{"vulnerability": "CVE-2025-3796", "sightings": [{"uuid": "17cf84a4-1ab2-4baa-99dc-188419c251a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3796", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12551", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3796\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-18T21:00:11.403Z\n\ud83d\udccf Modified: 2025-04-18T21:00:11.403Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305649\n2. https://vuldb.com/?ctiid.305649\n3. https://vuldb.com/?submit.554659\n4. https://github.com/yaklang/IRifyScanResult/blob/main/Men-Salon-Management-System/sql_inject_in_contact_us.md\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-18T21:59:29.000000Z"}, {"uuid": "d40a683e-d506-4e34-95c8-fb8c1edf2828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37961", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d2af43f2-ec11-4030-ada8-9fd7e0547bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3796", "type": "seen", "source": "https://t.me/cvedetector/23353", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3796 - PHPGurukul Men Salon Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3796 \nPublished : April 18, 2025, 9:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T00:56:36.000000Z"}, {"uuid": "fcf4eae3-bed2-4cad-8458-9774195d004c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3796", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln4ry6mh4nc2", "content": "", "creation_timestamp": "2025-04-18T23:36:25.190267Z"}, {"uuid": "4ea46255-167b-4f45-b224-771661b33f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3796", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln4vhsxem22b", "content": "", "creation_timestamp": "2025-04-19T00:38:47.279339Z"}, {"uuid": "ae28588e-f512-4383-a07e-5ffc8db6193e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37967", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "038f9ee1-1f7a-4d70-ad31-c99da02e1ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37963", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "a843ce99-1782-4e91-ad8f-9a63d7bb15a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37961", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8ffba2ed-fb0c-4a2f-933f-6e83815964e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37964", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17019", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37964\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Eliminate window where TLB flushes may be inadvertently skipped\n\ntl;dr: There is a window in the mm switching code where the new CR3 is\nset and the CPU should be getting TLB flushes for the new mm.  But\nshould_flush_tlb() has a bug and suppresses the flush.  Fix it by\nwidening the window where should_flush_tlb() sends an IPI.\n\nLong Version:\n\n=== History ===\n\nThere were a few things leading up to this.\n\nFirst, updating mm_cpumask() was observed to be too expensive, so it was\nmade lazier.  But being lazy caused too many unnecessary IPIs to CPUs\ndue to the now-lazy mm_cpumask().  So code was added to cull\nmm_cpumask() periodically[2].  But that culling was a bit too aggressive\nand skipped sending TLB flushes to CPUs that need them.  So here we are\nagain.\n\n=== Problem ===\n\nThe too-aggressive code in should_flush_tlb() strikes in this window:\n\n // Turn on IPIs for this CPU/mm combination, but only\n // if should_flush_tlb() agrees:\n cpumask_set_cpu(cpu, mm_cpumask(next));\n\n next_tlb_gen = atomic64_read(&next->context.tlb_gen);\n choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush);\n load_new_mm_cr3(need_flush);\n // ^ After 'need_flush' is set to false, IPIs *MUST*\n // be sent to this CPU and not be ignored.\n\n        this_cpu_write(cpu_tlbstate.loaded_mm, next);\n // ^ Not until this point does should_flush_tlb()\n // become true!\n\nshould_flush_tlb() will suppress TLB flushes between load_new_mm_cr3()\nand writing to 'loaded_mm', which is a window where they should not be\nsuppressed.  Whoops.\n\n=== Solution ===\n\nThankfully, the fuzzy \"just about to write CR3\" window is already marked\nwith loaded_mm==LOADED_MM_SWITCHING.  Simply checking for that state in\nshould_flush_tlb() is sufficient to ensure that the CPU is targeted with\nan IPI.\n\nThis will cause more TLB flush IPIs.  But the window is relatively small\nand I do not expect this to cause any kind of measurable performance\nimpact.\n\nUpdate the comment where LOADED_MM_SWITCHING is written since it grew\nyet another user.\n\nPeter Z also raised a concern that should_flush_tlb() might not observe\n'loaded_mm' and 'is_lazy' in the same order that switch_mm_irqs_off()\nwrites them.  Add a barrier to ensure that they are observed in the\norder they are written.\n\ud83d\udccf Published: 2025-05-20T16:01:56.013Z\n\ud83d\udccf Modified: 2025-05-20T16:01:56.013Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/12f703811af043d32b1c8a30001b2fa04d5cd0ac\n2. https://git.kernel.org/stable/c/02ad4ce144bd27f71f583f667fdf3b3ba0753477\n3. https://git.kernel.org/stable/c/d41072906abec8bb8e01ed16afefbaa558908c89\n4. https://git.kernel.org/stable/c/d87392094f96e162fa5fa5a8640d70cc0952806f\n5. https://git.kernel.org/stable/c/399ec9ca8fc4999e676ff89a90184ec40031cf59\n6. https://git.kernel.org/stable/c/fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a", "creation_timestamp": "2025-05-20T16:41:12.000000Z"}]}