Auto-Update: 2025-06-25T08:00:45.806194+00:00

CVE-2025/CVE-2025-438xx/CVE-2025-43880.json

@@ -0,0 +1,104 @@
+{
+  "id": "CVE-2025-43880",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-06-25T06:15:20.250",
+  "lastModified": "2025-06-25T06:15:20.250",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1333"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/weseek/growi/pull/9487",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN21624250/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-06-25T04:00:32.435730+00:00
+2025-06-25T08:00:45.806194+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-06-25T03:15:27.853000+00:00
+2025-06-25T06:15:20.250000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-299262
+299263
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `1`
 
-- [CVE-2025-0966](CVE-2025/CVE-2025-09xx/CVE-2025-0966.json) (`2025-06-25T03:15:26.580`)
-- [CVE-2025-36004](CVE-2025/CVE-2025-360xx/CVE-2025-36004.json) (`2025-06-25T03:15:27.687`)
-- [CVE-2025-5585](CVE-2025/CVE-2025-55xx/CVE-2025-5585.json) (`2025-06-25T03:15:27.853`)
+- [CVE-2025-43880](CVE-2025/CVE-2025-438xx/CVE-2025-43880.json) (`2025-06-25T06:15:20.250`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2025-48798](CVE-2025/CVE-2025-487xx/CVE-2025-48798.json) (`2025-06-17T10:15:23.967`)
 
 
 ## Download and Usage

_state.csv

@@ -283509,7 +283509,7 @@ CVE-2025-0958,0,0,8e934c42a8ae7048365dcc09aa09f32a5218f596be70202f3292fa3b9e1add
 CVE-2025-0959,0,0,2ef0e74d37106a9147ba132a96f3962a471250250ebc475b9bdb4c0c141acc13,2025-03-13T14:59:44.297000
 CVE-2025-0960,0,0,499907aaf0daa1209acd23a8382909ccee8a784758e88e7f103cadb30772d3d2,2025-02-04T20:15:50.103000
 CVE-2025-0961,0,0,346daf6e4766249f748146548eba00ad58cef7728e5a80d5d79af93be768a67d,2025-05-28T17:17:22.983000
-CVE-2025-0966,1,1,d87ca3e7a274acde1b865c5c0919cc28cf819680ee7ef4441fa2900e9b6ce630,2025-06-25T03:15:26.580000
+CVE-2025-0966,0,0,d87ca3e7a274acde1b865c5c0919cc28cf819680ee7ef4441fa2900e9b6ce630,2025-06-25T03:15:26.580000
 CVE-2025-0967,0,0,d8c64e0386338d50f41e26d5ea4b324d68ccfa9e57d63544f495e90b3a5b315a,2025-02-25T19:05:40.627000
 CVE-2025-0968,0,0,a4e9e6689859f7c2eea936619747aa6ea0cae6f7cc09990c02ad9c83b9675838,2025-02-25T20:21:17.287000
 CVE-2025-0970,0,0,dbb9a878c26220e6c6fcf04d86cb830c57c2ed2708896797c1f2c042f5dde1ff,2025-02-02T23:15:19.027000
@@ -293892,7 +293892,7 @@ CVE-2025-3599,0,0,50511407f557708506d42c82ca157e4b27ffcaf91e7ac0f0029a3b3d58f00d
 CVE-2025-35995,0,0,a590f4d82a5b6a6ddf49e3e9ff3fcb9f7ad4db6e56f789349ace8583f960ea2e,2025-05-08T14:39:09.683000
 CVE-2025-35996,0,0,a68f8bf3039aca0fabffa5365ae47dde1016d171f7f66e0132baceb8c4b864b9,2025-05-02T13:52:51.693000
 CVE-2025-3600,0,0,39687de6700cb24ab4e4b1a2e787339a193916dd4e6bd5edd6e893f0c5922e67,2025-05-16T14:43:56.797000
-CVE-2025-36004,1,1,9607d479475c4db7f6c6570a9fe36d71d16713a1fc60b5c59ba5c3e48b0a3bb4,2025-06-25T03:15:27.687000
+CVE-2025-36004,0,0,9607d479475c4db7f6c6570a9fe36d71d16713a1fc60b5c59ba5c3e48b0a3bb4,2025-06-25T03:15:27.687000
 CVE-2025-36016,0,0,af37919821fdd574b942ee9d20d1ecfb430b58097892e9a643523ecf7010f2dd,2025-06-23T20:16:21.633000
 CVE-2025-3602,0,0,9dae34871a5aa21ddbebfa01b8417ba4c26394066febdada550c394e6505596c,2025-06-17T20:50:23.507000
 CVE-2025-3603,0,0,8fc219493265409dea0354ed582a157fa1e4783601045e446f4ea74d7c8f20d5,2025-04-29T13:52:47.470000
@@ -295491,6 +295491,7 @@ CVE-2025-43877,0,0,5b7864d660b5acb06c5ca9c240c07b4edcbe1592d545ff6636f05b352d36f
 CVE-2025-43878,0,0,35cf7c07b8b80c3378b7e206d0f6773b587f978a8b7a7526ac0a236c37d60b0d,2025-05-08T14:39:09.683000
 CVE-2025-43879,0,0,a8191614f6e5d432713b06b24ef6ee18cd89c8d92e486cbe24e75b79d72651dc,2025-06-24T05:15:24.567000
 CVE-2025-4388,0,0,97a1b6eacb96a5a89fd1b724cb794d70ee55608bc796c2eb710dc788294d8025,2025-05-07T14:13:20.483000
+CVE-2025-43880,1,1,587d2984755846d708616914cb674a0ef4fc9828a8ae28200ffe8a53719fd8cd,2025-06-25T06:15:20.250000
 CVE-2025-4389,0,0,45c746d75c230b521e0d7fa0f7ed2e2bcf19d590062d4846efcc391c1f917c66,2025-05-19T13:35:20.460000
 CVE-2025-43893,0,0,ce2184c9570a27f32b1c53e1a7eb084bc072ba61bfa0569a85000898bdc56f02,2025-04-19T03:15:14.017000
 CVE-2025-43894,0,0,38ad6fd8c7d98bd63b2db2d688fe0af16a117e87d6d33ebfcd5ac8fe03cfe13b,2025-04-19T03:15:14.087000
@@ -297484,7 +297485,7 @@ CVE-2025-48793,0,0,c894ec9ed8b3b5d1fda9891ce2808a0fb7689dd63eec3c7bb7e9e649736a3
 CVE-2025-48794,0,0,0f60a10fd5bbac90e9e184a916afa3ee1c6a6178325620c93725d026aac184ad,2025-05-27T04:15:41.160000
 CVE-2025-48796,0,0,5c467d1a2669d77ceb69e55cea05d09cde2aaa034119240321683e5490565638,2025-05-28T15:01:30.720000
 CVE-2025-48797,0,0,0f610e462fa71aef647f917d9ca4275a49e1477214074f960a230a5c09486644,2025-06-25T01:15:23.097000
-CVE-2025-48798,0,1,ff65f5121c0e0cda96784e173e6217bb4bf6c6642cebd0c35f064bd9a2b602ed,2025-06-17T10:15:23.967000
+CVE-2025-48798,0,0,ff65f5121c0e0cda96784e173e6217bb4bf6c6642cebd0c35f064bd9a2b602ed,2025-06-17T10:15:23.967000
 CVE-2025-4880,0,0,e66433f376d95dc941d17745f27a53d60427f87111077aee793bacaa1dd21351,2025-05-21T17:33:42.373000
 CVE-2025-4881,0,0,3fdda22eaf1afa96c9c6bfb121fd7cc7da116831a6f494c0b7df343d1eed58c4,2025-05-21T19:38:39.660000
 CVE-2025-4882,0,0,9ae533a1d17c0bc7b22051d58510b828885d48326cbc794d7bf23ceba43e10c0,2025-05-21T19:38:24.990000
@@ -298606,7 +298607,7 @@ CVE-2025-5581,0,0,c54747d4f47de2d53a0450ac3d2803f6b1ce7f3a8f3dd0d32c7ea29ca0ea8b
 CVE-2025-5582,0,0,d2f1baa22f55fc38a8f865d0e99938121f7ce9bfb4e6584060e61c164943f9d6,2025-06-04T17:44:37.780000
 CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991ad,2025-06-04T17:44:26.393000
 CVE-2025-5584,0,0,554122312ccf631b36ad0ef789707a593ded0bc038e2cac6c090436b66fd53f2,2025-06-10T15:10:06.207000
-CVE-2025-5585,1,1,a4b85e7f335ebebadeca6227d4a2158131bdc84c9a2d7b4b046eba3dd8869dc4,2025-06-25T03:15:27.853000
+CVE-2025-5585,0,0,a4b85e7f335ebebadeca6227d4a2158131bdc84c9a2d7b4b046eba3dd8869dc4,2025-06-25T03:15:27.853000
 CVE-2025-5586,0,0,b91049de82efb55ef679cf10931aa4f56290c24a8f2fbf45be0281fcede07341,2025-06-06T14:07:28.330000
 CVE-2025-5589,0,0,6c79a04993e971b42452f3a0ae16618b76eb63bb362b0f3291c861226ed4734d,2025-06-16T12:32:18.840000
 CVE-2025-5592,0,0,36c388f33c323490a93ebd79d5f124d5f4fdc10d946cc1144d6e587fb6694158,2025-06-09T15:02:45.030000