diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2258.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2258.json new file mode 100644 index 00000000000..d0c11837b76 --- /dev/null +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2258.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-2258", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-04-06T19:15:40.197", + "lastModified": "2025-04-06T19:15:40.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length smaller than the data request size. A\n possible workaround is to disable HTTP PUT support.\n\n\n\n\nThis issue follows an uncomplete fix in CVE-2025-0728." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/commit/6c8e9d1c95d71bd4b313e1cc37d8f8841543b248", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-chqp-8vf8-cj25", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2259.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2259.json new file mode 100644 index 00000000000..39f08135768 --- /dev/null +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2259.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-2259", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-04-06T19:15:41.020", + "lastModified": "2025-04-06T19:15:41.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length in one packet smaller than the data \nrequest size of the other packet. A possible workaround is to disable \nHTTP PUT support.\n\n\n\n\nThis issue follows an incomplete fix of CVE-2025-0727" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-chhp-gmxc-46rq", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2260.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2260.json new file mode 100644 index 00000000000..95389ce02e9 --- /dev/null +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2260.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-2260", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-04-06T19:15:41.153", + "lastModified": "2025-04-06T19:15:41.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause a denial of service by specially \ncrafted packets. The core issue is missing closing of a file in case of \nan error condition, resulting in the 404 error for each further file \nrequest. Users can work-around the issue by disabling the PUT request \nsupport.\n\n\n\n\nThis issue follows an incomplete fix of CVE-2025-0726." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-f42f-6fvv-xqx3", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a6dd5d8b3cd..f19d4ee2127 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-06T16:00:19.600211+00:00 +2025-04-06T20:00:19.408971+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-06T14:15:35.690000+00:00 +2025-04-06T19:15:41.153000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288723 +288726 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2025-3318](CVE-2025/CVE-2025-33xx/CVE-2025-3318.json) (`2025-04-06T14:15:35.690`) +- [CVE-2025-2258](CVE-2025/CVE-2025-22xx/CVE-2025-2258.json) (`2025-04-06T19:15:40.197`) +- [CVE-2025-2259](CVE-2025/CVE-2025-22xx/CVE-2025-2259.json) (`2025-04-06T19:15:41.020`) +- [CVE-2025-2260](CVE-2025/CVE-2025-22xx/CVE-2025-2260.json) (`2025-04-06T19:15:41.153`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 0a660d70252..b94ac5ff1c0 100644 --- a/_state.csv +++ b/_state.csv @@ -283858,6 +283858,7 @@ CVE-2025-22576,0,0,d91ec1220267346d1a0f0443983782bbf181c797facca8f491a7bfecb878d CVE-2025-22577,0,0,de49ca44634bd4c2dcd4ed4b2c861f3aeca16b15d3e20dc646883514b316145b,2025-01-07T16:15:53.823000 CVE-2025-22578,0,0,a663c0074d74b9b4b7e504663f4236ea23bd746235c7a6cf544a9a518e4833f7,2025-01-07T16:15:53.970000 CVE-2025-22579,0,0,dec211853384da65ca43ab843ad0ef7d38624586cc8219bff72d8bb4860195e9,2025-01-07T16:15:54.130000 +CVE-2025-2258,1,1,0cd74c3c079054629f3b7fe0c23cdb301c762243761a12a2db00d9a9f07c09d5,2025-04-06T19:15:40.197000 CVE-2025-22580,0,0,987481d428d626ab3a636b089b28e62611932bb1aa3674325a18a905b6d8d87d,2025-01-07T16:15:54.303000 CVE-2025-22581,0,0,f24e3c65602b83836f496886c24039cf1c8846e00c33a0a0c021007f597e352b,2025-01-07T16:15:54.467000 CVE-2025-22582,0,0,bbd386f1b2f8f011e4028e09374da7622be33dbcfbf78736ef844c0c8abee84b,2025-01-07T16:15:54.640000 @@ -283868,6 +283869,7 @@ CVE-2025-22586,0,0,16804334a047b2f01340eb62615a8dd9316b9a12b35e95c16e6a136bd06b6 CVE-2025-22587,0,0,2bf5cc749481686a77b87726094a1b5a9d61f7be75b7c5b80afd006567747bd5,2025-01-15T16:15:35.097000 CVE-2025-22588,0,0,3237594a1e0f94efbc9060e1729c2d2e97f5964f4414bc5b9057647a8c2b5034,2025-01-13T14:15:12.660000 CVE-2025-22589,0,0,04766fb247e57bcb66805699f5e7d85615d427973633880479f532a655c1369c,2025-01-07T16:15:55.053000 +CVE-2025-2259,1,1,68846400b8097b692c6ea924ac979253412bd794b75a493b4641799303edb2fe,2025-04-06T19:15:41.020000 CVE-2025-22590,0,0,c88e366f105099929b737c28e4e59657f86cfa9e8944fe204794560a0673da79,2025-01-07T16:15:55.200000 CVE-2025-22591,0,0,9dc7be8606e10b7ca53ae284810d2833be8121f6bd7b217f458b2b42cfb403cb,2025-01-07T16:15:55.337000 CVE-2025-22592,0,0,f03fcd01ef66d026e28f7de006f4752785662917cd91a853528350917c3e1917,2025-01-07T16:15:55.470000 @@ -283878,6 +283880,7 @@ CVE-2025-22596,0,0,85a91d84b086cf2d26ea13cd9daa28bfb104cad323d8ccc40a1c8d7f329fb CVE-2025-22597,0,0,17f31e496d6f89ce90e67d8d3354a46b69c965ce65fd32dbc48c02e3fb30a22a,2025-01-10T16:15:30.343000 CVE-2025-22598,0,0,0c44771a87717f07aa16150607f16cb1b938a538d21078934565966886608cde,2025-01-10T16:15:30.540000 CVE-2025-22599,0,0,20809292b1d6f857c32458a3cd86c68344c8e6624af18d1980e2ad05be7596b8,2025-01-10T16:15:30.737000 +CVE-2025-2260,1,1,c431dfa2bc816b6bda9f95593a59e0f27ac80b299217b3c32775f06827f9e040,2025-04-06T19:15:41.153000 CVE-2025-22600,0,0,d3a9bca45ae0c92a9f59f04a8a63958720efe424d52a1aec0d078cf124c20863,2025-01-10T16:15:30.940000 CVE-2025-22601,0,0,e5a036684b4e6e1204af1b20135d30f3904e4c5af4a80eedecb01794128ea749,2025-02-04T21:15:27.800000 CVE-2025-22602,0,0,c8f7aea9374385130d2049dfea6e2ee228c262f087909008185d3a99dec96d21,2025-02-04T21:15:27.950000 @@ -288721,4 +288724,4 @@ CVE-2025-3314,0,0,a32c48c2289fd3933feefe7b6a0a9bf911beb1fa21385e30072f620ea470a2 CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a2e,2025-04-06T10:15:14.840000 CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000 CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000 -CVE-2025-3318,1,1,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000 +CVE-2025-3318,0,0,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000