Auto-Update: 2025-02-03T05:00:20.992398+00:00

2025-07-09 16:05:11 +00:00 · 2025-02-03 05:03:48 +00:00 · 2025-02-03 05:03:48 +00:00 · 13e0fb1d17
commit 13e0fb1d17
parent 2108a682f4
20 changed files with 682 additions and 8 deletions
--- a/CVE-2024/CVE-2024-201xx/CVE-2024-20141.json
+++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20141.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20141",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:07.660",
+  "lastModified": "2025-02-03T04:15:07.660",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-123"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-201xx/CVE-2024-20142.json
+++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20142.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20142",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:07.803",
+  "lastModified": "2025-02-03T04:15:07.803",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-201xx/CVE-2024-20147.json
+++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20147.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20147",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:07.927",
+  "lastModified": "2025-02-03T04:15:07.927",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-617"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20631.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20631.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20631",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.060",
+  "lastModified": "2025-02-03T04:15:08.060",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20632.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20632.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20632",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.177",
+  "lastModified": "2025-02-03T04:15:08.177",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20633.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20633.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20633",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.307",
+  "lastModified": "2025-02-03T04:15:08.307",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20634.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20634.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20634",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.423",
+  "lastModified": "2025-02-03T04:15:08.423",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20635.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20635.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20635",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.540",
+  "lastModified": "2025-02-03T04:15:08.540",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20636.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20636.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20636",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.643",
+  "lastModified": "2025-02-03T04:15:08.643",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20637.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20637.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20637",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.747",
+  "lastModified": "2025-02-03T04:15:08.747",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-248"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20638.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20638.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20638",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.863",
+  "lastModified": "2025-02-03T04:15:08.863",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-457"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20639.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20639.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20639",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:08.980",
+  "lastModified": "2025-02-03T04:15:08.980",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20640.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20640.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20640",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:09.093",
+  "lastModified": "2025-02-03T04:15:09.093",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20641.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20641.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20641",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:09.210",
+  "lastModified": "2025-02-03T04:15:09.210",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20642.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20642.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20642",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:09.333",
+  "lastModified": "2025-02-03T04:15:09.333",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-206xx/CVE-2025-20643.json
+++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20643.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-20643",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2025-02-03T04:15:09.460",
+  "lastModified": "2025-02-03T04:15:09.460",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1295"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-250xx/CVE-2025-25062.json
+++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25062.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-25062",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-02-03T04:15:09.587",
+  "lastModified": "2025-02-03T04:15:09.587",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://backdropcms.org/security/backdrop-sa-core-2025-001",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-250xx/CVE-2025-25063.json
+++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25063.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-25063",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-02-03T04:15:09.760",
+  "lastModified": "2025-02-03T04:15:09.760",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within &lt;img&gt; tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://backdropcms.org/security/backdrop-sa-core-2025-002",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-03T03:00:30.983419+00:00
+2025-02-03T05:00:20.992398+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-03T02:15:26.433000+00:00
+2025-02-03T04:15:09.760000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-279766
+279784
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `18`

- [CVE-2025-0973](CVE-2025/CVE-2025-09xx/CVE-2025-0973.json) (`2025-02-03T01:15:07.263`)
- [CVE-2025-0974](CVE-2025/CVE-2025-09xx/CVE-2025-0974.json) (`2025-02-03T02:15:26.433`)
+- [CVE-2024-20141](CVE-2024/CVE-2024-201xx/CVE-2024-20141.json) (`2025-02-03T04:15:07.660`)
+- [CVE-2024-20142](CVE-2024/CVE-2024-201xx/CVE-2024-20142.json) (`2025-02-03T04:15:07.803`)
+- [CVE-2024-20147](CVE-2024/CVE-2024-201xx/CVE-2024-20147.json) (`2025-02-03T04:15:07.927`)
+- [CVE-2025-20631](CVE-2025/CVE-2025-206xx/CVE-2025-20631.json) (`2025-02-03T04:15:08.060`)
+- [CVE-2025-20632](CVE-2025/CVE-2025-206xx/CVE-2025-20632.json) (`2025-02-03T04:15:08.177`)
+- [CVE-2025-20633](CVE-2025/CVE-2025-206xx/CVE-2025-20633.json) (`2025-02-03T04:15:08.307`)
+- [CVE-2025-20634](CVE-2025/CVE-2025-206xx/CVE-2025-20634.json) (`2025-02-03T04:15:08.423`)
+- [CVE-2025-20635](CVE-2025/CVE-2025-206xx/CVE-2025-20635.json) (`2025-02-03T04:15:08.540`)
+- [CVE-2025-20636](CVE-2025/CVE-2025-206xx/CVE-2025-20636.json) (`2025-02-03T04:15:08.643`)
+- [CVE-2025-20637](CVE-2025/CVE-2025-206xx/CVE-2025-20637.json) (`2025-02-03T04:15:08.747`)
+- [CVE-2025-20638](CVE-2025/CVE-2025-206xx/CVE-2025-20638.json) (`2025-02-03T04:15:08.863`)
+- [CVE-2025-20639](CVE-2025/CVE-2025-206xx/CVE-2025-20639.json) (`2025-02-03T04:15:08.980`)
+- [CVE-2025-20640](CVE-2025/CVE-2025-206xx/CVE-2025-20640.json) (`2025-02-03T04:15:09.093`)
+- [CVE-2025-20641](CVE-2025/CVE-2025-206xx/CVE-2025-20641.json) (`2025-02-03T04:15:09.210`)
+- [CVE-2025-20642](CVE-2025/CVE-2025-206xx/CVE-2025-20642.json) (`2025-02-03T04:15:09.333`)
+- [CVE-2025-20643](CVE-2025/CVE-2025-206xx/CVE-2025-20643.json) (`2025-02-03T04:15:09.460`)
+- [CVE-2025-25062](CVE-2025/CVE-2025-250xx/CVE-2025-25062.json) (`2025-02-03T04:15:09.587`)
+- [CVE-2025-25063](CVE-2025/CVE-2025-250xx/CVE-2025-25063.json) (`2025-02-03T04:15:09.760`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -247153,10 +247153,13 @@ CVE-2024-20138,0,0,1264e7fcc71f95b0ae39f37ee36146e7c465bf599e4b07c736bd426b81382
 CVE-2024-20139,0,0,434bf1878b4edcc6ee42c87512888b556d261e46d1cb8ef2e233401120fa701b,2024-12-02T16:15:08.770000
 CVE-2024-2014,0,0,9c6b7427d7e4ecbb91bf5ac0c5393a05c9efb2a90a5cef1334b8ef37b43c6713,2024-11-21T09:08:48.813000
 CVE-2024-20140,0,0,abdefdf55af9c04b39505134bb76fe7fc2020967809a7e6f1b53a61d701fa68a,2025-01-06T15:15:11.600000
+CVE-2024-20141,1,1,5b2f2d428a571a1af08b9320c2be4141e3be75af7164271fd2c591899d74a245,2025-02-03T04:15:07.660000
+CVE-2024-20142,1,1,831598bb30946d73008224fe25fa8bc2794b13ddcc03e0610009b8d7b2aaee0b,2025-02-03T04:15:07.803000
 CVE-2024-20143,0,0,72741489c266087fa52a215cdc5a63a1e8e5c05ba33b72063739424e15100b6a,2025-01-06T15:15:11.753000
 CVE-2024-20144,0,0,dd0bde2dc33084db00dc8205beac10e41605c84cd3041697ffc83cea5ab50ed6,2025-01-06T15:15:11.917000
 CVE-2024-20145,0,0,7ec4c6219266146d3df0e44b77fa0208be1311c4948f11f0e37de5fe2f21e90f,2025-01-06T15:15:12.077000
 CVE-2024-20146,0,0,b6bb48c380b3b8b9d3cfd85bd440a87f185fae663e0c8193340e8b9dd92f1503,2025-01-06T15:15:12.223000
+CVE-2024-20147,1,1,7e1d70cf04e3f68e1e29a72f138ba8cca90ce75e8f9ccb58424be8418393d622,2025-02-03T04:15:07.927000
 CVE-2024-20148,0,0,020b2cd09e91f8beac0c9caedb7ae42dc4f322034d76d3f8252025922b8dcaa2,2025-01-06T15:15:12.387000
 CVE-2024-20149,0,0,568ee02819888360cfcfe668f6e33aef2b41d5b7206273582d0fafdca3736f77,2025-01-06T15:15:12.523000
 CVE-2024-2015,0,0,4b2b7166fa9575a7c1050901ca90dd43f109899611c303f2828bf2e2cf52681a,2024-11-21T09:08:48.950000
@ -278266,8 +278269,8 @@ CVE-2025-0967,0,0,728a9126726e0e350a5a8c892697ccdf6812a974486e289872836698a19ef8
 CVE-2025-0970,0,0,95e62525aebec3fbba9f5912053c211ecd537e958ef44f7053ff3a4aced6d2dd,2025-02-02T23:15:19.027000
 CVE-2025-0971,0,0,c8a3294328317f8d3453b7c51436c171e751d25251685937b4bd407805261ee7,2025-02-03T00:15:27.797000
 CVE-2025-0972,0,0,3993ac5cb544f96eddd4ea382f0cae390a0048486c03ea18bb36ab062e41c6ed,2025-02-03T00:15:28.007000
-CVE-2025-0973,1,1,37f661449c5d41bc7d595495ef0c9ea92e0effb9bc1925009def0bc433286647,2025-02-03T01:15:07.263000
-CVE-2025-0974,1,1,8c546eff83dbe5240d979de322859dbce3e0f40803afa459c807306a06c0fe25,2025-02-03T02:15:26.433000
+CVE-2025-0973,0,0,37f661449c5d41bc7d595495ef0c9ea92e0effb9bc1925009def0bc433286647,2025-02-03T01:15:07.263000
+CVE-2025-0974,0,0,8c546eff83dbe5240d979de322859dbce3e0f40803afa459c807306a06c0fe25,2025-02-03T02:15:26.433000
 CVE-2025-20014,0,0,c7b03c8de0f1a02652afc1076707a5c9ed340500d3cc7fc3a1a2840db59d647f,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
@ -278289,6 +278292,19 @@ CVE-2025-20617,0,0,5e5337fea3f32f18b26cd8ba8dd17d3809fb24229b1710efe951151848f1e
 CVE-2025-20620,0,0,3537bfd354e2e5606a7442449870297aadd63b5c6f244c03eb513f3f9ee090eb,2025-01-14T10:15:07.860000
 CVE-2025-20621,0,0,060306fc4f84916fe909badb69a5829b34e2103b61fada341bb3713a68cfaebc,2025-01-16T19:15:29.960000
 CVE-2025-20630,0,0,0cb6d1c0b91807d74fd49faca2a027b3e775f1213907ee8f88e4e58cb3b78a59,2025-01-16T19:15:30.110000
+CVE-2025-20631,1,1,294bee6570826d339680d764b3c71085638d6187a4946618ec2d4a590952b2b4,2025-02-03T04:15:08.060000
+CVE-2025-20632,1,1,61d171a0a133bc1f03431d9d09cd560f8e08d6b5d4d7866487aaf8cb6f7ef835,2025-02-03T04:15:08.177000
+CVE-2025-20633,1,1,6d56a829b7a8869dfc1f912362e005c276eccb732bc80f3ef2180e21d82031e2,2025-02-03T04:15:08.307000
+CVE-2025-20634,1,1,f0e9dd85166e65cd94b2baf76d874f690b6276a6f27cd6dd46452c0176b65005,2025-02-03T04:15:08.423000
+CVE-2025-20635,1,1,a5c9198272a38c2a0da12a8b5b85cca2c82c6b074a7c9dccb1ae9fda0968fb6f,2025-02-03T04:15:08.540000
+CVE-2025-20636,1,1,f5f5bf8ddedda56504662788de1ede735adcbb879aef5f344026f03acb5a02f6,2025-02-03T04:15:08.643000
+CVE-2025-20637,1,1,c6822a9e96d7e55131004e651df23b9a9d6903b1dd081b6f2108f590d17f8929,2025-02-03T04:15:08.747000
+CVE-2025-20638,1,1,f0d693eae65e0fbc22c7f804be28612e21538867f20b337de7d7f457fe70bf81,2025-02-03T04:15:08.863000
+CVE-2025-20639,1,1,ad1c951307707f522e9a51cbe470ba258b098a63524a8cebfded4b083773999b,2025-02-03T04:15:08.980000
+CVE-2025-20640,1,1,3ed09539e8520da0cf8de4cb3f8eb0305375d5bba1e40df569ff1d2f8efcfd38,2025-02-03T04:15:09.093000
+CVE-2025-20641,1,1,1f1dca11e4396155c6c2d85e92a60048fbfbc362057a650d33cbb68d667c0850,2025-02-03T04:15:09.210000
+CVE-2025-20642,1,1,4c81b8f5d6614b9c2cccc3ff419c471c8bb10f0a5269dde48d70240fe84d2196,2025-02-03T04:15:09.333000
+CVE-2025-20643,1,1,d9c2eb3aed18de614f96e3f2b467b2cde5cdf5510e8614fa1e01326da8da55f7,2025-02-03T04:15:09.460000
 CVE-2025-21083,0,0,b1f881e778d473a44d11cfcbd38b4988ccf3c0bae1e47d54950fb32a165015e0,2025-01-15T17:15:19.393000
 CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93ca54,2025-01-15T16:15:32.413000
 CVE-2025-21101,0,0,54fc3436ce4cfc40d8a2f15abbf941cc22582b7c164f3bb799cb159e69cf76ad,2025-01-15T05:15:09.097000
@ -279765,3 +279781,5 @@ CVE-2025-24884,0,0,c8f8a9327c2f3a8834bafd81cd529a51e8f5ae8556d58ea7a307819d44153
 CVE-2025-24885,0,0,0a632954017de6517b1f4086dc09ffdb61b42a67962d4ef471217a658992e732,2025-01-30T23:15:07.993000
 CVE-2025-24886,0,0,22fe46ec70a40a868eba2ce8010e4edb050dca5246d72f260cb907446680300d,2025-01-30T23:15:08.990000
 CVE-2025-24891,0,0,07e08674cd8442d8685f561260fcf45fa0fd7fb9d59fcfb97bcd82467bccf06d,2025-01-31T23:15:08.457000
+CVE-2025-25062,1,1,d7cd47140e90c99ff5d70fbea50bb5a39373533859e38c36979aba1d23137e6e,2025-02-03T04:15:09.587000
+CVE-2025-25063,1,1,8c34659c6a257a89c707c83868a8b18d34ee010ab7504a5a7479117985ac792f,2025-02-03T04:15:09.760000