CVE-2025-27800 (GCVE-0-2025-27800)
Vulnerability from cvelistv5
Published
2025-07-28 08:33
Modified
2025-07-29 09:36
Severity ?
4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to the dashboard. This included the "Notes" gadget. An authenticated attacker with the corresponding access rights (such as "WebAdmin") that was impersonating the victim could insert malicious JavaScript code in these notes that would be executed if the victim visited the dashboard. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3)
References
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://r.sec-consult.com/optimizely
Impacted products
Vendor Product Version
Optimizely Episerver Content Management System (CMS) Version: 11.x   < 11.21.4
Version: 12.x   < 12.22.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T16:53:49.798098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T16:54:13.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "EPiServer.CMS.Core"
          ],
          "product": "Episerver Content Management System (CMS)",
          "vendor": "Optimizely",
          "versions": [
            {
              "lessThan": "11.21.4",
              "status": "affected",
              "version": "11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "12.22.1",
              "status": "affected",
              "version": "12.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kai Zimmermann, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Felix Beie, SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\u003cbr\u003e\n\n\u003c/span\u003e\u003cbr\u003eThe Admin dashboard offered the functionality to add gadgets to the dashboard.\nThis included the \"Notes\" gadget. An authenticated attacker with the corresponding\naccess rights (such as \"WebAdmin\") that was impersonating the victim could insert\nmalicious JavaScript code in these notes that would be executed if the victim\nvisited the dashboard.\u003cbr\u003e\u003cbr\u003eAffected products: Version 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) with EPiServer.CMS.UI (\u0026lt;11.37.5), Version 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) with EPiServer.CMS.UI (\u0026lt;11.37.3)\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\n\n\n\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\nThis included the \"Notes\" gadget. An authenticated attacker with the corresponding\naccess rights (such as \"WebAdmin\") that was impersonating the victim could insert\nmalicious JavaScript code in these notes that would be executed if the victim\nvisited the dashboard.\n\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T09:36:10.631Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/optimizely"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vendor already provides a security patch (updated packages) which should be \ninstalled immediately.\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "The vendor already provides a security patch (updated packages) which should be \ninstalled immediately."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2025-27800",
    "datePublished": "2025-07-28T08:33:24.304Z",
    "dateReserved": "2025-03-07T06:46:34.308Z",
    "dateUpdated": "2025-07-29T09:36:10.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27800\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2025-07-28T09:15:34.387\",\"lastModified\":\"2025-07-29T14:14:29.590\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\\n\\n\\n\\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\\n\\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)\"},{\"lang\":\"es\",\"value\":\"Episerver Content Management System (CMS) by Optimizely se vio afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenado. Esto permiti\u00f3 que un atacante autenticado ejecutara c\u00f3digo JavaScript malicioso en el navegador de la v\u00edctima. El panel de administraci\u00f3n permit\u00eda a\u00f1adir gadgets, incluido el gadget \\\"Notes\\\". Un atacante autenticado con los permisos de acceso correspondientes (como \\\"WebAdmin\\\") que se hiciera pasar por la v\u00edctima pod\u00eda insertar c\u00f3digo JavaScript malicioso en estas notas, que se ejecutar\u00eda si la v\u00edctima visitaba el panel. Productos afectados: Versi\u00f3n 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) con EPiServer.CMS.UI (\u0026lt;11.37.5), Versi\u00f3n 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) con EPiServer.CMS.UI (\u0026lt;11.37.3).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://r.sec-consult.com/optimizely\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27800\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-28T16:53:49.798098Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-28T16:53:57.236Z\"}}], \"cna\": {\"title\": \"Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kai Zimmermann, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Felix Beie, SEC Consult Vulnerability Lab\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Optimizely\", \"modules\": [\"EPiServer.CMS.Core\"], \"product\": \"Episerver Content Management System (CMS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.x\", \"lessThan\": \"11.21.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.x\", \"lessThan\": \"12.22.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor already provides a security patch (updated packages) which should be \\ninstalled immediately.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vendor already provides a security patch (updated packages) which should be \\ninstalled immediately.\u003cbr\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#\", \"tags\": [\"patch\"]}, {\"url\": \"https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#\", \"tags\": [\"patch\"]}, {\"url\": \"https://r.sec-consult.com/optimizely\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\\n\\n\\n\\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\\n\\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\u003cbr\u003e\\n\\n\u003c/span\u003e\u003cbr\u003eThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\u003cbr\u003e\u003cbr\u003eAffected products: Version 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) with EPiServer.CMS.UI (\u0026lt;11.37.5), Version 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) with EPiServer.CMS.UI (\u0026lt;11.37.3)\u003cbr\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2025-07-29T09:36:10.631Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27800\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-29T09:36:10.631Z\", \"dateReserved\": \"2025-03-07T06:46:34.308Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2025-07-28T08:33:24.304Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.