diff --git a/README.md b/README.md
index 9ea6696..cb1fd80 100644
--- a/README.md
+++ b/README.md
@@ -253,6 +253,7 @@
 - [CVE-2022-1388-EXP：CVE-2022-1388 F5 BIG-IP RCE 批量检测](https://github.com/bytecaps/CVE-2022-1388-EXP)|[CVE-2022-1388 nuclei 模板](https://github.com/numanturle/CVE-2022-1388)|[CVE-2022-1388：另一个扫描脚本](https://github.com/0xf4n9x/CVE-2022-1388)
 - [CVE-2022-24734： MyBB论坛后台 RCE](https://github.com/Altelus1/CVE-2022-24734)
 - [CVE-2022-0540：Atlassian Jira Seraph Authentication Bypass RCE](https://github.com/Pear1y/CVE-2022-0540-Preauth-RCE)
+- [CVE-2022-25237：Bonitasoft Platform 从认证绕过到RCE](https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25237)
 
 ## <span id="head5"> 提权辅助相关</span>
 
@@ -458,6 +459,8 @@
 
 - [CVE-2022-1015：Linux 权限提升漏洞](https://github.com/pqlx/CVE-2022-1015)
 
+- [CVE-2022-25372：Local Privilege Escalation In Pritunl VPN Client](https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25372)
+
 ## <span id="head7"> tools-小工具集版本合</span>
 
 - [java环境下任意文件下载情况自动化读取源码的小工具](https://github.com/Artemis1029/Java_xmlhack)
@@ -1583,6 +1586,7 @@
 - [sec-note：记录各语言、框架中危险的sink](https://github.com/haby0/sec-note)
 - [JavaVulnSummary：Java漏洞分析汇合](https://github.com/R17a-17/JavaVulnSummary)
 - [GetDomainAdmin：获取域控权限的几种方式](https://github.com/JDArmy/GetDomainAdmin)
+- [CVE-2022-25237 Bonitasoft Platform 从认证绕过到未公开反序列化漏洞发现之旅](./books/CVE-2022-25237%20Bonitasoft%20Platform%20从认证绕过到未公开反序列化漏洞发现之旅.pdf)
 
 ## <span id="head9"> 说明</span>
 
diff --git a/books/CVE-2022-25237 Bonitasoft Platform 从认证绕过到未公开反序列化漏洞发现之旅.pdf b/books/CVE-2022-25237 Bonitasoft Platform 从认证绕过到未公开反序列化漏洞发现之旅.pdf
new file mode 100644
index 0000000..52b5e7e
Binary files /dev/null and b/books/CVE-2022-25237 Bonitasoft Platform 从认证绕过到未公开反序列化漏洞发现之旅.pdf differ