{"vulnerability": "CVE-2025-3235", "sightings": [{"uuid": "cd7d8808-8d7a-412c-9908-853fc5df2169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32352", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10595", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32352\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T05:14:40.030Z\n\ud83d\udd17 References:\n1. https://projectblack.io/blog/zendto-nday-vulnerabilities/", "creation_timestamp": "2025-04-05T05:37:46.000000Z"}, {"uuid": "f7db19c8-4c39-4b3c-8e10-d40e52be6ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32357", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10615", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32357\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T20:56:50.668Z\n\ud83d\udd17 References:\n1. https://zammad.com/en/advisories/zaa-2025-04", "creation_timestamp": "2025-04-05T21:37:55.000000Z"}, {"uuid": "41f4c1a3-a2f9-4d7f-b6d0-4548b93911ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32358", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10614", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32358\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T20:58:26.152Z\n\ud83d\udd17 References:\n1. https://zammad.com/en/advisories/zaa-2025-01", "creation_timestamp": "2025-04-05T21:37:54.000000Z"}, {"uuid": "86e90da5-b879-499d-8aca-78471bbdb2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32359", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10612", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32359\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T21:00:40.126Z\n\ud83d\udd17 References:\n1. https://zammad.com/en/advisories/zaa-2025-02", "creation_timestamp": "2025-04-05T21:37:52.000000Z"}, {"uuid": "fabcab48-d324-4883-98cc-7cee5b10ef7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32354", "type": "seen", "source": "https://t.me/cvedetector/24023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32354 - Zimbra Collaboration CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32354 \nPublished : April 29, 2025, 4:15 p.m. | 30\u00a0minutes ago \nDescription : In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T19:20:42.000000Z"}, {"uuid": "aac066e0-674e-494f-b1f2-5885bd1c7f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32359", "type": "seen", "source": "https://t.me/cvedetector/22198", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32359 - Zammad Two-Factor Authentication Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-32359 \nPublished : April 5, 2025, 9:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T01:46:44.000000Z"}, {"uuid": "d303ae36-cb78-49bd-8f20-cc2d1f5763ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32357", "type": "seen", "source": "https://t.me/cvedetector/22201", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32357 - Zammad Privilege Escalation Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-32357 \nPublished : April 5, 2025, 9:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T01:46:47.000000Z"}, {"uuid": "bf58a36b-df82-447d-8b7d-fbe554355f2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32358", "type": "seen", "source": "https://t.me/cvedetector/22197", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32358 - Zammad SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-32358 \nPublished : April 5, 2025, 9:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T01:46:44.000000Z"}, {"uuid": "939b72a7-20d1-48eb-a16b-e2e436bf7df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32352", "type": "seen", "source": "https://t.me/cvedetector/22184", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32352 - ZendTo PHP Authentication Type Confusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32352 \nPublished : April 5, 2025, 5:15 a.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T09:04:05.000000Z"}, {"uuid": "a05a2cd7-ac1b-42bb-9c20-ad20cf3fb762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3235", "type": "seen", "source": "https://t.me/cvedetector/22119", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3235 - PHPGurukul Old Age Home Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-3235 \nPublished : April 4, 2025, 10:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T14:40:29.000000Z"}, {"uuid": "d12269c9-8c70-41e6-a2b8-3a1ae26049cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-32355", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-32355.yaml", "content": "", "creation_timestamp": "2026-02-18T09:00:27.000000Z"}, {"uuid": "96ae01fc-7d58-4072-8066-3edd07e8ad19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3235", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10421", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3235\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-04T09:31:06.607Z\n\ud83d\udccf Modified: 2025-04-04T09:31:06.607Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303261\n2. https://vuldb.com/?ctiid.303261\n3. https://vuldb.com/?submit.546223\n4. https://github.com/Gxxianzhong123/CVE1/issues/1\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-04T09:35:53.000000Z"}, {"uuid": "a849ca5b-f08d-4f34-8556-62c1a8990470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32352", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114285284931965571", "content": "", "creation_timestamp": "2025-04-05T12:10:56.631976Z"}, {"uuid": "a18aeaa0-012e-4a2d-a085-f26b3bf59f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32352", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114285284931965571", "content": "", "creation_timestamp": "2025-04-05T12:10:56.638371Z"}, {"uuid": "dc350389-e9e4-49f0-82db-3465bd2c4299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32358", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4ayjffb72q", "content": "", "creation_timestamp": "2025-04-06T01:07:07.523553Z"}, {"uuid": "e3c8ce4c-75fc-4b91-9739-f75b47761a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32357", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4ayjowzv2b", "content": "", "creation_timestamp": "2025-04-06T01:07:08.686626Z"}, {"uuid": "fe569373-a08f-477f-9f61-d8f4c6433cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32359", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4aykf7sx2q", "content": "", "creation_timestamp": "2025-04-06T01:07:12.809446Z"}, {"uuid": "570f5f39-18e1-4882-a54f-256c1f811b66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-32355", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mfaikmi5dd2k", "content": "", "creation_timestamp": "2026-02-19T21:03:03.394906Z"}, {"uuid": "a0ffe131-aa48-4a48-a64a-a489e2e12d60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3235", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyichx2372z", "content": "", "creation_timestamp": "2025-04-04T13:07:20.862011Z"}, {"uuid": "e37aaa92-5e1e-48c4-b461-c0ea1e91f7b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-32355", "type": "seen", "source": "https://bsky.app/profile/rcesecurity.com/post/3meyvft2hvs2u", "content": "", "creation_timestamp": "2026-02-16T20:31:41.604648Z"}, {"uuid": "f6a7a70a-c1e2-42fb-8b3a-db27174b66db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-32355", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3mf22xf7fxn2f", "content": "", "creation_timestamp": "2026-02-17T07:43:38.569658Z"}, {"uuid": "a2eb941f-0c32-48f3-a6b3-9271f3b03c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-32355", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mimmlg7f2j2a", "content": "", "creation_timestamp": "2026-04-03T21:02:39.616785Z"}]}