Auto-Update: 2025-05-27T12:00:22.316322+00:00

2025-05-30 18:21:17 +00:00 · 2025-05-27 12:04:00 +00:00 · 2025-05-27 12:04:00 +00:00 · 0e364c971e
commit 0e364c971e
parent 630490e5c9
3 changed files with 98 additions and 23 deletions
--- a/CVE-2025/CVE-2025-44xx/CVE-2025-4412.json
+++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4412.json
@ -0,0 +1,82 @@
+{
+  "id": "CVE-2025-4412",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2025-05-27T10:15:19.383",
+  "lastModified": "2025-05-27T10:15:19.383",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in version 1.11.5 of Viscosity."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/en/posts/2025/05/tcc-bypass/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://www.sparklabs.com/viscosity/",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-05-27T10:00:19.524499+00:00
+2025-05-27T12:00:22.316322+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-05-27T09:15:21.903000+00:00
+2025-05-27T10:15:19.383000+00:00
 ```

 ### Last Data Feed Release
@ -33,28 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-295590
+295591
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `1`

- [CVE-2025-23393](CVE-2025/CVE-2025-233xx/CVE-2025-23393.json) (`2025-05-27T08:15:19.390`)
- [CVE-2025-2407](CVE-2025/CVE-2025-24xx/CVE-2025-2407.json) (`2025-05-27T08:15:19.610`)
- [CVE-2025-41649](CVE-2025/CVE-2025-416xx/CVE-2025-41649.json) (`2025-05-27T09:15:21.000`)
- [CVE-2025-41650](CVE-2025/CVE-2025-416xx/CVE-2025-41650.json) (`2025-05-27T09:15:21.193`)
- [CVE-2025-41651](CVE-2025/CVE-2025-416xx/CVE-2025-41651.json) (`2025-05-27T09:15:21.380`)
- [CVE-2025-41652](CVE-2025/CVE-2025-416xx/CVE-2025-41652.json) (`2025-05-27T09:15:21.720`)
- [CVE-2025-41653](CVE-2025/CVE-2025-416xx/CVE-2025-41653.json) (`2025-05-27T09:15:21.903`)
+- [CVE-2025-4412](CVE-2025/CVE-2025-44xx/CVE-2025-4412.json) (`2025-05-27T10:15:19.383`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2025-40672](CVE-2025/CVE-2025-406xx/CVE-2025-40672.json) (`2025-05-27T09:15:19.870`)
- [CVE-2025-46804](CVE-2025/CVE-2025-468xx/CVE-2025-46804.json) (`2025-05-27T08:15:19.783`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -286086,7 +286086,7 @@ CVE-2025-23389,0,0,32439de313fefbbb3d582900651b77596bff3d4d3f2e32a6c5a164422fede
 CVE-2025-2339,0,0,fb243958e2daa877ca1a322ef09207ff301ba4f92634dddb833183fd13861e60,2025-03-17T15:15:45.253000
 CVE-2025-23391,0,0,e425e83153ab63a6eeb5406675d34207281b5a41dfa6754854b606fa4eba3f61,2025-04-11T15:39:52.920000
 CVE-2025-23392,0,0,1a9bbbbc9dbd8c438a9c0fb48f023607e802e9c5d4bb1c27857194b407a1d5c6,2025-05-26T16:15:19.547000
-CVE-2025-23393,1,1,9f42430e63f39f2b94e2be8b53ec35640a84e426383b888835939cc9e558eba8,2025-05-27T08:15:19.390000
+CVE-2025-23393,0,0,9f42430e63f39f2b94e2be8b53ec35640a84e426383b888835939cc9e558eba8,2025-05-27T08:15:19.390000
 CVE-2025-23394,0,0,045389f405f64dcc3062e1617694c9b7e4a1a6a4298c99877d68b5eae06fbdb3,2025-05-26T16:15:20.240000
 CVE-2025-23395,0,0,f4c72ac2dc5d3e235dcb4b0b5cf809e585c7cfb9bd34aaf328bfca84bb9ea2cf,2025-05-26T16:15:20.380000
 CVE-2025-23396,0,0,db4e35f65814d6895af1ea2102cd85328d5b692a5d5376b0f0f76fda3c3d1fa0,2025-03-11T10:15:16.670000
@ -286785,7 +286785,7 @@ CVE-2025-24063,0,0,fec2a9feb349eff190a599709c0adf8e2e813f7b6a6047359eeb483ba241f
 CVE-2025-24064,0,0,218f6cc47ad1a62f4f0e68482476a0e2acc1cd45af444b7c3515886baa130a34,2025-03-11T17:16:29.007000
 CVE-2025-24066,0,0,43a950ede5ebe390a8e149dc7e5561d06958436b077b966d3c4014bab1ef06cb,2025-03-11T17:16:29.223000
 CVE-2025-24067,0,0,3da9c2b786b8c9c7e14d412d1bb071c43af6d56e744ede25090104ca92ddcceb,2025-03-11T17:16:29.477000
-CVE-2025-2407,1,1,216cdb0bdb8fba9372d3a8b48efb9736bf6f16a70b0970f2362213df79c2bdd2,2025-05-27T08:15:19.610000
+CVE-2025-2407,0,0,216cdb0bdb8fba9372d3a8b48efb9736bf6f16a70b0970f2362213df79c2bdd2,2025-05-27T08:15:19.610000
 CVE-2025-24070,0,0,05e75849f69db310a2e6f6ecf21e5b77998edba4fa819243e609bd27964c9def,2025-05-06T15:16:01.300000
 CVE-2025-24071,0,0,937e664eb80922cfe593897847de35569c90602f40294027181c05737e712c25,2025-04-16T16:15:29.953000
 CVE-2025-24072,0,0,dcc28ddf88e5a6c17097ca6c12ca53cef0e86857de759c2126d6949703c7f123,2025-03-11T17:16:30.070000
@ -293555,7 +293555,7 @@ CVE-2025-40666,0,0,8bf943655dec0900c0db5622adf877ca6a78c7b4e2feae41f462150c22da1
 CVE-2025-40667,0,0,06d3759d597466ce62330e6dbf9852f7dd60c0b7d6e623c7e01e905dd38447a8,2025-05-26T13:15:20.597000
 CVE-2025-4067,0,0,dbc4fa5a3543fbd835e23dc834da9e648caa31287a34f63ada5ad254d564f79f,2025-05-12T19:35:20.583000
 CVE-2025-40671,0,0,62f8a7bf650353d47bc88645c86a279bcfb44287c2b1d5abfef548d4b9aa65cb,2025-05-26T10:15:20.760000
-CVE-2025-40672,0,1,2f5e5d63f13ca5c73134ec4b71eba4e52d66ab4f0c2e5523a850fb151384288b,2025-05-27T09:15:19.870000
+CVE-2025-40672,0,0,2f5e5d63f13ca5c73134ec4b71eba4e52d66ab4f0c2e5523a850fb151384288b,2025-05-27T09:15:19.870000
 CVE-2025-4068,0,0,ec6e2c2bc1a732c2bfc8a76b50cf51920dd3a1c5c6522714d05be95570abf2e4,2025-05-02T13:53:40.163000
 CVE-2025-4069,0,0,328e2b0a12621ffff7c1c2e9bc8d8e3aabc2b087cc79a72919dcc0c4e59d93c0,2025-05-02T13:53:40.163000
 CVE-2025-4070,0,0,95239c8a358b05c88e31535f0df25ceb69331749309a950b338783db56336302,2025-05-09T13:50:22.543000
@ -293672,11 +293672,11 @@ CVE-2025-4162,0,0,bd7ee4eafbad385e1e351df319e6d6835cd1bab5b8f0b1df69e26a394c35b5
 CVE-2025-4163,0,0,90b94328ec1d78c2c92fb5347be0835a81d1ecb778d277713df60a936155c16e,2025-05-16T17:47:32.577000
 CVE-2025-4164,0,0,c409a415056cfc60d19356dab298bdf2afe4926171d33ff65db9098cfdafae24,2025-05-16T17:45:46.460000
 CVE-2025-41645,0,0,05dc7979d552d91b524b274c74c87b4d6526958474a345200f3e130228064f47,2025-05-13T19:35:18.080000
-CVE-2025-41649,1,1,5cd3bfa6b804bfe61cca0c321cf772f7ee4649630a7a5e92c04b643b4461e424,2025-05-27T09:15:21
-CVE-2025-41650,1,1,8b0ac8bfa82dcb35c5b64db4b47b86fe74aad3d63a071d30e5fcd2125eed4dcc,2025-05-27T09:15:21.193000
-CVE-2025-41651,1,1,ae62a10f4535af2998f3fd01f31013687ca2d12daf2d9b0a72eec71874aca49a,2025-05-27T09:15:21.380000
-CVE-2025-41652,1,1,52ee01e5a987512fef671da608003f8722d36171fb66f3e12d670ca63f053e83,2025-05-27T09:15:21.720000
-CVE-2025-41653,1,1,f7e158b91854670c55d5059f974905f28fb3d62ddc8fd5cf0565f962fc71a75f,2025-05-27T09:15:21.903000
+CVE-2025-41649,0,0,5cd3bfa6b804bfe61cca0c321cf772f7ee4649630a7a5e92c04b643b4461e424,2025-05-27T09:15:21
+CVE-2025-41650,0,0,8b0ac8bfa82dcb35c5b64db4b47b86fe74aad3d63a071d30e5fcd2125eed4dcc,2025-05-27T09:15:21.193000
+CVE-2025-41651,0,0,ae62a10f4535af2998f3fd01f31013687ca2d12daf2d9b0a72eec71874aca49a,2025-05-27T09:15:21.380000
+CVE-2025-41652,0,0,52ee01e5a987512fef671da608003f8722d36171fb66f3e12d670ca63f053e83,2025-05-27T09:15:21.720000
+CVE-2025-41653,0,0,f7e158b91854670c55d5059f974905f28fb3d62ddc8fd5cf0565f962fc71a75f,2025-05-27T09:15:21.903000
 CVE-2025-41654,0,0,c89cb25201dd96d0eea40074867f4bc3802e67e0d37149f108657579569f7488,2025-05-26T09:15:20.883000
 CVE-2025-41655,0,0,bd8f15ad3b5aee216f851f23b1caaa9b212bc2534ea4596339ae2abe5295d775,2025-05-26T09:15:21.050000
 CVE-2025-4166,0,0,5bfebbee34c2356ee039434bb4ac7a8705ff7fab6fe8d313f7df39c4661cee90,2025-05-05T20:54:45.973000
@ -294004,6 +294004,7 @@ CVE-2025-44083,0,0,4099064aeabe957f100ab9eca0fb170c63245854e0a298ff1d59c0144b5b6
 CVE-2025-44084,0,0,1623f611f5406f02c4d0ea52c9037448abfe8d13ac7dc66e44baa24d4ae0ce98,2025-05-21T20:24:58.133000
 CVE-2025-44108,0,0,e6c69187ec79a73187c11fc6f0b558211f29323e42fdaf803e3406ad9e85069c,2025-05-21T20:25:33.823000
 CVE-2025-44110,0,0,5163d7a49439bc569f2ec884f7cd894f40697aa11ba471170347f7df11cdac30,2025-05-16T14:43:26.160000
+CVE-2025-4412,1,1,25ca4fed1f34cb28024f6688642ef30e039711e15b9dfd99a97e74cc5297cea4,2025-05-27T10:15:19.383000
 CVE-2025-44134,0,0,45b85d904dd860695476948041d246707a0696d9dc7fe9b405a5e27a85d44980,2025-05-14T13:05:17.200000
 CVE-2025-44135,0,0,e8d32c865e9ccdb8b63503c21fad4c48843876d5709a3df063410109f034ccc9,2025-05-14T13:04:58.830000
 CVE-2025-4415,0,0,842147d08c13efcbee3eee94c9e6b73fdc7bd886265d0112fafca4c76640377e,2025-05-21T20:24:58.133000
@ -294651,7 +294652,7 @@ CVE-2025-4679,0,0,4c2577eaff1ab9234aac52a4d718276ea9ebd04acd92fb070396b66592f9e6
 CVE-2025-46801,0,0,11def8e560cfea337e905c8ff57c25c4d9f1a43db749a66daaa006ba67ef4e63,2025-05-19T13:35:20.460000
 CVE-2025-46802,0,0,6017e4f550d349f188b7a63932adbec1b959121412985426eaf6e4626bb29f85,2025-05-26T16:15:20.557000
 CVE-2025-46803,0,0,0efe98701086ffc7fe21be9ebcf88cea6ebf9ba379579c6f3e611ea2e6be8dfc,2025-05-26T16:15:20.720000
-CVE-2025-46804,0,1,bcb17faa67753087f051f22f961e4c343a8492726ebda7c2a0a6b8f8d9752de5,2025-05-27T08:15:19.783000
+CVE-2025-46804,0,0,bcb17faa67753087f051f22f961e4c343a8492726ebda7c2a0a6b8f8d9752de5,2025-05-27T08:15:19.783000
 CVE-2025-46805,0,0,740ae063d62f4cc04436c0c35b8fbe3630bf1e50df772885485ebd9c350bfe83,2025-05-26T14:15:20.037000
 CVE-2025-46812,0,0,efbba45e18cc8937b9f87a0e29f466265a1e1be9d804a38357596ef0f2987dda,2025-05-12T17:32:52.810000
 CVE-2025-46813,0,0,01deee0db3f748e6f8e958a47d5a96825a2f5d578da6e58d6d8c34dd9ef7b2a5,2025-05-05T20:54:19.760000