admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-13 17:00:37 +00:00
parent 08963ebc20
commit f8bbdaf08d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
37 changed files with 3371 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
2024/11xxx/CVE-2024-11218.json
View File

@ -280,6 +280,27 @@
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "412.86.202503052321-0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.14",
"version": {
@ -310,7 +331,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-33.rhaos4.15.el8",
"version": "3:4.4.1-33.rhaos4.15.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -359,7 +380,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:4.9.4-13.rhaos4.16.el8",
"version": "4:4.9.4-15.rhaos4.16.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -422,7 +443,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.33.12-1.rhaos4.17.el9",
"version": "2:1.33.12-1.rhaos4.17.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -571,6 +592,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1914"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2441",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2441"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2454",
"refsource": "MISC",

122
2024/12xxx/CVE-2024-12858.json
View File

@ -1,17 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper \nvalidation of the length of user-supplied data prior to copying it to a \nfixed-length heap-based buffer. If a target visits a malicious page or \nopens a malicious file an attacker can leverage this vulnerability to \nexecute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "CNCSoft-G2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.1.0.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf",
"refsource": "MISC",
"name": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf"
},
{
"url": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC",
"refsource": "MISC",
"name": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-191-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>\n<p>Delta also recommends the following general security practices:</p>\n<ul>\n<li>Don't click on untrusted Internet links or open unsolicited attachments in emails.</li>\n<li>Avoid exposing control systems and equipment to the Internet.</li>\n<li>Place systems and devices behind a firewall and isolate them from the business network.</li>\n<li>When remote access is required, use a secure access method, such as a virtual private network (VPN).</li>\n</ul>\n<p>If you have any product-related support concerns, please find a contact from <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Customer-Service\">Delta's portal page</a> to reach them for any information or materials you may require.\n\n<br>\n</p></div><div>Delta has published <a target=\"_blank\" rel=\"nofollow\" href=\"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf\">Delta-PCSA-2025-00002</a> in both English and Chinese on their security website to provide more details about these issues.\n\n</div>"
}
],
"value": "Delta also recommends the following general security practices:\n\n\n\n * Don't click on untrusted Internet links or open unsolicited attachments in emails.\n\n * Avoid exposing control systems and equipment to the Internet.\n\n * Place systems and devices behind a firewall and isolate them from the business network.\n\n * When remote access is required, use a secure access method, such as a virtual private network (VPN).\n\n\n\n\nIf you have any product-related support concerns, please find a contact from Delta's portal page https://www.deltaww.com/en-US/Customer-Service to reach them for any information or materials you may require.\n\n\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&amp;q=cncsoft&amp;sort_expr=cdate&amp;sort_dir=DESC\">CNCSoft-G2 V2.1.0.10</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;or later.</span></div><div><span style=\"background-color: rgb(255, 255, 255);\"><br></span></div><div><span style=\"background-color: rgb(255, 255, 255);\">\nDelta has published <a target=\"_blank\" rel=\"nofollow\" href=\"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf\">Delta-PCSA-2025-00002</a> in both English and Chinese on their security website to provide more details about these issues.\n\n<br></span>\n\n</div>"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later.\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues."
}
],
"credits": [
{
"lang": "en",
"value": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

108
2024/9xxx/CVE-2024-9042.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@kubernetes.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "Kubelet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<=v1.29.12"
},
{
"version_affected": "<=",
"version_name": "v1.30",
"version_value": "v1.30.8"
},
{
"version_affected": "<=",
"version_name": "v1.31",
"version_value": "v1.31.4"
},
{
"version_affected": "<=",
"version_name": "v1.32",
"version_value": "v1.32.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/129654",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/issues/129654"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg",
"refsource": "MISC",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Peled, Tomer"
},
{
"lang": "en",
"value": "Aravindh Puthiyaprambil"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

26
2025/0xxx/CVE-2025-0624.json
View File

@ -203,6 +203,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:2.06-27.el9_0.22",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
@ -309,6 +330,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2784"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2799",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:2799"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-0624",
"refsource": "MISC",

175
2025/1xxx/CVE-2025-1427.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable",
"cweId": "CWE-457"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1428.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1429.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-Based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1430.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1431.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1432.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1433.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1649.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable",
"cweId": "CWE-457"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1650.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable",
"cweId": "CWE-457"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1651.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2025/1xxx/CVE-2025-1652.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-Bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "AutoCAD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Architecture",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Electrical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MEP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Civil 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "Advance Steel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
},
{
"product_name": "AutoCAD MAP 3D",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2025",
"version_value": "2025.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001",
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

89
2025/1xxx/CVE-2025-1767.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@kubernetes.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "Kubelet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all_versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kubernetes/kubernetes/pull/130786",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/pull/130786"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s",
"refsource": "MISC",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Christophe Hauquiert"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

58
2025/24xxx/CVE-2025-24974.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dataease",
"product": {
"product_data": [
{
"product_name": "dataease",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.10.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5",
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-wmfp-mjf3-57f5"
}
]
},
"source": {
"advisory": "GHSA-wmfp-mjf3-57f5",
"discovery": "UNKNOWN"
}
}

67
2025/27xxx/CVE-2025-27103.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dataease",
"product": {
"product_data": [
{
"product_name": "dataease",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.10.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-v4gg-8rp3-ccjx",
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-v4gg-8rp3-ccjx"
}
]
},
"source": {
"advisory": "GHSA-v4gg-8rp3-ccjx",
"discovery": "UNKNOWN"
}
}

80
2025/27xxx/CVE-2025-27107.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods.\nThis vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyclopsMC",
"product": {
"product_data": [
{
"product_name": "IntegratedScripting",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.21.1-1.0.17"
},
{
"version_affected": "=",
"version_value": "< 1.21.4-1.0.9-254"
},
{
"version_affected": "=",
"version_value": "< 1.20.1-1.0.13"
},
{
"version_affected": "=",
"version_value": "< 1.19.2-1.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/CyclopsMC/IntegratedScripting/security/advisories/GHSA-2v5x-4823-hq77",
"refsource": "MISC",
"name": "https://github.com/CyclopsMC/IntegratedScripting/security/advisories/GHSA-2v5x-4823-hq77"
},
{
"url": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46",
"refsource": "MISC",
"name": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46"
},
{
"url": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/translation/ValueTranslators.java",
"refsource": "MISC",
"name": "https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/translation/ValueTranslators.java"
}
]
},
"source": {
"advisory": "GHSA-2v5x-4823-hq77",
"discovery": "UNKNOWN"
}
}

58
2025/27xxx/CVE-2025-27138.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dataease",
"product": {
"product_data": [
{
"product_name": "dataease",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.10.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-533g-whf8-q637",
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-533g-whf8-q637"
}
]
},
"source": {
"advisory": "GHSA-533g-whf8-q637",
"discovery": "UNKNOWN"
}
}

62
2025/28xxx/CVE-2025-28010.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-28010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-28010",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rtnthakur/CVE/blob/main/MODX/README.md",
"refsource": "MISC",
"name": "https://github.com/rtnthakur/CVE/blob/main/MODX/README.md"
}
]
}

62
2025/28xxx/CVE-2025-28011.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-28011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-28011",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/Change-password-sql-injection.pdf",
"refsource": "MISC",
"name": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/Change-password-sql-injection.pdf"
}
]
}

62
2025/28xxx/CVE-2025-28015.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-28015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-28015",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/HTML%20Injection%20-%20edit-profile.md",
"refsource": "MISC",
"name": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/HTML%20Injection%20-%20edit-profile.md"
}
]
}

90
2025/2xxx/CVE-2025-2079.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2079",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-547 Use of Hard-Coded, Security-Relevant Constants",
"cweId": "CWE-547"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Optigo Networks",
"product": {
"product_data": [
{
"product_name": "Visual BACnet Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
},
{
"product_name": "Optigo Visual Networks Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Optigo Networks recommends users to upgrade to the following:</p><ul><li>Visual BACnet Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\">Version v3.1.3rc8</a></li><li>Optigo Visual Networks Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\">Version v3.1.3rc8</a></li></ul>\n\n<br>"
}
],
"value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
}
],
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Team82"
}
]
}

90
2025/2xxx/CVE-2025-2080.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2080",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Optigo Networks",
"product": {
"product_data": [
{
"product_name": "Visual BACnet Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
},
{
"product_name": "Optigo Visual Networks Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Optigo Networks recommends users to upgrade to the following:</p><ul><li>Visual BACnet Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\">Version v3.1.3rc8</a></li><li>Optigo Visual Networks Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\">Version v3.1.3rc8</a></li></ul>\n\n<br>"
}
],
"value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
}
],
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Team82"
}
]
}

90
2025/2xxx/CVE-2025-2081.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2081",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-547 Use of Hard-Coded, Security-Relevant Constants",
"cweId": "CWE-547"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Optigo Networks",
"product": {
"product_data": [
{
"product_name": "Visual BACnet Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
},
{
"product_name": "Optigo Visual Networks Capture Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2rc11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Optigo Networks recommends users to upgrade to the following:</p><ul><li>Visual BACnet Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\">Version v3.1.3rc8</a></li><li>Optigo Visual Networks Capture Tool: <a target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\">Version v3.1.3rc8</a></li></ul>\n\n<br>"
}
],
"value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
}
],
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Team82"
}
]
}

90
2025/2xxx/CVE-2025-2263.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "During login to the web server in \"Sante PACS Server.exe\", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Santesoft",
"product": {
"product_data": [
{
"product_name": "Sante PACS Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "unaffected",
"version": "4.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2025-08",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2025-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2025/2xxx/CVE-2025-2264.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Path Traversal Information Disclosure vulnerability exists in \"Sante PACS Server.exe\". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Santesoft",
"product": {
"product_data": [
{
"product_name": "Sante PACS Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "unaffected",
"version": "4.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2025-08",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2025-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

90
2025/2xxx/CVE-2025-2265.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"cweId": "CWE-916"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Santesoft",
"product": {
"product_data": [
{
"product_name": "Sante PACS Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "unaffected",
"version": "4.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2025-08",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2025-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2025/2xxx/CVE-2025-2284.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service vulnerability exists in the \"GetWebLoginCredentials\" function in \"Sante PACS Server.exe\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer",
"cweId": "CWE-824"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Santesoft",
"product": {
"product_data": [
{
"product_name": "Sante PACS Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "unaffected",
"version": "4.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2025-08",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2025-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2025/2xxx/CVE-2025-2285.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2286.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2286",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2287.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2288.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2289.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2290.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2291.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}