{"vulnerability": "CVE-2025-2559", "sightings": [{"uuid": "08dacb99-0efe-4375-ad97-84e06fb4273d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25599", "type": "seen", "source": "https://bsky.app/profile/r1cksec.bsky.social/post/3lkzztd36zs2f", "content": "", "creation_timestamp": "2025-03-23T10:28:26.041135Z"}, {"uuid": "7444c0b4-5f09-4e63-9e70-686efd11cd29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25595", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7924", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25595\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T16:38:58.712Z\n\ud83d\udd17 References:\n1. https://pastebin.com/t8FthPaF\n2. https://play.google.com/store/apps/details?id=com.iitb.cse.arkenstone.safe_v2", "creation_timestamp": "2025-03-18T16:51:12.000000Z"}, {"uuid": "20c99976-ced4-4967-9065-72364129963d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2559", "type": "seen", "source": "https://t.me/cvedetector/21071", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2559 - Keycloak JWT Token Cache Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2559 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:07:57.000000Z"}, {"uuid": "d4eede61-a610-4857-a160-034336ed6b66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25598", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkc5tfsjrf26", "content": "", "creation_timestamp": "2025-03-13T22:36:09.919285Z"}, {"uuid": "4e86b37b-8f13-4723-aea0-2972cb703b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25598", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25598\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.\n\ud83d\udccf Published: 2025-03-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T13:51:54.520Z\n\ud83d\udd17 References:\n1. https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598", "creation_timestamp": "2025-03-19T14:16:47.000000Z"}, {"uuid": "4c9ab4fb-1742-4928-af0c-7344a9267e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2559", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8636", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2559\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.\n\ud83d\udccf Published: 2025-03-25T08:20:57.666Z\n\ud83d\udccf Modified: 2025-03-25T08:20:57.666Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2025-2559\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2353868", "creation_timestamp": "2025-03-25T09:24:25.000000Z"}, {"uuid": "657610fc-0424-475d-a38d-a7bd963826c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25598", "type": "seen", "source": "https://t.me/cvedetector/20254", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25598 - Inova Logic CUSTOMER MONITOR (CM) Escalation of Privilege Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25598 \nPublished : March 13, 2025, 6:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T21:28:45.000000Z"}, {"uuid": "5be0cdcc-c90a-4c2a-bc2c-a6a49fc7a57c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25595", "type": "seen", "source": "https://t.me/cvedetector/20591", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25595 - Safe App Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25595 \nPublished : March 18, 2025, 5:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T20:15:02.000000Z"}, {"uuid": "3b1df66a-f7b0-4866-8efa-42d8cce4cc7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2559", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll747qfgz62w", "content": "", "creation_timestamp": "2025-03-25T10:54:32.765231Z"}, {"uuid": "520c2f14-b317-402c-aa6f-682604a11321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25590", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobieajod2x", "content": "", "creation_timestamp": "2025-03-18T18:13:38.550178Z"}, {"uuid": "e4643da1-d456-40d4-8daf-cee3de7ed2d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25595", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoihybkfq26", "content": "", "creation_timestamp": "2025-03-18T20:18:34.082154Z"}, {"uuid": "f194fdec-af68-4f91-8856-624901c14145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2559", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"}]}