{"vulnerability": "CVE-2025-12383", "sightings": [{"uuid": "b1a32943-0638-457d-9920-49ba1a58664e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mckgwvnwux2z", "content": "", "creation_timestamp": "2026-01-16T15:45:08.614756Z"}, {"uuid": "3232d461-3096-49d6-98d7-cb224280610a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mcx3j6ayro2o", "content": "", "creation_timestamp": "2026-01-21T16:25:12.867049Z"}, {"uuid": "fb5ef240-be12-4bfd-b01b-829c40077dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mcx3sbyy2t2o", "content": "", "creation_timestamp": "2026-01-21T16:30:18.378477Z"}, {"uuid": "ad8dbc75-c904-4353-902f-1690d29fef8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://social.circl.lu/users/circl/statuses/115935179492858315", "content": "", "creation_timestamp": "2026-01-21T21:20:49.117548Z"}, {"uuid": "c7804faa-ac69-41bf-b46e-27ec3c9199be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0292/", "content": "", "creation_timestamp": "2026-03-13T00:00:00.000000Z"}, {"uuid": "115dac48-f7fe-412e-9834-114f31e5174c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "79114659-31ef-4c17-8c7f-241ba8e3fa53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://t.me/NinjaSec/300", "content": "Code execution, bypasses, and exploits \u2014 again, for educational purposes only:\n\n\n26. CVE-2025-12359 \u2013 RCE via unsafe deserialization in REST API (CVSS 9.4)\n27. CVE-2025-12360 \u2013 XSS in Admin Dashboard plugin (CVSS 7.6)\n28. CVE-2025-12361 \u2013 Remote file inclusion in CMS plugin (CVSS 8.9)\n29. CVE-2025-12362 \u2013 Logic flaw in session handler exposes tokens (CVSS 7.5)\n30. CVE-2025-12363 \u2013 RCE in PDF conversion tool via crafted input (CVSS 9.5)\n31. CVE-2025-12364 \u2013 Auth bypass in Single Sign-On service (CVSS 9.1)\n32. CVE-2025-12365 \u2013 LFI in backup module of web control panel (CVSS 8.6)\n33. CVE-2025-12366 \u2013 CSRF on firewall config panel (CVSS 8.0)\n34. CVE-2025-12367 \u2013 SSRF in metadata parser allows internal access (CVSS 9.0)\n35. CVE-2025-12368 \u2013 SQLi in search API of project management tool (CVSS 8.2)\n36. CVE-2025-12369 \u2013 Improper permission checks in job scheduler (CVSS 8.5)\n37. CVE-2025-12370 \u2013 Open redirect leads to phishing vector (CVSS 6.5)\n38. CVE-2025-12371 \u2013 DoS via XML bomb in document parser (CVSS 7.9)\n39. CVE-2025-12372 \u2013 Directory traversal in logs endpoint (CVSS 8.1)\n40. CVE-2025-12373 \u2013 Memory leak in image rendering library (CVSS 6.9)\n41. CVE-2025-12374 \u2013 Hardcoded credentials in IoT config interface (CVSS 9.0)\n42. CVE-2025-12375 \u2013 Insecure update mechanism in desktop agent (CVSS 9.3)\n43. CVE-2025-12376 \u2013 Path traversal in zip archive handler (CVSS 8.7)\n44. CVE-2025-12377 \u2013 Race condition in file uploader logic (CVSS 7.8)\n45. CVE-2025-12378 \u2013 Java deserialization bug in SOAP API (CVSS 9.2)\n46. CVE-2025-12379 \u2013 JWT token forgery via alg=none trick (CVSS 8.8)\n47. CVE-2025-12380 \u2013 CORS misconfig allows cross-origin token theft (CVSS 8.5)\n48. CVE-2025-12381 \u2013 Exploitable crash in media encoder (CVSS 7.0)\n49. CVE-2025-12382 \u2013 Server misconfig allows upload of executables (CVSS 8.6)\n50. CVE-2025-12383 \u2013 LDAP injection in auth form (CVSS 8.9)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}, {"uuid": "89560be9-2b3c-40b1-ad97-4742831e9828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5w53w67l62u", "content": "", "creation_timestamp": "2025-11-18T16:14:57.295432Z"}, {"uuid": "f7ad3a0d-434a-4982-a1de-59e6667a88c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mduenjpmz322", "content": "", "creation_timestamp": "2026-02-02T07:55:57.085342Z"}, {"uuid": "237f326b-b5fe-48c0-abcc-de154cb0458b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116483286321859891", "content": "", "creation_timestamp": "2026-04-28T16:34:48.038258Z"}]}