{"vulnerability": "CVE-2025-3849", "sightings": [{"uuid": "56316882-7c7b-4084-97e9-7e732a985f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lyoou2lhaa2a", "content": "", "creation_timestamp": "2025-09-13T02:05:24.641425Z"}, {"uuid": "29f1d387-3cb3-487f-80ef-29cc621e7a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lz3bgdgl452l", "content": "", "creation_timestamp": "2025-09-18T02:09:42.064775Z"}, {"uuid": "0708d669-d655-4b33-8dbf-931d22448c12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lw5emybxzk2p", "content": "", "creation_timestamp": "2025-08-11T17:56:51.119053Z"}, {"uuid": "94eeefe7-caf7-448c-9d0a-b7297a441e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38498", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lzyipwshok2d", "content": "", "creation_timestamp": "2025-09-29T17:07:36.641316Z"}, {"uuid": "505c3edc-ac49-4c07-a072-f266f33bc225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/andreyknvl.bsky.social/post/3lyl3etf2q22o", "content": "", "creation_timestamp": "2025-09-11T15:39:02.454528Z"}, {"uuid": "7ee1f59b-ee40-4320-b8cf-7d4281b875e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/andreyknvl.bsky.social/post/3lyl3eycpnk2o", "content": "", "creation_timestamp": "2025-09-11T15:39:03.557901Z"}, {"uuid": "a4af6d30-060c-4e75-86db-5e9db495e82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/andreyknvl.bsky.social/post/3lyl3f37s622o", "content": "", "creation_timestamp": "2025-09-11T15:39:04.719250Z"}, {"uuid": "646dbe17-762f-4fa7-93b9-ac07e5b54c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lym6kvfkq32d", "content": "", "creation_timestamp": "2025-09-12T02:08:38.160660Z"}, {"uuid": "376e19be-b666-4a74-8df9-14a904128f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "published-proof-of-concept", "source": "Telegram/eMW_wScd-Iod74MRD69D4LgSHW-sjWGfOP6p5XXSEFVVQnk", "content": "", "creation_timestamp": "2025-09-28T12:05:38.000000Z"}, {"uuid": "20e2a0e6-b493-47f5-89be-3e1fbe4585de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "published-proof-of-concept", "source": "Telegram/eMW_wScd-Iod74MRD69D4LgSHW-sjWGfOP6p5XXSEFVVQnk", "content": "", "creation_timestamp": "2025-09-28T12:05:38.000000Z"}, {"uuid": "8992ad5f-b93a-454c-ac5c-33e938fd5603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5724", "content": "USB HID info-leak exploit for CVE-2025-38494/CVE-2025-38495\n\nExploit by Andrey Konovalov for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB.\n\nThe bug is still not fixed in the Pixel and Ubuntu kernels.", "creation_timestamp": "2025-09-23T15:36:38.000000Z"}, {"uuid": "08b9d572-e5b8-4f98-af42-38f051aa9916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5724", "content": "USB HID info-leak exploit for CVE-2025-38494/CVE-2025-38495\n\nExploit by Andrey Konovalov for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB.\n\nThe bug is still not fixed in the Pixel and Ubuntu kernels.", "creation_timestamp": "2025-09-23T15:36:38.000000Z"}, {"uuid": "55e5eef1-5765-4051-84b5-9e6a5a22a727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lyyqwr3zzx2m", "content": "", "creation_timestamp": "2025-09-17T02:09:20.315989Z"}, {"uuid": "1ed360fd-81ad-4444-b19b-ae694f7f2b40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lytqefamyb2l", "content": "", "creation_timestamp": "2025-09-15T02:15:45.163596Z"}, {"uuid": "58d17c3e-874a-4d37-aea6-47c1ddfb0204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwoh5wd43k2k", "content": "", "creation_timestamp": "2025-08-18T12:57:24.811346Z"}, {"uuid": "066a2a90-0e8e-4cb4-847c-0e86e85563d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwoh5wd43k2k", "content": "", "creation_timestamp": "2025-08-18T12:57:24.950368Z"}, {"uuid": "83f7cb21-c186-4102-be7d-5c55f52d9d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwom472ww22k", "content": "", "creation_timestamp": "2025-08-18T14:25:55.619651Z"}, {"uuid": "7c355fcd-6590-437a-acc6-e776497c1bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwom472ww22k", "content": "", "creation_timestamp": "2025-08-18T14:25:55.760700Z"}, {"uuid": "0a63a867-a0e0-4cbe-acb6-d50f865de13a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwosfyue622k", "content": "", "creation_timestamp": "2025-08-18T16:18:48.132725Z"}, {"uuid": "64d69f45-20ce-4f59-99f0-0cfe9003abcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwowhozcxc2k", "content": "", "creation_timestamp": "2025-08-18T17:31:19.951479Z"}, {"uuid": "351fc41a-c5e4-4150-b7a2-cd32375673ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwoxes6pkk2k", "content": "", "creation_timestamp": "2025-08-18T17:47:35.842655Z"}, {"uuid": "060534be-406c-4763-a17a-b354d39afa69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwz32rop7225", "content": "", "creation_timestamp": "2025-08-22T18:20:13.519712Z"}, {"uuid": "5647fb43-d41c-4964-a160-8cddb0b3e390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwz32rop7225", "content": "", "creation_timestamp": "2025-08-22T18:20:13.644766Z"}, {"uuid": "8c3dc147-78a0-4fa5-b14b-dbfc7ec41406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lx5xkv2d3k2c", "content": "", "creation_timestamp": "2025-08-24T17:00:56.156466Z"}, {"uuid": "eadf4435-2a0b-471c-832f-ed28cb2ce619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lx5xkv2d3k2c", "content": "", "creation_timestamp": "2025-08-24T17:00:56.265658Z"}, {"uuid": "93291455-42a0-4a92-a70d-e07df1d2f7aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38499", "type": "seen", "source": "https://gist.github.com/Darkcrai86/30562019a7a0ba086126a72e7607d61c", "content": "", "creation_timestamp": "2025-12-22T11:56:56.000000Z"}, {"uuid": "882f3767-d6bb-4af6-a2d8-c4c42b831979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38499", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "0024ed88-3076-4425-8a14-72054a8d4c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38497", "type": "published-proof-of-concept", "source": "Telegram/jTPGnUxmSAW8wR6NkmrR5v_wJMt1Uxj8oeIPEEpjbGGi38E", "content": "", "creation_timestamp": "2026-01-07T17:07:11.000000Z"}, {"uuid": "64f658d0-5b43-4305-9388-f35222560532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3849", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12771", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3849\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-21T23:31:04.814Z\n\ud83d\udccf Modified: 2025-04-21T23:31:04.814Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305776\n2. https://vuldb.com/?ctiid.305776\n3. https://vuldb.com/?submit.556283\n4. https://github.com/YXJ2018/SpringBoot-Vue-OnlineExam/issues/74", "creation_timestamp": "2025-04-22T00:03:15.000000Z"}, {"uuid": "e7a84496-1815-4d91-bead-388aeae26f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lneoz32tcb2u", "content": "", "creation_timestamp": "2025-04-22T03:04:27.951995Z"}, {"uuid": "0ae5ee7f-34a6-4a62-b30f-227f845fb888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lv645gtc6t2z", "content": "", "creation_timestamp": "2025-07-30T07:32:27.438875Z"}, {"uuid": "1ccbb31c-9c45-4d78-b44a-4681a80b3116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38497", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lv6rryown22e", "content": "", "creation_timestamp": "2025-07-30T13:59:49.396912Z"}, {"uuid": "4ff8c6bc-0ea7-4303-b869-29b7ea143a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lyr7t7havb2l", "content": "", "creation_timestamp": "2025-09-14T02:14:29.467341Z"}, {"uuid": "9f341117-0c79-4de9-9c39-27fc1346b875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwr2gm37ms2h", "content": "", "creation_timestamp": "2025-08-19T13:47:36.857452Z"}, {"uuid": "a296ba00-6898-4a9e-ba78-90fc723baf21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwrsxd3odk2h", "content": "", "creation_timestamp": "2025-08-19T21:06:27.924542Z"}, {"uuid": "0bab3406-5dcc-4371-822f-32e6533d95c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38495", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwrsxd3odk2h", "content": "", "creation_timestamp": "2025-08-19T21:06:28.020877Z"}, {"uuid": "79a32f0a-4deb-4283-8480-4467777afff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38494", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lywaikvzii2a", "content": "", "creation_timestamp": "2025-09-16T02:09:44.715567Z"}, {"uuid": "a55b3d2e-22fe-426b-b60d-bf30b16697c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38498", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-06", "content": "", "creation_timestamp": "2026-02-12T11:00:00.000000Z"}, {"uuid": "2f70f5ed-70eb-4bf2-af74-d5a60e7eb386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38491", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "fe419d05-f473-4772-9584-9d592c67277e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3849", "type": "seen", "source": "https://t.me/cvedetector/23477", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3849 - YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3849 \nPublished : April 22, 2025, 12:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T04:11:23.000000Z"}]}