{"vulnerability": "CVE-2025-23013", "sightings": [{"uuid": "bd262b04-3844-4ac2-a37a-5080bbd1d98e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/240", "content": "1. CVE-2025-0107:\nPalo Alto Expedition Tool OS Command Injection\nhttps://ssd-disclosure.com/ssd-advisory-palo-alto-expedition-rce-regionsdiscovery\n\n2. CVE-2025-22710:\nhttps://github.com/DoTTak/CVE-2025-22710\n\n3. Yubico PAM Module Vulnerability (CVE-2025-23013): A Deep Dive into Authentication Bypass in Certain Configurations\nhttps://cybersrcc.com/2025/01/18/yubico-pam-module-vulnerability-cve-2025-23013-a-deep-dive-into-authentication-bypass-in-certain-configurations", "creation_timestamp": "2025-01-21T03:14:24.000000Z"}, {"uuid": "6aa1b1eb-a257-4fbc-9547-41461197f1bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1698", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23013\n\ud83d\udd39 Description: In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.\n\ud83d\udccf Published: 2025-01-15T00:00:00\n\ud83d\udccf Modified: 2025-01-15T03:56:38.534Z\n\ud83d\udd17 References:\n1. https://www.yubico.com/support/security-advisories/ysa-2025-01/", "creation_timestamp": "2025-01-15T04:14:10.000000Z"}, {"uuid": "0d0ce379-10b0-43df-8a7e-a718024d78de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfu3ypnhzl2u", "content": "", "creation_timestamp": "2025-01-16T10:45:17.498459Z"}, {"uuid": "93d5a8ec-eebb-4444-8428-00f61415e47a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfurrkhlyl2u", "content": "", "creation_timestamp": "2025-01-16T17:14:59.508616Z"}, {"uuid": "5a7f0e8b-6700-4e5c-9a07-d8c4de51b257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lgb273zzehe2", "content": "", "creation_timestamp": "2025-01-21T14:17:49.727964Z"}, {"uuid": "902ac5f1-f0e2-4cb6-9cc0-bd89199e7f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/insightsintothings.bsky.social/post/3lgbf5qj3s223", "content": "", "creation_timestamp": "2025-01-21T17:32:57.917629Z"}, {"uuid": "62359fea-a0d0-4fd4-a1b6-6104521da9b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://t.me/ckeArsenal/367", "content": "https://cybersrcc.com/2025/01/18/yubico-pam-module-vulnerability-cve-2025-23013-a-deep-dive-into-authentication-bypass-in-certain-configurations/\n\nYubico PAM Module Vulnerability (CVE-2025-23013): A Deep Dive into Authentication Bypass in Certain Configurations\n#\u5206\u6790", "creation_timestamp": "2025-01-21T16:15:13.000000Z"}, {"uuid": "247e5253-1e3f-4519-9df2-0ce04c399ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfrr3rkq7b25", "content": "", "creation_timestamp": "2025-01-15T12:24:49.536048Z"}, {"uuid": "f6004c56-eaa5-4ffa-b8ad-881544c78ca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lftnqaxmwj25", "content": "", "creation_timestamp": "2025-01-16T06:30:01.039768Z"}, {"uuid": "9ec62a25-57e9-426c-ba66-03bf8ef0244c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfv25zzaps2x", "content": "", "creation_timestamp": "2025-01-16T19:45:07.944870Z"}, {"uuid": "78f9d030-b7f4-4b4f-b843-f8d9f7be65dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-23013", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lfvwv42lik2m", "content": "", "creation_timestamp": "2025-01-17T04:19:07.020982Z"}, {"uuid": "fdaa3992-6d2f-4cfa-af15-8c59042b2ccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfvzpkypyq2x", "content": "", "creation_timestamp": "2025-01-17T05:09:42.745476Z"}, {"uuid": "9e57f9c1-ee3c-4ea1-b4ef-748a1dd9a19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lfwwa466272j", "content": "", "creation_timestamp": "2025-01-17T13:40:04.118766Z"}, {"uuid": "8d245ede-9062-4183-a7e4-aacfaf803709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/happygeek.bsky.social/post/3lfx4fig3e22f", "content": "", "creation_timestamp": "2025-01-17T15:30:27.014594Z"}, {"uuid": "9b83b505-f8dd-4f75-bb3d-5cd6a18cd928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lgaiwaxv2uo2", "content": "", "creation_timestamp": "2025-01-21T09:08:44.712492Z"}, {"uuid": "019964d4-63f2-496e-af0c-855757e981b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lgaotjufnun2", "content": "", "creation_timestamp": "2025-01-21T10:54:46.318917Z"}, {"uuid": "99fe3018-d86f-4dac-9cfc-63e1d2d62bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lgxp3ti4dg23", "content": "", "creation_timestamp": "2025-01-30T14:30:14.396863Z"}, {"uuid": "4e37562e-d243-4aa8-9c00-2fab7504dc9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "Telegram/bXoVZr4sugSR9q3M__pI9zA4zjTuEIp8gXQ02aHAAxpoT8j1", "content": "", "creation_timestamp": "2025-02-06T02:39:11.000000Z"}, {"uuid": "bbc4cd34-48b5-491f-ad60-3b3df570387d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://t.me/cvedetector/15402", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23013 - Yubico pam-u2f Local Privilege Escalation Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-23013 \nPublished : Jan. 15, 2025, 4:15 a.m. | 35\u00a0minutes ago \nDescription : In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T05:54:39.000000Z"}, {"uuid": "c031bb44-e8a2-4d78-a4eb-4839a4e74ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11712", "content": "#exploit\n1. CVE-2025-0107:\nPalo Alto Expedition Tool OS Command Injection\n\n2. CVE-2025-22710:\nWP WooCommerce SQLI\n\n3. CVE-2025-23013:\nYubico PAM Module Authentication Bypass in Certain Configurations", "creation_timestamp": "2025-01-21T17:53:47.000000Z"}, {"uuid": "ea5b039d-0951-4c14-bf83-3f939f87a2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lfsvjlfark2e", "content": "", "creation_timestamp": "2025-01-15T23:16:48.496234Z"}, {"uuid": "ab567808-44a0-41a3-adb3-8800d4ece6c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lg23mofhiz2v", "content": "", "creation_timestamp": "2025-01-18T19:54:31.980138Z"}, {"uuid": "d6742098-b36a-4018-952d-a53061ee1d8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23013", "type": "seen", "source": "https://threatintel.cc/2025/01/18/yubico-issues-security-advisory-as.html", "content": "", "creation_timestamp": "2025-01-18T14:51:01.000000Z"}]}