{"vulnerability": "CVE-2025-2550", "sightings": [{"uuid": "fbdf8ea7-2349-4e84-aab4-9b8bda957fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25507", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:04.000000Z"}, {"uuid": "b84efd12-eb24-40b8-9b1b-9198ee168819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25505", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:04.000000Z"}, {"uuid": "b2a5a38c-e31c-4c9f-a38a-03a27c4e6119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25507", "type": "seen", "source": "https://t.me/cvedetector/18672", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25507 - Tenda AC6 Remote Command Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25507 \nPublished : Feb. 21, 2025, 5:15 p.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T19:46:43.000000Z"}, {"uuid": "65524dfe-6406-4c79-b911-1b09682041b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2550", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8241", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2550\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2025-03-20T16:31:08.092Z\n\ud83d\udccf Modified: 2025-03-20T16:31:08.092Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300164\n2. https://vuldb.com/?ctiid.300164\n3. https://vuldb.com/?submit.516792\n4. https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDDNS-1b053a41781f80659702da9a589e4f4a?pvs=4\n5. https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4\n6. https://www.dlink.com/", "creation_timestamp": "2025-03-20T17:18:49.000000Z"}, {"uuid": "453be29d-0192-4eb6-896e-54aa119dc08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2550", "type": "seen", "source": "https://t.me/cvedetector/20752", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2550 - D-Link DDNS Service Local Network Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2550 \nPublished : March 20, 2025, 5:15 p.m. | 55\u00a0minutes ago \nDescription : A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T19:54:35.000000Z"}, {"uuid": "be6f5820-b455-4854-aee7-84629a0e8103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25507", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4925", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25507\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T17:01:37.016Z\n\ud83d\udd17 References:\n1. https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_formexecommand_cmdinput_rce/detail.md", "creation_timestamp": "2025-02-21T17:18:21.000000Z"}, {"uuid": "078d136d-2132-4fef-badb-82eec34607f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25506", "type": "seen", "source": "https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review", "content": "", "creation_timestamp": "2025-08-12T16:01:32.000000Z"}, {"uuid": "b02bbb63-8ec2-402d-a0f2-38b5bb34ed00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25507", "type": "seen", "source": "https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review", "content": "", "creation_timestamp": "2025-08-12T16:01:32.000000Z"}, {"uuid": "4a4aff5c-1792-4c0f-865c-52a9ebced3f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25505", "type": "seen", "source": "https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review", "content": "", "creation_timestamp": "2025-08-12T16:01:32.000000Z"}, {"uuid": "076320c4-6ce5-4d0a-b47f-6f9507efa45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25505", "type": "seen", "source": "https://t.me/cvedetector/18675", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25505 - Tenda AC6 Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25505 \nPublished : Feb. 21, 2025, 5:15 p.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T19:46:48.000000Z"}, {"uuid": "31b4ea29-08a0-48d9-a85e-e6a186876c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4922", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25505\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T17:04:32.958Z\n\ud83d\udd17 References:\n1. https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_getRootStatus_callback_overflow/detail.md", "creation_timestamp": "2025-02-21T17:18:16.000000Z"}, {"uuid": "dfbc92a4-8379-49c7-a4b3-f29d963ddc16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25500", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25500\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T16:21:14.200Z\n\ud83d\udd17 References:\n1. https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500", "creation_timestamp": "2025-03-21T17:19:28.000000Z"}, {"uuid": "8d914645-6e88-4163-a881-c427ae1070fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2550", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lktlxblteq2l", "content": "", "creation_timestamp": "2025-03-20T21:04:13.581004Z"}]}