From 080d37e1317905c4629827cb48ff9752b15a7f8c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 21 Apr 2025 06:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/0xxx/CVE-2025-0632.json | 90 ++++++++++++++++++++++++++++++++-- 2025/43xxx/CVE-2025-43990.json | 18 +++++++ 2025/43xxx/CVE-2025-43991.json | 18 +++++++ 2025/43xxx/CVE-2025-43992.json | 18 +++++++ 2025/43xxx/CVE-2025-43993.json | 18 +++++++ 2025/43xxx/CVE-2025-43994.json | 18 +++++++ 2025/43xxx/CVE-2025-43995.json | 18 +++++++ 2025/43xxx/CVE-2025-43996.json | 18 +++++++ 2025/43xxx/CVE-2025-43997.json | 18 +++++++ 2025/43xxx/CVE-2025-43998.json | 18 +++++++ 2025/43xxx/CVE-2025-43999.json | 18 +++++++ 11 files changed, 265 insertions(+), 5 deletions(-) create mode 100644 2025/43xxx/CVE-2025-43990.json create mode 100644 2025/43xxx/CVE-2025-43991.json create mode 100644 2025/43xxx/CVE-2025-43992.json create mode 100644 2025/43xxx/CVE-2025-43993.json create mode 100644 2025/43xxx/CVE-2025-43994.json create mode 100644 2025/43xxx/CVE-2025-43995.json create mode 100644 2025/43xxx/CVE-2025-43996.json create mode 100644 2025/43xxx/CVE-2025-43997.json create mode 100644 2025/43xxx/CVE-2025-43998.json create mode 100644 2025/43xxx/CVE-2025-43999.json diff --git a/2025/0xxx/CVE-2025-0632.json b/2025/0xxx/CVE-2025-0632.json index 1216a7fc3f1..1dd77b870da 100644 --- a/2025/0xxx/CVE-2025-0632.json +++ b/2025/0xxx/CVE-2025-0632.json @@ -1,18 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@monash.edu", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution.\u00a0A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.\n\nThis issue affects Rock Maker Web: from 3.2.1.1 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include", + "cweId": "CWE-98" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Formulatrix", + "product": { + "product_data": [ + { + "product_name": "Rock Maker Web", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.1.1 and later" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.formulatrix.com/downloads/apps/repository/rockmaker/", + "refsource": "MISC", + "name": "https://www.formulatrix.com/downloads/apps/repository/rockmaker/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Apply the official security patch or update provided by Formulatrix. If immediate patching is not feasible:
" + } + ], + "value": "Apply the official security patch or update provided by Formulatrix.\u00a0If immediate patching is not feasible:\n * Restrict external access to RMW from the public internet via firewall rules\n * Use network segmentation to limit RMW access only to internal trusted users\n * Monitor access logs for suspicious URL patterns such as ../ or unusual GET requests." + } + ], + "credits": [ + { + "lang": "en", + "value": "Nicholas Page" + } + ] } \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43990.json b/2025/43xxx/CVE-2025-43990.json new file mode 100644 index 00000000000..2c92e4f59d5 --- /dev/null +++ b/2025/43xxx/CVE-2025-43990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43991.json b/2025/43xxx/CVE-2025-43991.json new file mode 100644 index 00000000000..18d52a2fd96 --- /dev/null +++ b/2025/43xxx/CVE-2025-43991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43992.json b/2025/43xxx/CVE-2025-43992.json new file mode 100644 index 00000000000..801ab4d69fa --- /dev/null +++ b/2025/43xxx/CVE-2025-43992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43993.json b/2025/43xxx/CVE-2025-43993.json new file mode 100644 index 00000000000..b71ef7d59ec --- /dev/null +++ b/2025/43xxx/CVE-2025-43993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43994.json b/2025/43xxx/CVE-2025-43994.json new file mode 100644 index 00000000000..c55ce7ab15e --- /dev/null +++ b/2025/43xxx/CVE-2025-43994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43995.json b/2025/43xxx/CVE-2025-43995.json new file mode 100644 index 00000000000..8e2634397bc --- /dev/null +++ b/2025/43xxx/CVE-2025-43995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43996.json b/2025/43xxx/CVE-2025-43996.json new file mode 100644 index 00000000000..055a338e99e --- /dev/null +++ b/2025/43xxx/CVE-2025-43996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43997.json b/2025/43xxx/CVE-2025-43997.json new file mode 100644 index 00000000000..80a89e0552b --- /dev/null +++ b/2025/43xxx/CVE-2025-43997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43998.json b/2025/43xxx/CVE-2025-43998.json new file mode 100644 index 00000000000..dd9ee5b7744 --- /dev/null +++ b/2025/43xxx/CVE-2025-43998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43999.json b/2025/43xxx/CVE-2025-43999.json new file mode 100644 index 00000000000..862ebb9e954 --- /dev/null +++ b/2025/43xxx/CVE-2025-43999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file