bhhub/866", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"}, {"uuid": "d432f8a5-9fa4-4c24-b558-ab792e3fceea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-8426", "type": "seen", "source": "https://t.me/bhhub/1127", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"}, {"uuid": "c3b7a283-6914-48cb-b65e-af12c39fa6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-8426", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-733/", "content": "", "creation_timestamp": "2025-07-31T03:00:00.000000Z"}, {"uuid": "cbaebc87-22c1-48b4-8dec-ca9015221416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-8426", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lvcivqswhs2t", "content": "", "creation_timestamp": "2025-08-01T01:31:28.130760Z"}]}