{"vulnerability": "CVE-2025-29775", "sightings": [{"uuid": "d342b1eb-4786-4254-92e6-f075ef5f208c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7619", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29775\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.\n\ud83d\udccf Published: 2025-03-14T17:11:05.590Z\n\ud83d\udccf Modified: 2025-03-14T17:11:05.590Z\n\ud83d\udd17 References:\n1. https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3\n2. https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed\n3. https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98\n4. https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07\n5. https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6\n6. https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1\n7. https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1", "creation_timestamp": "2025-03-14T17:49:09.000000Z"}, {"uuid": "e7608fcf-3731-4c68-9418-06c0ab171183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://t.me/cvedetector/20329", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29775 - Apache xml-crypto Signature Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29775 \nPublished : March 14, 2025, 6:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T20:53:37.000000Z"}, {"uuid": "d13d28f3-246c-4c97-b6c4-6cb1260d42a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://t.me/anti_malware/20073", "content": "\ud83d\udea8 XML-\u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u043e\u0434 \u0430\u0442\u0430\u043a\u043e\u0439! \u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c \u0441\u0440\u043e\u0447\u043d\u043e!\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 xml-crypto \u0437\u0430\u043b\u0430\u0442\u0430\u043b\u0438 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2025-29774 \u0438 CVE-2025-29775, \ud83d\udd25 9,3 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e CVSS), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0442\u0432\u043e\u0440\u0438\u0442\u044c \u0431\u0435\u0441\u043f\u0440\u0435\u0434\u0435\u043b \u0441 XML-\u043f\u043e\u0434\u043f\u0438\u0441\u044f\u043c\u0438:\n\n\ud83d\udd39 \u041f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u2b06\ufe0f\n\ud83d\udd39 \u041f\u0440\u0438\u0442\u0432\u043e\u0440\u044f\u0442\u044c\u0441\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u044e\u0437\u0435\u0440\u0430\u043c\u0438 \ud83c\udfad", "creation_timestamp": "2025-03-19T14:31:08.000000Z"}, {"uuid": "7bef6196-dea9-4663-b181-4d4c33e8c234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3lkodkdhuag2g", "content": "", "creation_timestamp": "2025-03-18T18:50:25.131187Z"}, {"uuid": "972e09a3-f7f9-4774-9b25-194fb658be9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3ll3umjqfp22d", "content": "", "creation_timestamp": "2025-03-24T04:00:31.188650Z"}, {"uuid": "37e49740-7582-4d47-9abe-8b37907ea48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkq2tmw23k2a", "content": "", "creation_timestamp": "2025-03-19T11:19:54.290643Z"}, {"uuid": "092e9d09-f7df-4a16-9256-2a01bde78c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/twypsy.bsky.social/post/3lo5bnrsvdk22", "content": "", "creation_timestamp": "2025-05-01T21:42:04.987518Z"}, {"uuid": "28eb823d-4d52-48b6-aa29-9375f17e5206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "published-proof-of-concept", "source": "Telegram/y2l5Yx5uKW94E7t6fGqmFzUShRXCrJYUPIKinN2hvDkbmL0", "content": "", "creation_timestamp": "2025-04-30T21:00:05.000000Z"}, {"uuid": "70ff61bc-7e87-4548-8400-a01f0d6499f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "published-proof-of-concept", "source": "Telegram/pRPgTuKpNgH7y7yHOR5VIq4CCObEljNgHBGQunGS6T0fn0Q", "content": "", "creation_timestamp": "2025-03-14T19:00:48.000000Z"}, {"uuid": "8e0ce668-cbc8-4841-b8e2-3323bc5ce74c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkeb4tgd6a2a", "content": "", "creation_timestamp": "2025-03-14T18:40:26.529937Z"}, {"uuid": "3d33559a-a89d-4374-be97-9843937ec25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114162071842369847", "content": "", "creation_timestamp": "2025-03-14T17:56:13.758903Z"}, {"uuid": "c9f01913-58f5-4a8e-a7db-f3e43e51346a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"}, {"uuid": "7183df32-6050-4f33-80cb-f3f50f90e33a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/34691", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPOCs for CVE-2025-29775\nURL\uff1ahttps://github.com/twypsy/cve-2025-29775\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-30T00:37:18.000000Z"}, {"uuid": "6354c65d-ba28-495f-9ffb-b7271b4b82d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29775", "type": "seen", "source": "https://bsky.app/profile/u2k25.bsky.social/post/3loefrmmfm22k", "content": "", "creation_timestamp": "2025-05-04T17:44:25.898053Z"}]}