admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-12 17:00:34 +00:00
parent 3d2319715b
commit e9cbaac3a1
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 3072 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/20xxx/CVE-2023-20025.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n"
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system."
}
]
},
@ -163,7 +163,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nIn March 2025, the Cisco PSIRT became aware of additional attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade their hardware to Meraki or Cisco 1000 Series Integrated Services Routers to remediate these vulnerabilities."
}
],
"impact": {

4
2023/20xxx/CVE-2023-20026.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r\n"
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device."
}
]
},
@ -243,7 +243,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nIn March 2025, the Cisco PSIRT became aware of additional attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade their hardware to Meraki or Cisco 1000 Series Integrated Services Routers to remediate these vulnerabilities."
}
],
"impact": {

4
2023/20xxx/CVE-2023-20118.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.\r\n\r Cisco has not and will not release software updates that address this vulnerability."
"value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.\r\n\r Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds [\"#workarounds\"] section.\r\n\r {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
}
]
},
@ -139,7 +139,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nIn March 2025, the Cisco PSIRT became aware of additional attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade their hardware to Meraki or Cisco 1000 Series Integrated Services Routers to remediate these vulnerabilities."
}
],
"impact": {

56
2024/34xxx/CVE-2024-34398.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-34398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"refsource": "MISC",
"name": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}

458
2025/20xxx/CVE-2025-20115.json
View File

@ -1,17 +1,467 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "6.5.90"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.7.4"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "6.5.32"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "6.5.33"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.6.3"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.5.52"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.2.2"
},
{
"version_affected": "=",
"version_value": "7.8.23"
},
{
"version_affected": "=",
"version_value": "7.11.21"
},
{
"version_affected": "=",
"version_value": "24.2.20"
},
{
"version_affected": "=",
"version_value": "6.5.35"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-bgp-dos-O7stePhX",
"discovery": "EXTERNAL",
"defects": [
"CSCwk15887"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of a public announcement about this issue. This announcement is not specific to Cisco IOS XR Software and can be found at .\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

446
2025/20xxx/CVE-2025-20138.json
View File

@ -1,17 +1,455 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "6.5.90"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.7.4"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "6.5.32"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "6.5.33"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.6.3"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.5.52"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.3.1"
},
{
"version_affected": "=",
"version_value": "24.2.2"
},
{
"version_affected": "=",
"version_value": "7.8.23"
},
{
"version_affected": "=",
"version_value": "7.11.21"
},
{
"version_affected": "=",
"version_value": "24.2.20"
},
{
"version_affected": "=",
"version_value": "24.3.2"
},
{
"version_affected": "=",
"version_value": "24.4.10"
},
{
"version_affected": "=",
"version_value": "6.5.35"
},
{
"version_affected": "=",
"version_value": "24.3.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-priv-esc-GFQjxvOF",
"discovery": "EXTERNAL",
"defects": [
"CSCwj33398"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

90
2025/20xxx/CVE-2025-20141.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. \r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-xr792-bWfVDPY",
"discovery": "INTERNAL",
"defects": [
"CSCwf89955"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

222
2025/20xxx/CVE-2025-20142.json
View File

@ -1,17 +1,231 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.\r\nNote: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.8.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-ipv4uni-LfM3cfBu",
"discovery": "EXTERNAL",
"defects": [
"CSCwf56155"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

322
2025/20xxx/CVE-2025-20143.json
View File

@ -1,17 +1,331 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20143",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.8.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-sb-lkm-zNErZjbZ",
"discovery": "INTERNAL",
"defects": [
"CSCvx66790"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

258
2025/20xxx/CVE-2025-20144.json
View File

@ -1,17 +1,267 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "7.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"discovery": "INTERNAL",
"defects": [
"CSCwi49569"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

330
2025/20xxx/CVE-2025-20145.json
View File

@ -1,17 +1,339 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20145",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.\r\nFor more information about this vulnerability, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Control",
"cweId": "CWE-264"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.3.1"
},
{
"version_affected": "=",
"version_value": "24.4.1"
},
{
"version_affected": "=",
"version_value": "24.2.2"
},
{
"version_affected": "=",
"version_value": "7.11.21"
},
{
"version_affected": "=",
"version_value": "24.2.20"
},
{
"version_affected": "=",
"version_value": "24.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-modular-ACL-u5MEPXMm",
"discovery": "INTERNAL",
"defects": [
"CSCwk63613"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

130
2025/20xxx/CVE-2025-20146.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.3.1"
},
{
"version_affected": "=",
"version_value": "24.2.2"
},
{
"version_affected": "=",
"version_value": "7.11.21"
},
{
"version_affected": "=",
"version_value": "24.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-multicast-ERMrSvq7",
"discovery": "EXTERNAL",
"defects": [
"CSCwm45759"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

354
2025/20xxx/CVE-2025-20177.json
View File

@ -1,17 +1,363 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Privileges",
"cweId": "CWE-274"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.7.4"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.6.3"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.3.1"
},
{
"version_affected": "=",
"version_value": "7.8.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"discovery": "INTERNAL",
"defects": [
"CSCwk67262"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

246
2025/20xxx/CVE-2025-20209.json
View File

@ -1,17 +1,255 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. \r\n\r\nThis vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
},
{
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/",
"refsource": "MISC",
"name": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
]
},
"source": {
"advisory": "cisco-sa-xrike-9wYGpRGq",
"discovery": "INTERNAL",
"defects": [
"CSCwk64612"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

61
2025/25xxx/CVE-2025-25683.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/1180",
"refsource": "MISC",
"name": "https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/1180"
},
{
"refsource": "CONFIRM",
"name": "https://aleksis.org/news/2025/01/security-advisory-cve-2025-25683-pdf-files-accessible-without-authentication/",
"url": "https://aleksis.org/news/2025/01/security-advisory-cve-2025-25683-pdf-files-accessible-without-authentication/"
}
]
}

66
2025/25xxx/CVE-2025-25774.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/open5gs/open5gs/issues/3671",
"url": "https://github.com/open5gs/open5gs/issues/3671"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/open5gs/open5gs/commit/2e68706f1eea029d5172ccad946e78b352c031d0",
"url": "https://github.com/open5gs/open5gs/commit/2e68706f1eea029d5172ccad946e78b352c031d0"
},
{
"refsource": "MISC",
"name": "https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20GMM%20State%20Handling%20in%20Handover",
"url": "https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20GMM%20State%20Handling%20in%20Handover"
}
]
}

72
2025/27xxx/CVE-2025-27017.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"cweId": "CWE-538"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache NiFi",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.13.0",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"NIFI-14272"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Robert Creese"
}
]
}

18
2025/29xxx/CVE-2025-29953.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}