{"vulnerability": "CVE-2025-2595", "sightings": [{"uuid": "444d5a76-cc05-4982-b980-d89bfc2ae057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25953", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "9669686b-9597-4e40-9a0c-6606e9cbfa04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25952", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "b6d496b6-5447-4696-904e-f25aeb9d8509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25951", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "96c20019-f44e-4240-a175-56844d09d19e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25950", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "4eea8b25-48e2-4d75-bef4-2c9b3509f8f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/115484518470557884", "content": "", "creation_timestamp": "2025-11-03T07:11:48.020210Z"}, {"uuid": "05cbfc46-85fd-4395-8484-7288aedc4f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3m4phqxsehr22", "content": "", "creation_timestamp": "2025-11-03T07:12:01.669365Z"}, {"uuid": "3e555a57-95bd-4870-813b-0dfdf815d554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "5a16aeaf-96b0-49b9-98fc-e1581014b9f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25958", "type": "seen", "source": "https://t.me/cvedetector/18618", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25958 - PhpCMS Cross-Site Scripting (XSS) Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-25958 \nPublished : Feb. 20, 2025, 10:15 p.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T00:57:13.000000Z"}, {"uuid": "8fdc75c2-1a24-42f5-a72d-71ad221f776c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25957", "type": "seen", "source": "https://t.me/cvedetector/18605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25957 - Xunruicms Cross Site Scripting Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-25957 \nPublished : Feb. 20, 2025, 11:15 p.m. | 27\u00a0minutes ago \nDescription : Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T00:53:51.000000Z"}, {"uuid": "cc21f485-3185-4a03-b2f5-ec42681f075f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25951", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25951\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.\n\ud83d\udccf Published: 2025-03-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-03T01:00:40.878Z\n\ud83d\udd17 References:\n1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638", "creation_timestamp": "2025-03-03T01:29:08.000000Z"}, {"uuid": "4648d72c-449a-4312-af06-859e01f4365d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25950", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25950\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.\n\ud83d\udccf Published: 2025-03-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-03T01:00:40.252Z\n\ud83d\udd17 References:\n1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637", "creation_timestamp": "2025-03-03T01:29:09.000000Z"}, {"uuid": "0546ffff-9ab0-4a89-b020-f992281baff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25952", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25952\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.\n\ud83d\udccf Published: 2025-03-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-03T01:00:41.563Z\n\ud83d\udd17 References:\n1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639", "creation_timestamp": "2025-03-03T01:29:04.000000Z"}, {"uuid": "db07212b-ca92-41a8-8851-f146c60a4233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://t.me/cvedetector/23579", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2595 - CODESYS Visualization Forced Browsing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2595 \nPublished : April 23, 2025, 8:15 a.m. | 1\u00a0hour, 57\u00a0minutes ago \nDescription : An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T12:48:30.000000Z"}, {"uuid": "9c595c44-baed-4f8c-9c4c-4eafb4bdd663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnhuhjc5y32b", "content": "", "creation_timestamp": "2025-04-23T09:20:01.362244Z"}, {"uuid": "ff736537-3c49-4298-88c3-6714520dfda1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114387332269516059", "content": "", "creation_timestamp": "2025-04-23T12:42:55.120944Z"}, {"uuid": "9ee57439-9d28-4674-bef8-84824f67a91e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25958", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4820", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25958\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.\n\ud83d\udccf Published: 2025-02-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-20T22:13:13.403Z\n\ud83d\udd17 References:\n1. https://github.com/Abel-Lan/phpcms/issues/1", "creation_timestamp": "2025-02-20T22:17:42.000000Z"}, {"uuid": "1e7c2bd0-5234-4900-9506-b59bed338260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25958", "type": "seen", "source": "Telegram/fbZISBg_fCVr2rdM-WXYJrFHm4AAKPu_VE25sJkFa79i-lSa", "content": "", "creation_timestamp": "2025-02-20T23:38:15.000000Z"}, {"uuid": "7ba6375a-8540-4584-ae04-3520e306a629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13016", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2595\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.\n\ud83d\udccf Published: 2025-04-23T07:54:00.430Z\n\ud83d\udccf Modified: 2025-04-23T07:54:00.430Z\n\ud83d\udd17 References:\n1. https://certvde.com/en/advisories/VDE-2025-027", "creation_timestamp": "2025-04-23T08:05:47.000000Z"}, {"uuid": "45d58f7c-abf8-4007-a65b-308215a8c368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25953", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25953\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.\n\ud83d\udccf Published: 2025-03-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T15:54:32.495Z\n\ud83d\udd17 References:\n1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640\n2. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25953", "creation_timestamp": "2025-04-23T16:04:35.000000Z"}, {"uuid": "6db1bfcc-168a-45bd-9ac4-95f719f852d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25953", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6122", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25953\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.\n\ud83d\udccf Published: 2025-03-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-03T01:00:42.276Z\n\ud83d\udd17 References:\n1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640", "creation_timestamp": "2025-03-03T01:29:04.000000Z"}, {"uuid": "d2aae652-ede1-4f28-afbf-d4d072897208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3loibmmcds4n2", "content": "", "creation_timestamp": "2025-05-06T06:41:39.251843Z"}, {"uuid": "d4118046-07c3-4b9b-96a1-0abff744a8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-2595", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-163", "content": "", "creation_timestamp": "2026-02-24T19:30:01.000000Z"}, {"uuid": "34c54e7e-1a27-494b-9c3c-b008caee6ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25953", "type": "seen", "source": "https://t.me/cvedetector/19284", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25953 - Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR Azure JWT Access Token Exposure Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25953 \nPublished : March 3, 2025, 1:15 a.m. | 28\u00a0minutes ago \nDescription : Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T02:58:46.000000Z"}, {"uuid": "06b94b58-0df2-448b-951e-aad3900c4826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25952", "type": "seen", "source": "https://t.me/cvedetector/19283", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25952 - Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR IDOR\", \n  \"Content\": \"CVE ID : CVE-2025-25952 \nPublished : March 3, 2025, 1:15 a.m. | 28\u00a0minutes ago \nDescription : An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T02:58:45.000000Z"}, {"uuid": "884e9c4d-ea37-432f-a9bc-42eddd2c1796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25951", "type": "seen", "source": "https://t.me/cvedetector/19282", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25951 - Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25951 \nPublished : March 3, 2025, 1:15 a.m. | 28\u00a0minutes ago \nDescription : An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T02:58:45.000000Z"}, {"uuid": "106df1c3-977a-43f6-b3cd-743fda76658e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25950", "type": "seen", "source": "https://t.me/cvedetector/19281", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25950 - Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR Unauthorized Account Creation and Modification\", \n  \"Content\": \"CVE ID : CVE-2025-25950 \nPublished : March 3, 2025, 1:15 a.m. | 28\u00a0minutes ago \nDescription : Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T02:58:44.000000Z"}, {"uuid": "fb94dc48-8cf9-47d6-9366-0ef41ab9161b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25958", "type": "seen", "source": "Telegram/Z0jXy0aQi8AYgznAigOqAotpTsu7_KEGMe2Z6-_UBJVhDzph", "content": "", "creation_timestamp": "2025-02-21T22:10:25.000000Z"}, {"uuid": "44419bc0-67fc-4d36-a095-f0478b5e8fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25957", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4839", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25957\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.\n\ud83d\udccf Published: 2025-02-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-20T22:15:32.324Z\n\ud83d\udd17 References:\n1. https://github.com/dayrui/xunruicms/issues/5", "creation_timestamp": "2025-02-20T23:17:18.000000Z"}, {"uuid": "b01276bf-11b9-4c35-ab26-4735711d34ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25953", "type": "seen", "source": "Telegram/gTZw5fNRQYS08h-ZajmKXcYXak9Qxzesz224FdiejmQtgUhN", "content": "", "creation_timestamp": "2025-03-06T02:16:33.000000Z"}, {"uuid": "81e4ca82-bf47-411c-b3b2-1eb599d46471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25950", "type": "seen", "source": "Telegram/LnjyeAvwJZTh3Jc9tc_YXlfWG8Jfh8HLDR5AhqYK-Ww9g5pT", "content": "", "creation_timestamp": "2025-03-06T02:16:33.000000Z"}, {"uuid": "be435544-9038-4e75-880d-1884ff36791b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25958", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3linm6ljga523", "content": "", "creation_timestamp": "2025-02-21T01:01:50.914541Z"}]}