Auto-Update: 2025-03-13T11:00:20.073690+00:00

2025-05-08 19:47:09 +00:00 · 2025-03-13 11:03:49 +00:00 · 2025-03-13 11:03:49 +00:00 · 7b3cb09b1a
commit 7b3cb09b1a
parent b5fda81722
5 changed files with 126 additions and 23 deletions
--- a/CVE-2025/CVE-2025-16xx/CVE-2025-1683.json
+++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1683.json
@ -2,8 +2,8 @@
  "id": "CVE-2025-1683",
  "sourceIdentifier": "security@1e.com",
  "published": "2025-03-12T16:15:20.660",
-  "lastModified": "2025-03-12T16:15:20.660",
-  "vulnStatus": "Received",
+  "lastModified": "2025-03-13T10:15:19.687",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
@ -60,6 +60,10 @@
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1683",
      "source": "security@1e.com"
    },
+    {
+      "url": "https://www.1e.com/trust-security-compliance/?ac=0-4",
+      "source": "security@1e.com"
+    },
    {
      "url": "https://www.1e.com/trust-security-compliance/cve-info/",
      "source": "security@1e.com"
--- a/CVE-2025/CVE-2025-251xx/CVE-2025-25175.json
+++ b/CVE-2025/CVE-2025-251xx/CVE-2025-25175.json
@ -0,0 +1,100 @@
+{
+  "id": "CVE-2025-25175",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2025-03-13T09:15:14.123",
+  "lastModified": "2025-03-13T09:15:14.123",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while  parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "PASSIVE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-920092.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-298xx/CVE-2025-29891.json
+++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29891.json
@ -2,13 +2,13 @@
  "id": "CVE-2025-29891",
  "sourceIdentifier": "security@apache.org",
  "published": "2025-03-12T15:15:40.997",
-  "lastModified": "2025-03-12T18:15:26.747",
-  "vulnStatus": "Received",
+  "lastModified": "2025-03-13T09:15:14.860",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "Bypass/Injection vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4.\n\nUsers are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.\n\nThis vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component.\n\nIf you have Camel applications that are directly connected to the internet via HTTP, then an attacker\u00a0could include parameters in the HTTP requests that are sent to the Camel application that incorrectly get translated into headers.\u00a0\n\nThe headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation.\n\nAll the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box.\n\nThis CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components."
+      "value": "Bypass/Injection vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4.\n\nUsers are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.\n\nThis vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component.\n\nIf you have Camel applications that are directly connected to the internet via HTTP, then an attacker\u00a0could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers.\u00a0\n\nThe headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation.\n\nAll the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box.\n\nThis CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components."
    }
  ],
  "metrics": {
@ -38,7 +38,7 @@
  "weaknesses": [
    {
      "source": "security@apache.org",
-      "type": "Primary",
+      "type": "Secondary",
      "description": [
        {
          "lang": "en",
@ -48,7 +48,7 @@
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-      "type": "Primary",
+      "type": "Secondary",
      "description": [
        {
          "lang": "en",
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-13T09:00:21.733719+00:00
+2025-03-13T11:00:20.073690+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-13T08:15:10.950000+00:00
+2025-03-13T10:15:19.687000+00:00
 ```

 ### Last Data Feed Release
@ -33,24 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-285127
+285128
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2025-1119](CVE-2025/CVE-2025-11xx/CVE-2025-1119.json) (`2025-03-13T07:15:36.517`)
- [CVE-2025-1785](CVE-2025/CVE-2025-17xx/CVE-2025-1785.json) (`2025-03-13T08:15:10.950`)
- [CVE-2025-2271](CVE-2025/CVE-2025-22xx/CVE-2025-2271.json) (`2025-03-13T07:15:37.133`)
+- [CVE-2025-25175](CVE-2025/CVE-2025-251xx/CVE-2025-25175.json) (`2025-03-13T09:15:14.123`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `2`

- [CVE-2024-11218](CVE-2024/CVE-2024-112xx/CVE-2024-11218.json) (`2025-03-13T07:15:33.087`)
- [CVE-2025-1354](CVE-2025/CVE-2025-13xx/CVE-2025-1354.json) (`2025-03-13T07:15:36.740`)
+- [CVE-2025-1683](CVE-2025/CVE-2025-16xx/CVE-2025-1683.json) (`2025-03-13T10:15:19.687`)
+- [CVE-2025-29891](CVE-2025/CVE-2025-298xx/CVE-2025-29891.json) (`2025-03-13T09:15:14.860`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -245363,7 +245363,7 @@ CVE-2024-11214,0,0,ce293b49fa3792aed1bdef0278728de22346b7c8c6fd060fecdb1a211d7c2
 CVE-2024-11215,0,0,649934bde3315408f935571e43aced9541face2e1cac41750a3378db1c35aaf3,2024-11-15T13:58:08.913000
 CVE-2024-11216,0,0,a6c74f3e9ab35e562debd77e74e353f728b8647e91c626d40439216aac83aa2a,2025-03-05T13:15:11.493000
 CVE-2024-11217,0,0,cb24a1bdb987ee2ebd888113abdd2cecfb9cb2fe9a3dca74044179030beb620c,2024-11-18T17:11:56.587000
-CVE-2024-11218,0,1,2c83ebc69a521a8df4e71b18db7961e12fe5bca171323d0ccce26da22726fdc5,2025-03-13T07:15:33.087000
+CVE-2024-11218,0,0,2c83ebc69a521a8df4e71b18db7961e12fe5bca171323d0ccce26da22726fdc5,2025-03-13T07:15:33.087000
 CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000
 CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000
 CVE-2024-11220,0,0,bea01215af1b0ab3953945bb3fe68c48439557338f0129d7423ffdb58e634441,2025-01-23T16:54:24.970000
@ -280940,7 +280940,7 @@ CVE-2025-1115,0,0,30d7245a282f9be9cd5e268e84a047b532c6864c57222cb265a909087aa7d4
 CVE-2025-1116,0,0,00a59e293e16dcad8521027625075db7b6762697e4bdc6e6648fad6aa5872375,2025-02-08T12:15:39.660000
 CVE-2025-1117,0,0,689febb6066d1fec82c60e215bad724ad5df8fa85c4636fc9e776b8da79fe4d3,2025-02-08T13:15:07.843000
 CVE-2025-1118,0,0,1d46e95b87fe7edb9839b43fa6447bac85df34e285b438ecef13347991dc098d,2025-02-19T18:15:24.280000
-CVE-2025-1119,1,1,7d76cf1ab52c66b4a66ebbce469188d95bc82c0b0b0175f5ddfd00aa354d0743,2025-03-13T07:15:36.517000
+CVE-2025-1119,0,0,7d76cf1ab52c66b4a66ebbce469188d95bc82c0b0b0175f5ddfd00aa354d0743,2025-03-13T07:15:36.517000
 CVE-2025-1121,0,0,9094e254d77d2517bf38e2237a51779f86d65910c2017a2cf8b036371dc62241,2025-03-07T20:15:37.407000
 CVE-2025-1125,0,0,2f04992a8811506ffd86df04ce8fd4c4eaf818b2350c9b37d99c1e9008bb7d98,2025-03-05T21:15:19.707000
 CVE-2025-1126,0,0,75a0af68b2de42873e4ee33ccd68bb162ec9dabf122dea8ebb0bf11a24b953a1,2025-02-11T17:15:23.537000
@ -281078,7 +281078,7 @@ CVE-2025-1340,0,0,2a8e869213076f4a20324bcd8b840df9a199476ff204b4ae058d07c9a94e00
 CVE-2025-1341,0,0,81c73205f91da4e4a53e62a4a3612a03f01d8a5a3578739a3ddcdc59f89bd9d8,2025-02-16T14:15:21.893000
 CVE-2025-1352,0,0,49ac14e9196cb2742d9d61507be651bb74f909d13564705f3ec967ee19bb4a5a,2025-02-16T15:15:09.133000
 CVE-2025-1353,0,0,592b3b5fa0e656024e4607b02db6b1922da161f4886bf146bf25aacc925677e1,2025-02-26T08:13:23.443000
-CVE-2025-1354,0,1,3c0fb3ba8e22aa5a65dfed92e4d3c6da103918dbde8625acf08353fd6b59f147,2025-03-13T07:15:36.740000
+CVE-2025-1354,0,0,3c0fb3ba8e22aa5a65dfed92e4d3c6da103918dbde8625acf08353fd6b59f147,2025-03-13T07:15:36.740000
 CVE-2025-1355,0,0,6caee86eb6a8e3923b40b372ffbf6b511adee57dcd89d4b3fa6b8d5df24b9151,2025-02-25T03:41:32.873000
 CVE-2025-1356,0,0,1208ea8c9feffd512c177155b86b87da904ba758ea88d8448c18154aade44db4,2025-02-25T03:40:30.107000
 CVE-2025-1357,0,0,ed748fcc9d023acbae682d7a1236530483f53d6ca6eeb189959266b42b71cab3,2025-02-16T19:15:09.500000
@ -281251,7 +281251,7 @@ CVE-2025-1675,0,0,41964deda5d2388164c40f16f260062c32ffffe02c616e33cd5948a6538bb6
 CVE-2025-1676,0,0,ffcca994630f7ace6a571d92659403689ac413c9afb10a75dc0095ea449331e9,2025-02-25T14:15:31.447000
 CVE-2025-1681,0,0,3ee297593e4a5818266094c9d5282266af1bf843390e9752b5023996a22e1071,2025-02-28T00:15:35.950000
 CVE-2025-1682,0,0,cc794daa0dbacddc54b0e89e0bf9a4796b5672845d169d6dbf1869b7f592f754,2025-02-28T00:15:36.100000
-CVE-2025-1683,0,0,14c35c530f3277223cde7a8e37b5bf62e5fa50552edb6171153ee0767d5fb840,2025-03-12T16:15:20.660000
+CVE-2025-1683,0,1,d18892c006fc219f48d7d3ce3110f32b39eb82cef4fed2d9cbe58fe6144639a0,2025-03-13T10:15:19.687000
 CVE-2025-1686,0,0,aeb3e336ffe94b1c0a7e4872f92b31f7de132db0e69b60fe0611b8798ab6716d,2025-02-27T15:15:40.940000
 CVE-2025-1687,0,0,553889bbf1832e8d0246ba505a729ffeb25a6379aca1ca1f8f3f4851031d21de,2025-02-28T00:15:36.240000
 CVE-2025-1689,0,0,049ae4dee98f065b7f7f52ce04df5123177e15522ad59dafeab6f6ff67faccdb,2025-03-11T16:19:41.870000
@ -281289,7 +281289,7 @@ CVE-2025-1768,0,0,c05b89cadd612720776009e6e0d5cd82f5ad65495c19a7bd41a71ec158195a
 CVE-2025-1776,0,0,9f5910c7138c13ec1de71b228a6c2b4d183ead70b893aab7547c66452e55fc54,2025-02-28T14:15:35.943000
 CVE-2025-1780,0,0,3f45bedc6155c2b8b2fa77d1259dea132c1de7996dc227477ece460ea93a3593,2025-03-01T04:15:09.713000
 CVE-2025-1783,0,0,7fcaf339289a48edd534e2424306b8cd911988b21bbe826dd21f100c86d4c9de,2025-03-08T10:15:11.647000
-CVE-2025-1785,1,1,565796a19d8adcf7f3c6fd2dbdfafbdccf15b708e045b882f19b0cbe681866ea,2025-03-13T08:15:10.950000
+CVE-2025-1785,0,0,565796a19d8adcf7f3c6fd2dbdfafbdccf15b708e045b882f19b0cbe681866ea,2025-03-13T08:15:10.950000
 CVE-2025-1786,0,0,ad5ad2cc482ea0e990ccfde4284bed8bd985e906e2b3d6d5c46c5b7aa325f660,2025-03-03T21:15:16.130000
 CVE-2025-1788,0,0,eea96ff8d7571aa32dee65283e84ed9282f70445eccb027f53ff2ff5b53af011,2025-03-03T21:15:16.263000
 CVE-2025-1791,0,0,b51ec6e3363933841ca9d89f35b1f043f0875f3be451d26be83ec61e44a02997,2025-03-03T21:15:16.433000
@ -282686,7 +282686,7 @@ CVE-2025-22704,0,0,414149081451a41091726c0400b017c0c9bbdce68febf028bdf6499ccf05d
 CVE-2025-22705,0,0,b9dc0ee4987cc810ce97faa40f90d51cc4a901ca9620c4f52633396a62128280,2025-02-14T13:15:43.020000
 CVE-2025-22706,0,0,426d0c1b0527ee1d623f40f809dfb7f93a7c42b34ad1ff79a058926eac7018d0,2025-01-21T14:15:10.640000
 CVE-2025-22709,0,0,3f8492adc78070ddb38f727e841374c07eca9b418229f22b07bd0ce34a8b5f25,2025-01-21T14:15:10.823000
-CVE-2025-2271,1,1,bb0fe8e81f1c7495bd5556e838678b0a9fc2369d055163266fd1cd469a17de8b,2025-03-13T07:15:37.133000
+CVE-2025-2271,0,0,bb0fe8e81f1c7495bd5556e838678b0a9fc2369d055163266fd1cd469a17de8b,2025-03-13T07:15:37.133000
 CVE-2025-22710,0,0,40f6e9b73df3fa17e0d165ff493773064dddeba801cd97e03af654cab32baf6e,2025-01-21T14:15:11
 CVE-2025-22711,0,0,c38591579c6fafc13f8a8d7fcc4d03f2cc3b7f08e79db700c89246ddca0afeac,2025-01-21T14:15:11.173000
 CVE-2025-22714,0,0,e27e8bdf59d90efe0a4971ebb0295781da7ce2045b78082d71465a0e502c1251,2025-01-24T11:15:09.823000
@ -284192,6 +284192,7 @@ CVE-2025-25167,0,0,e14b9eb6e466e19d148bb81d5cb2df8f805c1241e9a9e8cd6260db11c719e
 CVE-2025-25168,0,0,93fb1477ac0fd147322a0beee26e3b74949bd1187f727ff11033ff5c839391ea,2025-02-11T18:21:01.407000
 CVE-2025-25169,0,0,b2c2eae9e9728260a10cbcd3cd6ed185b5ee51c8c2c4bd8b669b60e645fe9781,2025-03-03T14:15:54.477000
 CVE-2025-25170,0,0,10b2b5d5b1d8e09a883b23033bc8ac75abe37fde2151575888a21edb35483c78,2025-03-03T14:15:54.613000
+CVE-2025-25175,1,1,07fdccb73d5e74e8cb676082b204b1fb69b94b2648dd7b64cf37e4c8484dd78e,2025-03-13T09:15:14.123000
 CVE-2025-25181,0,0,54bb22ae37fb0440fda0b5dd67cbfbac1a1597f5e597c7d05ce884fb001eab92,2025-03-11T01:00:03.127000
 CVE-2025-25182,0,0,6fd347398e5cc83c7bcf9c93dfa3366f2e8e0aced29c81495217dd5d01f504cd,2025-02-12T17:15:23.857000
 CVE-2025-25183,0,0,9f610c42840d8f1123d400fa738e85280ed4290b29d92e2aa642daf493197632,2025-02-07T20:15:34.083000
@ -285123,6 +285124,6 @@ CVE-2025-28938,0,0,bb686e628ef6e312b49ba678a23c3f02f95c9e58d0a5c6fece2faf8008763
 CVE-2025-28940,0,0,ed38f8aafffe9d8e8d4c21ff98f3184dd535cea4b6a7d90b331442eb1950eaa4,2025-03-11T21:15:51.887000
 CVE-2025-28941,0,0,bd0484d7ee3fba23d6ad7c462ccd1272ed6f158777e89bea27cfd8fce685afa6,2025-03-11T21:15:52.030000
 CVE-2025-28943,0,0,39cd6f2d3f6ecc50e22f0deb639a3eb11e659d07b3ac031ed88186bae7521525,2025-03-11T21:15:52.187000
-CVE-2025-29891,0,0,d96dd92956b11ada45818f4cd0f77b213acf6786dc36e9fa257210541c45a543,2025-03-12T18:15:26.747000
+CVE-2025-29891,0,1,a78b892f5bcda6cc523f37c0f7c0a917e608075d8e379fc19029783e37a5c34c,2025-03-13T09:15:14.860000
 CVE-2025-29903,0,0,5eeb753d6207a33dadf8a1431c4fdae237eb7a54c906717f9d4c165d0dbfdb0c,2025-03-12T13:15:37.823000
 CVE-2025-29904,0,0,9820bd6a0dd982ed5f05f4335993011de4f806af08b3ad85485f678d69ae0889,2025-03-12T13:15:38.050000