{"vulnerability": "CVE-2025-3247", "sightings": [{"uuid": "f2022ad4-e6b5-47bc-96ed-9af62c000210", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32475", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-382/", "content": "", "creation_timestamp": "2025-06-16T03:00:00.000000Z"}, {"uuid": "efb8575a-5c05-42b1-8882-d0b85f2b9469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3247", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmvyq73c3a2z", "content": "", "creation_timestamp": "2025-04-16T06:48:32.013843Z"}, {"uuid": "00d532fd-11d1-4f90-b322-3e7e76bc6673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32475", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-01", "content": "", "creation_timestamp": "2025-04-22T10:00:00.000000Z"}, {"uuid": "31e4aebd-5c57-479a-88d8-82cd978664a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32470", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114415685322306568", "content": "", "creation_timestamp": "2025-04-28T12:53:28.362974Z"}, {"uuid": "5465bbd2-91dd-4271-9dbe-43e3271df481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32472", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnuvd7fr672d", "content": "", "creation_timestamp": "2025-04-28T13:40:07.159515Z"}, {"uuid": "1fd97f3e-d999-4622-b345-58a2f197d866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3247", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:41.000000Z"}, {"uuid": "5cc60e8f-6f78-43c7-90a4-f9d82a8c11f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32471", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13668", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32471\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks.\n\ud83d\udccf Published: 2025-04-28T09:11:20.143Z\n\ud83d\udccf Modified: 2025-04-28T09:11:20.143Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json", "creation_timestamp": "2025-04-28T10:10:49.000000Z"}, {"uuid": "440b58a5-dc2b-47d6-bc62-b9c26e764af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3247", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11990", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3247\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.\n\ud83d\udccf Published: 2025-04-16T05:23:00.706Z\n\ud83d\udccf Modified: 2025-04-16T05:23:00.706Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/38257dbf-288e-4028-af65-85f5389888ac?source=cve\n2. https://plugins.trac.wordpress.org/browser/contact-form-7/tags/6.0.5/modules/stripe/stripe.php#L114\n3. https://plugins.trac.wordpress.org/changeset/3270138/", "creation_timestamp": "2025-04-16T05:56:01.000000Z"}, {"uuid": "eccb5dc0-a82d-4ee6-b87c-952624e0e0d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32470", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13670", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32470\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.\n\ud83d\udccf Published: 2025-04-28T09:07:02.830Z\n\ud83d\udccf Modified: 2025-04-28T09:07:02.830Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json", "creation_timestamp": "2025-04-28T10:10:54.000000Z"}, {"uuid": "d63e0c07-4428-45df-b779-7f493efdc16b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32472", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13678", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32472\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.\n\ud83d\udccf Published: 2025-04-28T12:04:55.012Z\n\ud83d\udccf Modified: 2025-04-28T12:04:55.012Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0006.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0006.json", "creation_timestamp": "2025-04-28T13:10:28.000000Z"}, {"uuid": "620174e9-432b-44a2-a4bf-a2fe02e21960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32472", "type": "seen", "source": "https://t.me/cvedetector/23913", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32472 - HPE MultiScan and picoScan Slowloris Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32472 \nPublished : April 28, 2025, 1:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T17:24:31.000000Z"}, {"uuid": "ce69614e-8724-45d5-9cb6-1bf10205d559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32471", "type": "seen", "source": "https://t.me/cvedetector/23898", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32471 - Cisco ASA Unsalted Password Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32471 \nPublished : April 28, 2025, 9:15 a.m. | 1\u00a0hour, 57\u00a0minutes ago \nDescription : The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T13:13:32.000000Z"}, {"uuid": "8cff4669-3b31-4a49-a7c7-885d94ff9b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32470", "type": "seen", "source": "https://t.me/cvedetector/23903", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32470 - Apache HTTP Server DNS Spoofing\", \n  \"Content\": \"CVE ID : CVE-2025-32470 \nPublished : April 28, 2025, 9:15 a.m. | 1\u00a0hour, 57\u00a0minutes ago \nDescription : A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T13:13:39.000000Z"}, {"uuid": "3ac5bd4c-91a9-49f4-9c42-6482f156e35b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnuhxipumn2j", "content": "", "creation_timestamp": "2025-04-28T09:40:56.189090Z"}, {"uuid": "59771f69-d858-43d1-bc7e-b4a587a32ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32470", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnuhxje7we2b", "content": "", "creation_timestamp": "2025-04-28T09:40:59.656910Z"}, {"uuid": "109d20d4-d544-4a00-81b6-68a951062957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3247", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:57.000000Z"}, {"uuid": "d2eb88e3-60d4-4ce6-9e70-047b63e80812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3247", "type": "seen", "source": "https://t.me/cvedetector/23052", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3247 - Stripe PaymentIntent Replay Vulnerability in Contact Form 7 for WordPress\", \n  \"Content\": \"CVE ID : CVE-2025-3247 \nPublished : April 16, 2025, 6:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T10:10:32.000000Z"}]}