From 0546fbbdd48f0c6a8376b67949f9c778ae772114 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Mar 2025 01:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2840.json | 18 +++++++ 2025/2xxx/CVE-2025-2841.json | 18 +++++++ 2025/30xxx/CVE-2025-30355.json | 86 ++++++++++++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31161.json | 18 +++++++ 4 files changed, 136 insertions(+), 4 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2840.json create mode 100644 2025/2xxx/CVE-2025-2841.json create mode 100644 2025/31xxx/CVE-2025-31161.json diff --git a/2025/2xxx/CVE-2025-2840.json b/2025/2xxx/CVE-2025-2840.json new file mode 100644 index 00000000000..862e8da7cec --- /dev/null +++ b/2025/2xxx/CVE-2025-2840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2841.json b/2025/2xxx/CVE-2025-2841.json new file mode 100644 index 00000000000..2a7b8d83266 --- /dev/null +++ b/2025/2xxx/CVE-2025-2841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30355.json b/2025/30xxx/CVE-2025-30355.json index 933e6ec690a..9862340dff9 100644 --- a/2025/30xxx/CVE-2025-30355.json +++ b/2025/30xxx/CVE-2025-30355.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "element-hq", + "product": { + "product_data": [ + { + "product_name": "synapse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.127.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6", + "refsource": "MISC", + "name": "https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6" + }, + { + "url": "https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389", + "refsource": "MISC", + "name": "https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389" + }, + { + "url": "https://github.com/element-hq/synapse/releases/tag/v1.127.1", + "refsource": "MISC", + "name": "https://github.com/element-hq/synapse/releases/tag/v1.127.1" + } + ] + }, + "source": { + "advisory": "GHSA-v56r-hwv5-mxg6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31161.json b/2025/31xxx/CVE-2025-31161.json new file mode 100644 index 00000000000..fff8025753e --- /dev/null +++ b/2025/31xxx/CVE-2025-31161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file