From 53249286c3b490092237dcf98e8fc0f52165c46e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 May 2025 17:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/24xxx/CVE-2022-24067.json | 8 +-- 2022/25xxx/CVE-2022-25868.json | 8 +-- 2022/25xxx/CVE-2022-25870.json | 8 +-- 2022/25xxx/CVE-2022-25909.json | 8 +-- 2022/26xxx/CVE-2022-26037.json | 8 +-- 2022/26xxx/CVE-2022-26056.json | 8 +-- 2022/26xxx/CVE-2022-26072.json | 8 +-- 2022/26xxx/CVE-2022-26304.json | 8 +-- 2022/26xxx/CVE-2022-26424.json | 8 +-- 2024/47xxx/CVE-2024-47056.json | 102 +++++++++++++++++++++++++++++++-- 2025/36xxx/CVE-2025-36572.json | 79 +++++++++++++++++++++++-- 2025/48xxx/CVE-2025-48925.json | 62 ++++++++++++++++++++ 2025/48xxx/CVE-2025-48926.json | 62 ++++++++++++++++++++ 2025/48xxx/CVE-2025-48927.json | 62 ++++++++++++++++++++ 2025/48xxx/CVE-2025-48928.json | 62 ++++++++++++++++++++ 2025/48xxx/CVE-2025-48929.json | 18 ++++++ 2025/48xxx/CVE-2025-48930.json | 18 ++++++ 2025/48xxx/CVE-2025-48931.json | 18 ++++++ 2025/5xxx/CVE-2025-5257.json | 98 +++++++++++++++++++++++++++++-- 19 files changed, 605 insertions(+), 48 deletions(-) create mode 100644 2025/48xxx/CVE-2025-48925.json create mode 100644 2025/48xxx/CVE-2025-48926.json create mode 100644 2025/48xxx/CVE-2025-48927.json create mode 100644 2025/48xxx/CVE-2025-48928.json create mode 100644 2025/48xxx/CVE-2025-48929.json create mode 100644 2025/48xxx/CVE-2025-48930.json create mode 100644 2025/48xxx/CVE-2025-48931.json diff --git a/2022/24xxx/CVE-2022-24067.json b/2022/24xxx/CVE-2022-24067.json index 025192f04fd..24b5435dcfe 100644 --- a/2022/24xxx/CVE-2022-24067.json +++ b/2022/24xxx/CVE-2022-24067.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-24067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/25xxx/CVE-2022-25868.json b/2022/25xxx/CVE-2022-25868.json index 8260fe8a162..a39374961c8 100644 --- a/2022/25xxx/CVE-2022-25868.json +++ b/2022/25xxx/CVE-2022-25868.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/25xxx/CVE-2022-25870.json b/2022/25xxx/CVE-2022-25870.json index 6607a3fcb6e..5de5fb36d79 100644 --- a/2022/25xxx/CVE-2022-25870.json +++ b/2022/25xxx/CVE-2022-25870.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/25xxx/CVE-2022-25909.json b/2022/25xxx/CVE-2022-25909.json index ab0f58e983c..02674a46552 100644 --- a/2022/25xxx/CVE-2022-25909.json +++ b/2022/25xxx/CVE-2022-25909.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/26xxx/CVE-2022-26037.json b/2022/26xxx/CVE-2022-26037.json index 4086bd8cb74..93aa467cb71 100644 --- a/2022/26xxx/CVE-2022-26037.json +++ b/2022/26xxx/CVE-2022-26037.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/26xxx/CVE-2022-26056.json b/2022/26xxx/CVE-2022-26056.json index 675eb6a2143..236b730ca3e 100644 --- a/2022/26xxx/CVE-2022-26056.json +++ b/2022/26xxx/CVE-2022-26056.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/26xxx/CVE-2022-26072.json b/2022/26xxx/CVE-2022-26072.json index 5ab9e3b01f4..425af58e560 100644 --- a/2022/26xxx/CVE-2022-26072.json +++ b/2022/26xxx/CVE-2022-26072.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/26xxx/CVE-2022-26304.json b/2022/26xxx/CVE-2022-26304.json index 380e37ae7a7..1f0a4f1a080 100644 --- a/2022/26xxx/CVE-2022-26304.json +++ b/2022/26xxx/CVE-2022-26304.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2022/26xxx/CVE-2022-26424.json b/2022/26xxx/CVE-2022-26424.json index 600ee2946c3..1ef718f4a5f 100644 --- a/2022/26xxx/CVE-2022-26424.json +++ b/2022/26xxx/CVE-2022-26424.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2024/47xxx/CVE-2024-47056.json b/2024/47xxx/CVE-2024-47056.json index 9ea80123122..6946037e754 100644 --- a/2024/47xxx/CVE-2024-47056.json +++ b/2024/47xxx/CVE-2024-47056.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mautic.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env\u00a0configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\n\nSensitive Information Disclosure via .env\u00a0File Exposure: The .env\u00a0file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.\n\nMitigationUpdate Mautic to the latest Mautic version.\n\nBy default, Mautic does not use .env\u00a0files for production data.\n\nFor Apache users:\u00a0Ensure your web server is configured to respect .htaccess\u00a0files.\n\nFor Nginx users:\u00a0As Nginx does not inherently support .htaccess\u00a0files, you must manually add a configuration block to your Nginx server configuration to deny access to .env\u00a0files. Add the following to your Nginx configuration for the Mautic site:\n\nlocation ~ /\\.env {\n deny all;\n}\n\n\n\n\n\nAfter modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mautic", + "product": { + "product_data": [ + { + "product_name": "Mautic", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "> 4.4.0", + "version_value": "< 6.0.2, < 5.2.6, <4.4.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh", + "refsource": "MISC", + "name": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "GHSA-h2wg-v8wg-jhxh", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "r3ky" + }, + { + "lang": "en", + "value": "r3ky" + }, + { + "lang": "en", + "value": "Lenon Leite" + }, + { + "lang": "en", + "value": "Nick Vanpraet" + }, + { + "lang": "en", + "value": "Patryk Gruszka" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/36xxx/CVE-2025-36572.json b/2025/36xxx/CVE-2025-36572.json index b9f12c867c6..75ac855b339 100644 --- a/2025/36xxx/CVE-2025-36572.json +++ b/2025/36xxx/CVE-2025-36572.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-36572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "PowerStore", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "4.0.1.3-2494147" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/48xxx/CVE-2025-48925.json b/2025/48xxx/CVE-2025-48925.json new file mode 100644 index 00000000000..f2ae8d50052 --- /dev/null +++ b/2025/48xxx/CVE-2025-48925.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-48925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/", + "refsource": "MISC", + "name": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/" + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48926.json b/2025/48xxx/CVE-2025-48926.json new file mode 100644 index 00000000000..6912d4d2abd --- /dev/null +++ b/2025/48xxx/CVE-2025-48926.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-48926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/", + "refsource": "MISC", + "name": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/" + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48927.json b/2025/48xxx/CVE-2025-48927.json new file mode 100644 index 00000000000..d77abe998dc --- /dev/null +++ b/2025/48xxx/CVE-2025-48927.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-48927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/", + "refsource": "MISC", + "name": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/" + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48928.json b/2025/48xxx/CVE-2025-48928.json new file mode 100644 index 00000000000..cd6aae2b3c4 --- /dev/null +++ b/2025/48xxx/CVE-2025-48928.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-48928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/", + "refsource": "MISC", + "name": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/" + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48929.json b/2025/48xxx/CVE-2025-48929.json new file mode 100644 index 00000000000..d4eb3fea31e --- /dev/null +++ b/2025/48xxx/CVE-2025-48929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-48929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48930.json b/2025/48xxx/CVE-2025-48930.json new file mode 100644 index 00000000000..a210b574bbe --- /dev/null +++ b/2025/48xxx/CVE-2025-48930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-48930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48931.json b/2025/48xxx/CVE-2025-48931.json new file mode 100644 index 00000000000..0d8e36b0ba9 --- /dev/null +++ b/2025/48xxx/CVE-2025-48931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-48931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5257.json b/2025/5xxx/CVE-2025-5257.json index 8558e781d41..b4dbf66d2b9 100644 --- a/2025/5xxx/CVE-2025-5257.json +++ b/2025/5xxx/CVE-2025-5257.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mautic.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.\n\nUnauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.\n\nMitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mautic", + "product": { + "product_data": [ + { + "product_name": "Mautic", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "> 4.0", + "version_value": "< 6.0.2, <5.4.6, <4.4.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8", + "refsource": "MISC", + "name": "https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "GHSA-cqx4-9vqf-q3m8", + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lenon Leite" + }, + { + "lang": "en", + "value": "John Linhart" + }, + { + "lang": "en", + "value": "Zdeno Kuzmany" + }, + { + "lang": "en", + "value": "Lenon Leite" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] }