diff --git a/2025/23xxx/CVE-2025-23407.json b/2025/23xxx/CVE-2025-23407.json new file mode 100644 index 00000000000..8685aed9821 --- /dev/null +++ b/2025/23xxx/CVE-2025-23407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25053.json b/2025/25xxx/CVE-2025-25053.json new file mode 100644 index 00000000000..4abaa709b72 --- /dev/null +++ b/2025/25xxx/CVE-2025-25053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25056.json b/2025/25xxx/CVE-2025-25056.json new file mode 100644 index 00000000000..c3a4acc99bc --- /dev/null +++ b/2025/25xxx/CVE-2025-25056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25213.json b/2025/25xxx/CVE-2025-25213.json new file mode 100644 index 00000000000..d7579ade5ef --- /dev/null +++ b/2025/25xxx/CVE-2025-25213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-25213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27722.json b/2025/27xxx/CVE-2025-27722.json new file mode 100644 index 00000000000..5d5e7cdfb44 --- /dev/null +++ b/2025/27xxx/CVE-2025-27722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27797.json b/2025/27xxx/CVE-2025-27797.json new file mode 100644 index 00000000000..910342e8705 --- /dev/null +++ b/2025/27xxx/CVE-2025-27797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27934.json b/2025/27xxx/CVE-2025-27934.json new file mode 100644 index 00000000000..e94d9bc4ae4 --- /dev/null +++ b/2025/27xxx/CVE-2025-27934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29870.json b/2025/29xxx/CVE-2025-29870.json new file mode 100644 index 00000000000..f5d8dd5932c --- /dev/null +++ b/2025/29xxx/CVE-2025-29870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2689.json b/2025/2xxx/CVE-2025-2689.json index 9e110b7d0c6..303376cad5f 100644 --- a/2025/2xxx/CVE-2025-2689.json +++ b/2025/2xxx/CVE-2025-2689.json @@ -1,17 +1,298 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\\finder\\Iterator\\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in yiisoft Yii2 bis 2.0.45 entdeckt. Davon betroffen ist die Funktion getIterator der Datei symfony\\finder\\Iterator\\SortableIterator.php. Durch die Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization", + "cweId": "CWE-502" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yiisoft", + "product": { + "product_data": [ + { + "product_name": "Yii2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.0.2" + }, + { + "version_affected": "=", + "version_value": "2.0.3" + }, + { + "version_affected": "=", + "version_value": "2.0.4" + }, + { + "version_affected": "=", + "version_value": "2.0.5" + }, + { + "version_affected": "=", + "version_value": "2.0.6" + }, + { + "version_affected": "=", + "version_value": "2.0.7" + }, + { + "version_affected": "=", + "version_value": "2.0.8" + }, + { + "version_affected": "=", + "version_value": "2.0.9" + }, + { + "version_affected": "=", + "version_value": "2.0.10" + }, + { + "version_affected": "=", + "version_value": "2.0.11" + }, + { + "version_affected": "=", + "version_value": "2.0.12" + }, + { + "version_affected": "=", + "version_value": "2.0.13" + }, + { + "version_affected": "=", + "version_value": "2.0.14" + }, + { + "version_affected": "=", + "version_value": "2.0.15" + }, + { + "version_affected": "=", + "version_value": "2.0.16" + }, + { + "version_affected": "=", + "version_value": "2.0.17" + }, + { + "version_affected": "=", + "version_value": "2.0.18" + }, + { + "version_affected": "=", + "version_value": "2.0.19" + }, + { + "version_affected": "=", + "version_value": "2.0.20" + }, + { + "version_affected": "=", + "version_value": "2.0.21" + }, + { + "version_affected": "=", + "version_value": "2.0.22" + }, + { + "version_affected": "=", + "version_value": "2.0.23" + }, + { + "version_affected": "=", + "version_value": "2.0.24" + }, + { + "version_affected": "=", + "version_value": "2.0.25" + }, + { + "version_affected": "=", + "version_value": "2.0.26" + }, + { + "version_affected": "=", + "version_value": "2.0.27" + }, + { + "version_affected": "=", + "version_value": "2.0.28" + }, + { + "version_affected": "=", + "version_value": "2.0.29" + }, + { + "version_affected": "=", + "version_value": "2.0.30" + }, + { + "version_affected": "=", + "version_value": "2.0.31" + }, + { + "version_affected": "=", + "version_value": "2.0.32" + }, + { + "version_affected": "=", + "version_value": "2.0.33" + }, + { + "version_affected": "=", + "version_value": "2.0.34" + }, + { + "version_affected": "=", + "version_value": "2.0.35" + }, + { + "version_affected": "=", + "version_value": "2.0.36" + }, + { + "version_affected": "=", + "version_value": "2.0.37" + }, + { + "version_affected": "=", + "version_value": "2.0.38" + }, + { + "version_affected": "=", + "version_value": "2.0.39" + }, + { + "version_affected": "=", + "version_value": "2.0.40" + }, + { + "version_affected": "=", + "version_value": "2.0.41" + }, + { + "version_affected": "=", + "version_value": "2.0.42" + }, + { + "version_affected": "=", + "version_value": "2.0.43" + }, + { + "version_affected": "=", + "version_value": "2.0.44" + }, + { + "version_affected": "=", + "version_value": "2.0.45" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.300710", + "refsource": "MISC", + "name": "https://vuldb.com/?id.300710" + }, + { + "url": "https://vuldb.com/?ctiid.300710", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.300710" + }, + { + "url": "https://vuldb.com/?submit.521709", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.521709" + }, + { + "url": "https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md", + "refsource": "MISC", + "name": "https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "gaorenyusi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2690.json b/2025/2xxx/CVE-2025-2690.json index f0e3c7c2b99..92156e82f9e 100644 --- a/2025/2xxx/CVE-2025-2690.json +++ b/2025/2xxx/CVE-2025-2690.json @@ -1,17 +1,274 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\\src\\Framework\\MockObject\\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in yiisoft Yii2 bis 2.0.39 gefunden. Hiervon betroffen ist die Funktion Generate der Datei phpunit\\src\\Framework\\MockObject\\MockClass.php. Durch Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization", + "cweId": "CWE-502" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yiisoft", + "product": { + "product_data": [ + { + "product_name": "Yii2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.0.2" + }, + { + "version_affected": "=", + "version_value": "2.0.3" + }, + { + "version_affected": "=", + "version_value": "2.0.4" + }, + { + "version_affected": "=", + "version_value": "2.0.5" + }, + { + "version_affected": "=", + "version_value": "2.0.6" + }, + { + "version_affected": "=", + "version_value": "2.0.7" + }, + { + "version_affected": "=", + "version_value": "2.0.8" + }, + { + "version_affected": "=", + "version_value": "2.0.9" + }, + { + "version_affected": "=", + "version_value": "2.0.10" + }, + { + "version_affected": "=", + "version_value": "2.0.11" + }, + { + "version_affected": "=", + "version_value": "2.0.12" + }, + { + "version_affected": "=", + "version_value": "2.0.13" + }, + { + "version_affected": "=", + "version_value": "2.0.14" + }, + { + "version_affected": "=", + "version_value": "2.0.15" + }, + { + "version_affected": "=", + "version_value": "2.0.16" + }, + { + "version_affected": "=", + "version_value": "2.0.17" + }, + { + "version_affected": "=", + "version_value": "2.0.18" + }, + { + "version_affected": "=", + "version_value": "2.0.19" + }, + { + "version_affected": "=", + "version_value": "2.0.20" + }, + { + "version_affected": "=", + "version_value": "2.0.21" + }, + { + "version_affected": "=", + "version_value": "2.0.22" + }, + { + "version_affected": "=", + "version_value": "2.0.23" + }, + { + "version_affected": "=", + "version_value": "2.0.24" + }, + { + "version_affected": "=", + "version_value": "2.0.25" + }, + { + "version_affected": "=", + "version_value": "2.0.26" + }, + { + "version_affected": "=", + "version_value": "2.0.27" + }, + { + "version_affected": "=", + "version_value": "2.0.28" + }, + { + "version_affected": "=", + "version_value": "2.0.29" + }, + { + "version_affected": "=", + "version_value": "2.0.30" + }, + { + "version_affected": "=", + "version_value": "2.0.31" + }, + { + "version_affected": "=", + "version_value": "2.0.32" + }, + { + "version_affected": "=", + "version_value": "2.0.33" + }, + { + "version_affected": "=", + "version_value": "2.0.34" + }, + { + "version_affected": "=", + "version_value": "2.0.35" + }, + { + "version_affected": "=", + "version_value": "2.0.36" + }, + { + "version_affected": "=", + "version_value": "2.0.37" + }, + { + "version_affected": "=", + "version_value": "2.0.38" + }, + { + "version_affected": "=", + "version_value": "2.0.39" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.300711", + "refsource": "MISC", + "name": "https://vuldb.com/?id.300711" + }, + { + "url": "https://vuldb.com/?ctiid.300711", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.300711" + }, + { + "url": "https://vuldb.com/?submit.521718", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.521718" + }, + { + "url": "https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2-2.md", + "refsource": "MISC", + "name": "https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2-2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "gaorenyusi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2703.json b/2025/2xxx/CVE-2025-2703.json new file mode 100644 index 00000000000..20dd3cda29b --- /dev/null +++ b/2025/2xxx/CVE-2025-2703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file