{"vulnerability": "CVE-2025-3979", "sightings": [{"uuid": "41585cd6-6b46-41ad-bbcc-a7d0f83b6ca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3979", "type": "seen", "source": "https://t.me/cvedetector/23850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3979 - Dazhouda Lcms CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3979 \nPublished : April 27, 2025, 6:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T21:20:11.000000Z"}, {"uuid": "f1274558-c338-48a6-b73e-a82262ab3238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39798", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lynwxyvh2j2x", "content": "", "creation_timestamp": "2025-09-12T18:58:08.720971Z"}, {"uuid": "66dd8128-9b24-40d9-9707-b043d604c689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39797", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lynxmekqia2c", "content": "", "creation_timestamp": "2025-09-12T19:09:30.580763Z"}, {"uuid": "0eca4598-116b-4f73-868b-cfc07b591869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39799", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lynxvczkk32u", "content": "", "creation_timestamp": "2025-09-12T19:14:30.698166Z"}, {"uuid": "3d1e9a22-beb1-4a7f-9a9a-3d3ca4cd95e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39796", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyny6bhiu22i", "content": "", "creation_timestamp": "2025-09-12T19:19:31.135905Z"}, {"uuid": "7293c4cb-76d7-498f-8f60-1c40661d983e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39797", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "385245d0-ce31-4879-81c1-b1f776f9421f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39795", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "dcd7da27-5eac-4dd0-8e89-ce14f8965012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3979", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13629", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3979\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-27T17:31:04.107Z\n\ud83d\udccf Modified: 2025-04-27T17:31:04.107Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306315\n2. https://vuldb.com/?ctiid.306315\n3. https://vuldb.com/?submit.557787\n4. https://github.com/dtwin88/cve-md/blob/main/lecms%20V3.0.3/lecms_3.md", "creation_timestamp": "2025-04-27T18:10:40.000000Z"}, {"uuid": "c8ba0d43-c234-4ee6-bb8f-e105722a7c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3979", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnt7ow7rpe2g", "content": "", "creation_timestamp": "2025-04-27T21:40:18.296059Z"}, {"uuid": "3f1b2095-b228-4dd7-93d3-bf742a88f850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39797", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}