{"vulnerability": "CVE-2025-2838", "sightings": [{"uuid": "37b86dae-0136-47f1-9969-52e61b0a4a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28384", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriw6a2svp2m", "content": "", "creation_timestamp": "2025-06-13T17:04:02.103654Z"}, {"uuid": "c54bf8cb-4c6c-47a4-aa00-a5c708093d12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28382", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriwb7srzh2p", "content": "", "creation_timestamp": "2025-06-13T17:05:42.645879Z"}, {"uuid": "7aada63a-5c64-4639-b4e7-f6d0e3aac477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28388", "type": "published-proof-of-concept", "source": "Telegram/LbSE4ui0deWaIbAIy_SI6HyoY8sH4t9aZhKhv-gkpgMW3iE", "content": "", "creation_timestamp": "2025-06-13T17:05:18.000000Z"}, {"uuid": "faccaf36-da9f-4eb1-85e8-dddad40510e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28389", "type": "published-proof-of-concept", "source": "Telegram/LbSE4ui0deWaIbAIy_SI6HyoY8sH4t9aZhKhv-gkpgMW3iE", "content": "", "creation_timestamp": "2025-06-13T17:05:18.000000Z"}, {"uuid": "1488fd93-9202-45a6-b3b9-5ec0b03b7662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriwef4v3q2p", "content": "", "creation_timestamp": "2025-06-13T17:07:28.999279Z"}, {"uuid": "05260c86-7b04-4bef-a086-484444f70bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28389", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriwldlxyy2q", "content": "", "creation_timestamp": "2025-06-13T17:11:22.043555Z"}, {"uuid": "bf8cc6bd-1ea0-4111-947d-b5d91fa75879", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28388", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriwtcwluj2r", "content": "", "creation_timestamp": "2025-06-13T17:15:49.913889Z"}, {"uuid": "f4b1fc52-e5e4-49f5-9486-0ac14ac7a43e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2838", "type": "seen", "source": "https://t.me/cvedetector/21236", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2838 - Silicon Labs Gecko OS DNS Response Processing Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2838 \nPublished : March 26, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T23:55:54.000000Z"}, {"uuid": "7cccd298-3739-455b-8aa6-da13e760fad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28381", "type": "seen", "source": "Telegram/fav2yV5eU_8IA8p_MU5ddf2_7IAHNNrL2JfxvAVjQoEMqyo", "content": "", "creation_timestamp": "2025-06-13T17:05:26.000000Z"}, {"uuid": "3c730292-ebde-486b-899c-e2467a0f2e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2838", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8977", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2838\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392.\n\ud83d\udccf Published: 2025-03-26T21:16:33.186Z\n\ud83d\udccf Modified: 2025-03-26T21:16:33.186Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-872/\n2. https://community.silabs.com/a45Vm0000000Atp", "creation_timestamp": "2025-03-26T21:25:39.000000Z"}, {"uuid": "a4cadfa3-9328-4fce-bd01-baea7adca4f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28381", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28381\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T16:07:40.511Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T16:37:14.000000Z"}, {"uuid": "82986041-9859-4c4f-9d40-4dcd5768e80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28380", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:26.793591Z"}, {"uuid": "d195ed09-fba0-413b-ac7d-ee89f9199be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28384", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:27.072505Z"}, {"uuid": "18142445-0fcf-4340-87db-f3f8e959425b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28389", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:27.339245Z"}, {"uuid": "e66ce756-b34b-40a0-857c-f5578e0d5119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28381", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:26.896133Z"}, {"uuid": "53af5e52-bae6-4b88-a19c-2b77336a02ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28386", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:27.165643Z"}, {"uuid": "29d10f11-4ab7-4c05-aa26-957b0549aa94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28382", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:26.996408Z"}, {"uuid": "91ce05ea-fca2-4ee5-9423-d454fd7eea4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28388", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:27.263757Z"}, {"uuid": "15f4838e-425b-4153-8667-5e0c385938fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28388", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28388\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T15:50:41.594Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T16:37:18.000000Z"}, {"uuid": "fef26152-ad8b-4715-9462-928cc955b185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28389", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28389\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T15:46:51.750Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T16:37:22.000000Z"}, {"uuid": "7975adbb-f2ad-44e7-bf9e-be2b0959a5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28380", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28380\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T13:19:21.994Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T13:33:40.000000Z"}]}