diff --git a/2025/20xxx/CVE-2025-20297.json b/2025/20xxx/CVE-2025-20297.json index aadb5dec432..7a9f0264a24 100644 --- a/2025/20xxx/CVE-2025-20297.json +++ b/2025/20xxx/CVE-2025-20297.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.4", + "version_value": "9.4.2" + }, + { + "version_affected": "<", + "version_name": "9.3", + "version_value": "9.3.4" + }, + { + "version_affected": "<", + "version_name": "9.2", + "version_value": "9.2.6" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.9" + } + ] + } + }, + { + "product_name": "Splunk Cloud Platform", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.3.2411", + "version_value": "9.3.2411.102" + }, + { + "version_affected": "<", + "version_name": "9.3.2408", + "version_value": "9.3.2408.111" + }, + { + "version_affected": "<", + "version_name": "9.2.2406", + "version_value": "9.2.2406.118" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2025-0601", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2025-0601" + } + ] + }, + "source": { + "advisory": "SVD-2025-0601" + }, + "credits": [ + { + "lang": "en", + "value": "Klevis Luli, Splunk" + } + ], + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/20xxx/CVE-2025-20298.json b/2025/20xxx/CVE-2025-20298.json index d687132fea4..2c515a9bf27 100644 --- a/2025/20xxx/CVE-2025-20298.json +++ b/2025/20xxx/CVE-2025-20298.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\\Program Files\\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk/UniversalForwarder for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.4", + "version_value": "9.4.2" + }, + { + "version_affected": "<", + "version_name": "9.3", + "version_value": "9.3.4" + }, + { + "version_affected": "<", + "version_name": "9.2", + "version_value": "9.2.6" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2025-0602", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2025-0602" + } + ] + }, + "source": { + "advisory": "SVD-2025-0602" + }, + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1", + "baseScore": 8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/23xxx/CVE-2025-23104.json b/2025/23xxx/CVE-2025-23104.json index 54337eac677..7b1bfed472b 100644 --- a/2025/23xxx/CVE-2025-23104.json +++ b/2025/23xxx/CVE-2025-23104.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-23104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-23104", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + }, + { + "refsource": "CONFIRM", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23104/", + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23104/" } ] } diff --git a/2025/27xxx/CVE-2025-27953.json b/2025/27xxx/CVE-2025-27953.json index 79077652d0e..67f28f7de82 100644 --- a/2025/27xxx/CVE-2025-27953.json +++ b/2025/27xxx/CVE-2025-27953.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url", + "refsource": "MISC", + "name": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url" } ] } diff --git a/2025/27xxx/CVE-2025-27954.json b/2025/27xxx/CVE-2025-27954.json index 9db9f48d848..e4c49ed4343 100644 --- a/2025/27xxx/CVE-2025-27954.json +++ b/2025/27xxx/CVE-2025-27954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portswigger.net/kb/issues/00500700_session-token-in-url", + "refsource": "MISC", + "name": "https://portswigger.net/kb/issues/00500700_session-token-in-url" + }, + { + "url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url", + "refsource": "MISC", + "name": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url" } ] } diff --git a/2025/27xxx/CVE-2025-27955.json b/2025/27xxx/CVE-2025-27955.json index d8d951aa68c..4e944c26e57 100644 --- a/2025/27xxx/CVE-2025-27955.json +++ b/2025/27xxx/CVE-2025-27955.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27955", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27955", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url", + "refsource": "MISC", + "name": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url" } ] } diff --git a/2025/27xxx/CVE-2025-27956.json b/2025/27xxx/CVE-2025-27956.json index 172f40b20ef..6cb6736d831 100644 --- a/2025/27xxx/CVE-2025-27956.json +++ b/2025/27xxx/CVE-2025-27956.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27956", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27956", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/intruderlabs/cvex/blob/main/Pixeon/WebLaudos/Directory-Traversal/README.md", + "refsource": "MISC", + "name": "https://github.com/intruderlabs/cvex/blob/main/Pixeon/WebLaudos/Directory-Traversal/README.md" } ] } diff --git a/2025/45xxx/CVE-2025-45387.json b/2025/45xxx/CVE-2025-45387.json index 00913f721ed..f7c5df95705 100644 --- a/2025/45xxx/CVE-2025-45387.json +++ b/2025/45xxx/CVE-2025-45387.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-45387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-45387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/osTicket/osTicket", + "refsource": "MISC", + "name": "https://github.com/osTicket/osTicket" + }, + { + "url": "https://github.com/osTicket/osTicket/pull/6802/commits/ab6672faa0991de305d4b90a3faa2e3cebdd23c8", + "refsource": "MISC", + "name": "https://github.com/osTicket/osTicket/pull/6802/commits/ab6672faa0991de305d4b90a3faa2e3cebdd23c8" + }, + { + "url": "https://github.com/UmerAdeemCheema/CVE-Security-Research/blob/main/OSTicket/Unauthorized%20Access%20to%20Ajax%20Functions.md", + "refsource": "MISC", + "name": "https://github.com/UmerAdeemCheema/CVE-Security-Research/blob/main/OSTicket/Unauthorized%20Access%20to%20Ajax%20Functions.md" } ] } diff --git a/2025/49xxx/CVE-2025-49151.json b/2025/49xxx/CVE-2025-49151.json new file mode 100644 index 00000000000..8235bf4a953 --- /dev/null +++ b/2025/49xxx/CVE-2025-49151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49152.json b/2025/49xxx/CVE-2025-49152.json new file mode 100644 index 00000000000..efe8c87d39a --- /dev/null +++ b/2025/49xxx/CVE-2025-49152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49153.json b/2025/49xxx/CVE-2025-49153.json new file mode 100644 index 00000000000..e2f13212e5c --- /dev/null +++ b/2025/49xxx/CVE-2025-49153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49154.json b/2025/49xxx/CVE-2025-49154.json new file mode 100644 index 00000000000..17444c1a640 --- /dev/null +++ b/2025/49xxx/CVE-2025-49154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49155.json b/2025/49xxx/CVE-2025-49155.json new file mode 100644 index 00000000000..afa0026f136 --- /dev/null +++ b/2025/49xxx/CVE-2025-49155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49156.json b/2025/49xxx/CVE-2025-49156.json new file mode 100644 index 00000000000..fe446ff1125 --- /dev/null +++ b/2025/49xxx/CVE-2025-49156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49157.json b/2025/49xxx/CVE-2025-49157.json new file mode 100644 index 00000000000..4d70c494a31 --- /dev/null +++ b/2025/49xxx/CVE-2025-49157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49158.json b/2025/49xxx/CVE-2025-49158.json new file mode 100644 index 00000000000..5be2c16cd7e --- /dev/null +++ b/2025/49xxx/CVE-2025-49158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5036.json b/2025/5xxx/CVE-2025-5036.json index 8e33af4bc71..2887548471c 100644 --- a/2025/5xxx/CVE-2025-5036.json +++ b/2025/5xxx/CVE-2025-5036.json @@ -66,9 +66,9 @@ "references": { "reference_data": [ { - "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009", "refsource": "MISC", - "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008" + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009" } ] }, diff --git a/2025/5xxx/CVE-2025-5086.json b/2025/5xxx/CVE-2025-5086.json index 1cb93c05948..f1d109809d0 100644 --- a/2025/5xxx/CVE-2025-5086.json +++ b/2025/5xxx/CVE-2025-5086.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "3DS.Information-Security@3ds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025\u00c2\u00a0could lead to a remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dassault Syst\u00e8mes", + "product": { + "product_data": [ + { + "product_name": "DELMIA Apriso", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Release 2020 Golden", + "version_value": "Release 2020 SP4" + }, + { + "version_affected": "<=", + "version_name": "Release 2021 Golden", + "version_value": "Release 2021 SP3" + }, + { + "version_affected": "<=", + "version_name": "Release 2022 Golden", + "version_value": "Release 2022 SP3" + }, + { + "version_affected": "<=", + "version_name": "Release 2023 Golden", + "version_value": "Release 2023 SP3" + }, + { + "version_affected": "<=", + "version_name": "Release 2024 Golden", + "version_value": "Release 2024 SP1" + }, + { + "version_affected": "<=", + "version_name": "Release 2025 Golden", + "version_value": "Release 2025 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "refsource": "MISC", + "name": "https://www.3ds.com/vulnerability/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hacktron AI" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL", + "baseScore": 10, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ] }