{"vulnerability": "CVE-2025-4123", "sightings": [{"uuid": "9f3375ac-5fd9-46d5-b968-80fe8226f8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "exploited", "source": "Telegram/JrGiYLvgmbKHeZ7SpSms2y8MPrl7fd8mtsvHAIg532fJduM", "content": "", "creation_timestamp": "2025-06-17T15:00:06.000000Z"}, {"uuid": "cb8a60ef-734b-4839-9c6a-20fde430b409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/7134", "content": "\u0411\u043e\u043b\u0435\u0435 46\u00a0000 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Grafana \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c.\n\nCVE-2025-4123 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0439, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u043c \u0410\u043b\u044c\u0432\u0430\u0440\u043e \u0411\u0430\u043b\u0430\u0434\u043e\u0439\u00a0\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 Grafana Labs 21 \u043c\u0430\u044f.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u044d\u0442\u043e, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 OX Security, \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c The Grafana Ghost, \u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u0442\u0438 \u0432\u0441\u0435\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Grafana \u043d\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438.\n\n\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0435\u0440\u0441\u0438\u0438, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438, \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 128 864 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0432 \u0441\u0435\u0442\u0438, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 46 506 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b, \u0447\u0442\u043e \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 36% \u043e\u0442 \u043e\u0431\u0449\u0435\u0433\u043e \u0447\u0438\u0441\u043b\u0430.\n\n\u0413\u043b\u0443\u0431\u043e\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2025-4123, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0439 OX Security, \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u044d\u0442\u0430\u043f\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0441\u043e\u0447\u0435\u0442\u0430\u044f \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0441 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430\u043c\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e URL-\u0430\u0434\u0440\u0435\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0443\u0442 \u043a \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Grafana \u0441 \u0441\u0430\u0439\u0442\u0430, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0434\u0430\u0436\u0435 \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0441\u0435\u0430\u043d\u0441\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438, \u0432 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043f\u043b\u0430\u0433\u0438\u043d Grafana Image Renderer, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c SSRF \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 (CSP) \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 Grafana \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443, \u043e\u043d\u0430 \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0438\u0437-\u0437\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0432 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 OX Security \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-4123 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043b\u043e\u0433\u0438\u043a\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 JavaScript, \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0432 Grafana.\n\n\u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u043b\u044f \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0437\u043c\u0435\u043d\u044f\u044e\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u0437\u0430\u0434\u0430\u0447\u0443 \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f.\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2025-4123 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0440\u044f\u0434 \u0443\u0441\u043b\u043e\u0432\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0441\u0435\u0430\u043d\u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0441\u0438\u043b\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a.\n\n\u0414\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0440\u0438\u0441\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Grafana \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01 \u0438 12.0.0+security-01.", "creation_timestamp": "2025-06-17T15:10:04.000000Z"}, {"uuid": "510b5517-f265-4e6f-8f0f-812616efb8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "Telegram/ZWYB-MeRhKZKfmPLDBJgZ0cXmgvzVrszWrTk9C7FD2U88jg", "content": "", "creation_timestamp": "2025-10-15T03:00:06.000000Z"}, {"uuid": "3b6e0c9b-de77-4317-b122-14bf7bc6e9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/40818", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aEscaner para encontrar vulnerabilidad CVE-2025-4123 grafana\nURL\uff1ahttps://github.com/DesDoTvl/CVE-2025-4123grafana\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-17T11:44:54.000000Z"}, {"uuid": "638d67c1-840b-484b-814e-a96069e67f7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41233", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41233\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the  Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of  6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank  Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.\n\ud83d\udccf Published: 2025-06-12T21:39:53.475Z\n\ud83d\udccf Modified: 2025-06-12T21:39:53.475Z\n\ud83d\udd17 References:\n1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707", "creation_timestamp": "2025-06-12T22:34:54.000000Z"}, {"uuid": "148e82ae-7d53-4787-a13a-e9d27b2496e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/51247", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aGrafana CVE-2025-4123-POC\nURL\uff1ahttps://github.com/ItsNee/Grafana-CVE-2025-4123-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-12T07:56:56.000000Z"}, {"uuid": "df123238-3ffc-4c05-8d65-d3f4b178dfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/51249", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aGrafana CVE-2025-4123-POC\nURL\uff1ahttps://github.com/ItsNee/Grafana-CVE-2025-4123-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-12T08:04:28.000000Z"}, {"uuid": "601f2f69-3fff-453c-9200-db9c2d7e10ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "Telegram/qoq8gL3XX5UbnTPnnKQ1Em6OVDYVUdjE8vvAbgQVpdGtopE", "content": "", "creation_timestamp": "2025-06-07T07:00:06.000000Z"}, {"uuid": "4754ff92-9a07-46b1-8d20-973adb53a57d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "Telegram/t2mOu0CqYZ5qLLxESiGoH_sUvRUlHAHlqkD_UKh-Uep6sL0", "content": "", "creation_timestamp": "2025-06-07T03:00:07.000000Z"}, {"uuid": "3b17d2c8-efd7-4d63-8cf6-8fc799f4607c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2622", "content": "Grafana CVE-2025-4123: XSS and Full-Read SSRF \n*\nScript to exploit", "creation_timestamp": "2025-05-23T17:57:14.000000Z"}, {"uuid": "87e368fb-62c5-4f98-8bb0-56eeb565216d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9902", "content": "Grafana CVE-2025\u20134123: Full Read SSRF & Account Takeover\n\nhttps://medium.com/@Nightbloodz/grafana-cve-2025-4123-full-read-ssrf-account-takeover-d12abd13cd53", "creation_timestamp": "2025-05-23T23:49:53.000000Z"}, {"uuid": "a86a7e32-c80c-49e7-bd9f-3c74f9a366a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lu3i5qterc2y", "content": "", "creation_timestamp": "2025-07-16T13:04:12.240222Z"}, {"uuid": "b3ae2ac8-718b-4c7e-86b5-0a42facfdc50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lu3i5qterc2y", "content": "", "creation_timestamp": "2025-07-16T13:04:12.710000Z"}, {"uuid": "56daa788-e014-4ee0-9c0f-1021c47a1dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lu3i5qterc2y", "content": "", "creation_timestamp": "2025-07-16T13:04:12.452544Z"}, {"uuid": "a5843a18-ae46-41fb-92b8-5d1a0f4588a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3lrumxoiqok25", "content": "", "creation_timestamp": "2025-06-18T08:51:18.630113Z"}, {"uuid": "fbb96266-cbea-4059-9622-f1fbfd48cfcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lpweidkfmm2s", "content": "", "creation_timestamp": "2025-05-24T14:34:27.635027Z"}, {"uuid": "bf45de77-86de-4d41-94ae-b43a74fd03f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lrqyj33chfh2", "content": "", "creation_timestamp": "2025-06-16T22:10:22.116120Z"}, {"uuid": "3c465c89-4b7c-4b0c-8975-d5e5c493feae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4123.yaml", "content": "", "creation_timestamp": "2025-05-22T09:58:31.000000Z"}, {"uuid": "9d398eaf-4881-4b6e-9c53-8ce9d17fdd8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/114698888048448893", "content": "", "creation_timestamp": "2025-06-17T13:15:40.023497Z"}, {"uuid": "f1fd2358-4831-4bb6-b7f8-e0a5f6cce566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/114862900062882436", "content": "", "creation_timestamp": "2025-07-16T12:26:03.755751Z"}, {"uuid": "66202d76-e827-4db8-86d8-818f4f3a67a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/114862900062882436", "content": "", "creation_timestamp": "2025-07-16T12:26:04.088773Z"}, {"uuid": "cd163728-49e8-4959-924c-bbabc88f8ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41233", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrhavg667x2e", "content": "", "creation_timestamp": "2025-06-13T01:10:38.270729Z"}, {"uuid": "d1f7f670-c3d8-4224-8c83-3f304d00e2c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/114862900062882436", "content": "", "creation_timestamp": "2025-07-16T12:26:03.870305Z"}, {"uuid": "76f5fc3b-8ba8-4441-8955-3ed0324c1a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrhb453dmo2p", "content": "", "creation_timestamp": "2025-06-13T01:14:23.567323Z"}, {"uuid": "b58e4d7d-42b0-46c0-a9a0-945295c65643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/114862900062882436", "content": "", "creation_timestamp": "2025-07-16T12:26:03.979611Z"}, {"uuid": "5bb4e209-ae76-4226-9a79-6af8af0c19ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41230", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpmdufed2cy2", "content": "", "creation_timestamp": "2025-05-20T14:59:04.636849Z"}, {"uuid": "22a49b5e-8099-4026-a9a5-4c51d56e65cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41233", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lqdo3x7xps25", "content": "", "creation_timestamp": "2025-05-29T21:31:05.859323Z"}, {"uuid": "fe05b22a-01a9-4d5f-900b-4eedfa85577f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41231", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpmdvjca7ot2", "content": "", "creation_timestamp": "2025-05-20T15:00:33.955230Z"}, {"uuid": "49d993c3-1e85-4a39-9260-65a4b686e179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggc7nc2p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.238171Z"}, {"uuid": "03a8dd61-92fe-491c-906a-bb82457b0d93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggcgi22p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.870446Z"}, {"uuid": "3922ed94-92a7-4084-844c-5786b5126b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggcgi22p", "content": "", "creation_timestamp": "2025-07-16T12:51:11.222207Z"}, {"uuid": "eaf228dd-8690-47fb-a9f2-ced2f62d71e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggcgi22p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.997412Z"}, {"uuid": "3d027235-1cfd-437e-bbc6-6cdb8b9da0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggcgi22p", "content": "", "creation_timestamp": "2025-07-16T12:51:11.109724Z"}, {"uuid": "abb28344-d3be-4837-854b-e06fd812ef6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41235", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqen6etkaet2", "content": "", "creation_timestamp": "2025-05-30T06:50:31.594646Z"}, {"uuid": "96385d8b-ebf1-40a1-9113-16e05e93a01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lrpqpazepu2k", "content": "", "creation_timestamp": "2025-06-16T10:14:49.294353Z"}, {"uuid": "2b5a2fe3-d444-40fc-bce8-2b4374c5229e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/josanneves.bsky.social/post/3lqf6ovbkv22d", "content": "", "creation_timestamp": "2025-05-30T12:00:42.197993Z"}, {"uuid": "ecf8e9b5-a8d3-4843-ab5c-9360794ca1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/buzzleaktv.bsky.social/post/3lrpwgxddow2q", "content": "", "creation_timestamp": "2025-06-16T11:57:34.120879Z"}, {"uuid": "035bbee2-eefe-4d0b-b525-988602552a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9783ab82-d1e1063b030463eb", "content": "", "creation_timestamp": "2025-07-18T12:54:58.584360Z"}, {"uuid": "bf3fa30a-8fae-477e-b8d2-056ce02761a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9783ab82-d1e1063b030463eb", "content": "", "creation_timestamp": "2025-07-18T12:54:58.742791Z"}, {"uuid": "902acc4d-733a-4d3d-becf-446824ab1845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9783ab82-d1e1063b030463eb", "content": "", "creation_timestamp": "2025-07-18T12:54:58.866477Z"}, {"uuid": "b96004c0-f0f4-4100-95a6-5b574e3eee41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9783ab82-d1e1063b030463eb", "content": "", "creation_timestamp": "2025-07-18T12:54:58.982154Z"}, {"uuid": "132a8bf5-3851-424f-954f-d10d965d76fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lucmg7dtxp2v", "content": "", "creation_timestamp": "2025-07-19T09:09:09.589970Z"}, {"uuid": "84fc4cf8-1747-4902-90f3-7c68ee58b528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3luns5hnjlc2e", "content": "", "creation_timestamp": "2025-07-23T19:50:58.466341Z"}, {"uuid": "ab797730-c85b-4b10-92ee-0ff531d27643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-12)", "content": "", "creation_timestamp": "2025-09-12T00:00:00.000000Z"}, {"uuid": "7ffed204-a193-4ef3-bb65-f175477d20d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lvbwqzjjrq2d", "content": "", "creation_timestamp": "2025-07-31T20:06:41.248396Z"}, {"uuid": "44b5898a-bdaf-40c4-a9d3-ff876b26f3f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lvbwqzjjrq2d", "content": "", "creation_timestamp": "2025-07-31T20:06:41.373500Z"}, {"uuid": "9ebb9230-b829-436e-9574-5b2cd8a4db28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lvbwqzjjrq2d", "content": "", "creation_timestamp": "2025-07-31T20:06:41.524324Z"}, {"uuid": "416195e1-5ab0-45a9-bdbe-f0534278b108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02", "content": "", "creation_timestamp": "2025-07-31T10:00:00.000000Z"}, {"uuid": "4437efc2-8e51-4a3b-a401-06c5e8be7d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02", "content": "", "creation_timestamp": "2025-07-31T10:00:00.000000Z"}, {"uuid": "82c0443b-4c67-4335-b655-4e0b6c3d046b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02", "content": "", "creation_timestamp": "2025-07-31T10:00:00.000000Z"}, {"uuid": "4fb57fe6-9300-4d9f-8148-4a68dc86983e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02", "content": "", "creation_timestamp": "2025-07-31T10:00:00.000000Z"}, {"uuid": "02509a29-8c72-4f24-ab08-c3ba9e75078b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "5a6574c5-032f-4025-b697-fbda8f7608ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lw6as72ooc2i", "content": "", "creation_timestamp": "2025-08-12T02:20:51.101392Z"}, {"uuid": "3c0ab54e-0053-4a61-ab4d-6596848458e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/39238", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-4123 - Grafana \nURL\uff1ahttps://github.com/ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-04T12:46:29.000000Z"}, {"uuid": "b73e5c81-bd28-4829-b070-30b968bf4f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "Telegram/A4yn46AbIJ9CbArto5ANZDcG6LZJk9YFat2ULRIgSWm0ya4", "content": "", "creation_timestamp": "2025-06-12T22:30:44.000000Z"}, {"uuid": "93fa8e95-574d-4c60-805c-21c40de0bc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/39517", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-4123\nURL\uff1ahttps://github.com/B1ack4sh/Blackash-CVE-2025-4123\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-06T20:28:53.000000Z"}, {"uuid": "51397560-fe8a-47b0-b942-b0198e9c17bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41231", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16970", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41231\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: VMware Cloud Foundation\u00a0contains a missing authorisation vulnerability.\u00a0A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.\n\ud83d\udccf Published: 2025-05-20T12:54:41.570Z\n\ud83d\udccf Modified: 2025-05-20T13:21:18.807Z\n\ud83d\udd17 References:\n1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733", "creation_timestamp": "2025-05-20T13:40:25.000000Z"}, {"uuid": "a0bee523-3afb-47cd-a26e-d6912af87079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41230", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41230\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: VMware Cloud Foundation\u00a0contains an information disclosure vulnerability.\u00a0A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.\n\ud83d\udccf Published: 2025-05-20T12:54:30.145Z\n\ud83d\udccf Modified: 2025-05-20T13:22:14.423Z\n\ud83d\udd17 References:\n1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733", "creation_timestamp": "2025-05-20T13:40:19.000000Z"}, {"uuid": "6ed0b50e-fa7b-417d-a2cc-f95eb30dc17f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/55499", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-4123 Grafana Open Redirect Exploit\nURL\uff1ahttps://github.com/MorphyKutay/CVE-2025-4123-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-14T22:11:27.000000Z"}, {"uuid": "f30606e3-afce-4e67-add4-65b1cb562db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/37926", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-4123\nURL\uff1ahttps://github.com/kk12-30/CVE-2025-4123\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-24T05:08:20.000000Z"}, {"uuid": "8d5677ed-09e6-4e3f-9df9-47ef5fb236ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/1238", "content": "\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0631\u0627\u0628\u0637 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0645\u0627\u0634\u06cc\u0646 \u0645\u062c\u0627\u0632\u06cc (VMCI) \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc VMware ESXi\u060c Workstation\u060c Fusion\u060c Cloud Foundation \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0646\u0648\u0634\u062a\u0646 \u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u062d\u062f\u0648\u062f\u0647 \u0627\u0633\u062a. \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.\n\nBDU:2025-08573\nCVE-2025-41237\n\n\u0646\u0635\u0628 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0645\u0639\u062a\u0628\u0631.  \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0628\u0647 \u062d\u062f\u0627\u0642\u0644 \u0631\u0633\u0627\u0646\u062f\u0646 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646\u06cc \u06a9\u0647 \u0628\u0647 \u0645\u0627\u0634\u06cc\u0646\u200c\u0647\u0627\u06cc \u0645\u062c\u0627\u0632\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0631\u0646\u062f\u061b\n\n\u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u0631\u0627\u0628\u0637 VMCI\u061b\n\n\u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0647 \u0645\u0627\u0634\u06cc\u0646\u200c\u0647\u0627\u06cc \u0645\u062c\u0627\u0632\u06cc\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0622\u0646\u062a\u06cc\u200c\u0648\u06cc\u0631\u0648\u0633 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u0644\u0627\u0634 \u0628\u0631\u0627\u06cc \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u061b\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0627\u06cc\u0632\u0648\u0644\u0647 \u0628\u0631\u0627\u06cc \u0628\u0647 \u062d\u062f\u0627\u0642\u0644 \u0631\u0633\u0627\u0646\u062f\u0646 \u0639\u0648\u0627\u0642\u0628 \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc.\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627:\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877\n\n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ICSCERT_IR\n\u06af\u0631\u0648\u0647 \u0627\u06cc\u062a\u0627:\nhttps://eitaa.com/joinchat/1866007784Cfd023f90b2", "creation_timestamp": "2025-07-17T17:28:28.000000Z"}, {"uuid": "00595c93-5c45-4b94-9724-19164bfc4cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "exploited", "source": "https://t.me/jj_8tl/555", "content": "\u26a1\ufe0fThe vulnerability details are now available: https://t.co/mNhER3N4fW\n\n\ud83d\udea8\ud83d\udea8CVE-2025-4123: Grafana XSS vuln exposed!  Hackers can exploit client path traversal & open redirect in custom plugins to redirect users to malicious sites, executing rogue JavaScript. Session hijacks or FULL account takeovers possible! \n\nZoomEye Dork\ud83d\udc49app=\"Grafana\"\nOver 744.5K instances found via ZoomEye.\nZoomEye Link: https://t.co/4XSWk6xlkI\n\nRefer:\n1. https://t.co/5hi6uhw4lg\n2. https://t.co/nRQr02J1LZ\n\n#ZoomEye #NetSecMapping #cybersecurity #CyberSpaceInsights2025\n\n\u2728 Shared via Awham AutoFeed \u2728\nChannel: @jj_8tl", "creation_timestamp": "2025-05-24T11:37:20.000000Z"}, {"uuid": "12a97c80-101f-42cc-a823-520ab80f4c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41232", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114547224324884582", "content": "", "creation_timestamp": "2025-05-21T18:25:34.329342Z"}, {"uuid": "ae47ed44-ae9d-4664-a83a-ec5f9f547cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lu3i5qterc2y", "content": "", "creation_timestamp": "2025-07-16T13:04:12.351252Z"}, {"uuid": "893e8f08-f4b6-4b94-a837-d04da95ae798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3lryn7nmopj2w", "content": "", "creation_timestamp": "2025-06-19T23:06:22.256427Z"}, {"uuid": "e6bd236a-e141-49b1-91f7-27b6a70df539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lpvzmvlmbg2t", "content": "", "creation_timestamp": "2025-05-24T11:20:09.068683Z"}, {"uuid": "9229b95a-b66a-45a2-8d36-6da0d326080d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lpqrg2ydr52j", "content": "", "creation_timestamp": "2025-05-22T09:09:51.368387Z"}, {"uuid": "31f4388e-c214-46e0-ab50-41a0f9e29388", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lrrgpimc5v2g", "content": "", "creation_timestamp": "2025-06-17T02:21:20.063234Z"}, {"uuid": "9adbf99b-719d-4890-b6a1-e2ac55c8e2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114551548163973305", "content": "", "creation_timestamp": "2025-05-22T12:45:10.748571Z"}, {"uuid": "f33f4f59-3b00-4aa9-8f41-3abe9a516b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrgcrqkre52f", "content": "", "creation_timestamp": "2025-06-12T16:11:42.765671Z"}, {"uuid": "f039cddf-5a5d-4842-b7a1-5fad3cd53465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lsz3rnltuc2m", "content": "", "creation_timestamp": "2025-07-02T20:52:11.715639Z"}, {"uuid": "8dfe5f8a-fa97-441d-8c1f-c00859ecd726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lrhet6aa4526", "content": "", "creation_timestamp": "2025-06-13T02:20:58.154414Z"}, {"uuid": "e7dbacdf-3073-4b61-a042-22a16c583330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41230", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114540488102560446", "content": "", "creation_timestamp": "2025-05-20T13:52:27.760049Z"}, {"uuid": "50d17f9a-839f-490d-b2c8-071cb2b82408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41231", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114540488102560446", "content": "", "creation_timestamp": "2025-05-20T13:52:27.855778Z"}, {"uuid": "408dccf3-e352-4c38-9efc-93ff8a025f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://infosec.exchange/users/defendopsdiaries/statuses/114687804014634727", "content": "", "creation_timestamp": "2025-06-15T14:16:50.636620Z"}, {"uuid": "9ef63397-ca67-4cad-a972-3f3acdc02b36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lrnnwebtw22z", "content": "", "creation_timestamp": "2025-06-15T14:19:47.151401Z"}, {"uuid": "4938e2b9-0a82-4bcd-b47b-184adcdd556e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lrnobkqiw526", "content": "", "creation_timestamp": "2025-06-15T14:26:04.463446Z"}, {"uuid": "a385c60a-f9a8-469e-8776-c7b3a1609cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/tugate.ch/post/3lrnpw5fbuu2v", "content": "", "creation_timestamp": "2025-06-15T14:55:27.911230Z"}, {"uuid": "7a819777-e43b-4c10-a49e-32dd6128e4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lrwhn24vjw2a", "content": "", "creation_timestamp": "2025-06-19T02:21:10.141169Z"}, {"uuid": "4a5ce246-d2cd-4748-94e7-73dfc1626bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggc7nc2p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.028172Z"}, {"uuid": "5884579d-1c2d-4ac3-92f4-7229887a4c53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggc7nc2p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.336780Z"}, {"uuid": "416e5a6a-8ab5-48dd-9e1c-2e5030fc5e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://bsky.app/profile/theunicornxxl.bsky.social/post/3lu3hggc7nc2p", "content": "", "creation_timestamp": "2025-07-16T12:51:10.134586Z"}, {"uuid": "61c04384-eb81-490b-b680-47e2e2ed81cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41235", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqenyme5m52r", "content": "", "creation_timestamp": "2025-05-30T07:01:53.270221Z"}, {"uuid": "d0bd9f3f-69c4-475d-ad18-e2c029455f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lraagndw5q2b", "content": "", "creation_timestamp": "2025-06-10T06:13:44.446152Z"}, {"uuid": "d0370e8b-0f71-429f-94e3-4e28b9ba4fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lpujoxlqfo2c", "content": "", "creation_timestamp": "2025-05-23T21:02:29.712102Z"}, {"uuid": "36b9d21d-3da6-42e9-b42c-6a5db66a2970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-41232", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114545810980701001", "content": "", "creation_timestamp": "2025-05-21T12:26:08.690230Z"}, {"uuid": "000a56a0-242e-435f-b31f-0cc40d8728f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41232", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpotlbcb4m2l", "content": "", "creation_timestamp": "2025-05-21T14:43:15.506435Z"}, {"uuid": "60c33de3-bd8f-42a0-99ec-ff305ee4aeb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-41235", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114596721493019158", "content": "", "creation_timestamp": "2025-05-30T12:13:20.918771Z"}, {"uuid": "9f532c60-c382-4f5c-b02b-1f1169f3a157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lu4a4mljqs2g", "content": "", "creation_timestamp": "2025-07-16T20:13:04.616701Z"}, {"uuid": "4d31ac79-c234-4c72-9348-f9584a83e1ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lu4a4mljqs2g", "content": "", "creation_timestamp": "2025-07-16T20:13:04.732556Z"}, {"uuid": "b6bec7ef-755c-4b3d-9bee-db5f1a96999d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-611/", "content": "", "creation_timestamp": "2025-07-17T03:00:00.000000Z"}, {"uuid": "446773e3-c17b-4af6-88f0-633952eaf1a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3luiub4wz3s2v", "content": "", "creation_timestamp": "2025-07-21T20:45:31.948023Z"}, {"uuid": "101900ff-9052-4a0c-bdef-699b195e66b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3luiub4wz3s2v", "content": "", "creation_timestamp": "2025-07-21T20:45:32.069527Z"}, {"uuid": "59ad2cca-170e-4963-8685-efcdc481d62f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114893939711384188", "content": "", "creation_timestamp": "2025-07-21T23:59:54.400657Z"}, {"uuid": "92494e32-98fe-4c5a-a3fe-057edcdad959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114893939711384188", "content": "", "creation_timestamp": "2025-07-21T23:59:54.532292Z"}, {"uuid": "948d9e76-afdb-47fa-b0b8-4979f3387a97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-30)", "content": "", "creation_timestamp": "2025-07-30T00:00:00.000000Z"}, {"uuid": "afde527c-5733-413e-95d1-f9f0f4204a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m2heqygfgr2o", "content": "", "creation_timestamp": "2025-10-05T15:06:29.431645Z"}, {"uuid": "f4cf3c1f-5f41-453a-9649-f4b45556af2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/u2k25.bsky.social/post/3lxap6lo6bk2d", "content": "", "creation_timestamp": "2025-08-25T19:08:49.840749Z"}, {"uuid": "68f03ffb-490e-4428-bd46-d4736a29f2b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1592", "content": "", "creation_timestamp": "2025-07-16T04:00:00.000000Z"}, {"uuid": "b972b83d-a253-472e-b8e9-e7f24175bbb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1592", "content": "", "creation_timestamp": "2025-07-16T04:00:00.000000Z"}, {"uuid": "fb0b958e-c38c-411d-9bf4-a2bc86493bb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1592", "content": "", "creation_timestamp": "2025-07-16T04:00:00.000000Z"}, {"uuid": "7c31bb44-7378-41b1-873b-1f60af7cc5df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/419fd7d2-3c77-4032-b717-747015a7b289", "content": "", "creation_timestamp": "2025-07-16T12:20:29.301586Z"}, {"uuid": "d35af8c3-3a81-40f0-b514-194d83c07d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/419fd7d2-3c77-4032-b717-747015a7b289", "content": "", "creation_timestamp": "2025-07-16T12:20:29.301586Z"}, {"uuid": "23f25c50-f83f-4587-8096-d21d6b063e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/419fd7d2-3c77-4032-b717-747015a7b289", "content": "", "creation_timestamp": "2025-07-16T12:20:29.301586Z"}, {"uuid": "ec570aff-9585-4077-a101-6008f42ecb8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/419fd7d2-3c77-4032-b717-747015a7b289", "content": "", "creation_timestamp": "2025-07-16T12:20:29.301586Z"}, {"uuid": "85a6e100-bfc7-45f6-a73e-fafcacb7faf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "080a90ed-7e0c-44cf-bffe-fdd4c72c8fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3miwohz2vok2n", "content": "", "creation_timestamp": "2026-04-07T21:03:16.424409Z"}, {"uuid": "b900ac20-97f5-4f75-9196-973627aa63ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/37741", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aScript to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF\nURL\uff1ahttps://github.com/NightBloodz/CVE-2025-4123\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-22T15:36:30.000000Z"}, {"uuid": "6c5d1c70-1331-4645-865a-b30014ce5887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18230", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-41234\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: Description\n\nIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a \u201cContent-Disposition\u201d header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\n\nSpecifically, an application is vulnerable when all the following are true:\n\n  *  The header is prepared with org.springframework.http.ContentDisposition.\n  *  The filename is set via ContentDisposition.Builder#filename(String, Charset).\n  *  The value for the filename is derived from user-supplied input.\n  *  The application does not sanitize the user-supplied input.\n  *  The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\n\n\nAn application is not vulnerable if any of the following is true:\n\n  *  The application does not set a \u201cContent-Disposition\u201d response header.\n  *  The header is not prepared with org.springframework.http.ContentDisposition.\n  *  The filename is set via one of:  *  ContentDisposition.Builder#filename(String), or\n  *  ContentDisposition.Builder#filename(String, ASCII)\n\n\n\n  *  The filename is not derived from user-supplied input.\n  *  The filename is derived from user-supplied input but sanitized by the application.\n  *  The attacker cannot inject malicious content in the downloaded content of the response.\n\n\nAffected Spring Products and VersionsSpring Framework:\n\n  *  6.2.0 - 6.2.7\n  *  6.1.0 - 6.1.20\n  *  6.0.5 - 6.0.28\n  *  Older, unsupported versions are not affected\n\n\nMitigationUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.\n\n\nCWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.\n\ud83d\udccf Published: 2025-06-12T21:14:42.957Z\n\ud83d\udccf Modified: 2025-06-12T21:14:42.957Z\n\ud83d\udd17 References:\n1. https://spring.io/security/cve-2025-41234\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-41234\n3. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1", "creation_timestamp": "2025-06-12T21:34:38.000000Z"}, {"uuid": "71d33129-1209-4dcd-b451-be7756dca52a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17258", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4123\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.\n\ud83d\udccf Published: 2025-05-22T07:44:09.491Z\n\ud83d\udccf Modified: 2025-05-22T07:44:09.491Z\n\ud83d\udd17 References:\n1. https://grafana.com/security/security-advisories/cve-2025-4123/", "creation_timestamp": "2025-05-22T08:43:09.000000Z"}, {"uuid": "64213325-04b5-4808-bbe3-5c39d144198a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "Telegram/LAhBt3rpcnQDQY7FXJyrJd3noKQxjl1V2vQxdg9PO3Q48dM", "content": "", "creation_timestamp": "2025-06-04T21:00:04.000000Z"}, {"uuid": "c2bfe377-0498-451c-9bea-c902c55526dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "Telegram/BKuPxIutc2nIOauSGwNo2RjHe9vumuUmJbIl9uBDskH8Whk", "content": "", "creation_timestamp": "2025-06-04T15:00:10.000000Z"}, {"uuid": "db86e41e-f9c4-4349-a8b0-aec992e9b63a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "published-proof-of-concept", "source": "https://t.me/bizone_channel/1899", "content": "\ud83e\udd65 BI.Z\u041eNE WAF \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Grafana\n\nCVE-2025-4123 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 API \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Grafana Image Renderer, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0437\u0430 \u0440\u0435\u043d\u0434\u0435\u0440 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 \u0438 \u0434\u0430\u0448\u0431\u043e\u0440\u0434\u043e\u0432 \u0432 PNG-\u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u0423\u0433\u0440\u043e\u0437\u0443 \u043e\u0446\u0435\u043d\u0438\u043b\u0438 \u0432 7,6 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0441\u0430\u0439\u0442 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JavaScript-\u043a\u043e\u0434.\u00a0\n\n\u041f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442\u00a0\u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u041f\u0440\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Grafana Image Renderer \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u0430\u0442\u0430\u043a\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.\u00a0\u00a0\n\n\u0412 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (PoC). \u042d\u0442\u043e \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0441\u043b\u0435\u0434\u0443\u044f \u0433\u043e\u0442\u043e\u0432\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438. \u041f\u043e\u043a\u0430 \u0447\u0442\u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b.\u00a0\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439\u00a010.4.18, 11.2.9, 11.3.6, 11.4.4, 11.5.4, 11.6.1, 12.0.0 \u0438 \u0432\u044b\u0448\u0435. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435.\n\nBI.ZONE WAF \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0441\u0435\u0445 \u0441\u0432\u043e\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043f\u0440\u0430\u0432\u0438\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0430\u0442\u0430\u043a \u0438 \u043d\u0435 \u043d\u0430\u0440\u0443\u0448\u0430\u044e\u0442 \u043b\u043e\u0433\u0438\u043a\u0443 \u0440\u0430\u0431\u043e\u0442\u044b \u041f\u041e.", "creation_timestamp": "2025-05-28T13:00:40.000000Z"}, {"uuid": "9b24af9d-a465-4f5b-92ea-2a247bd23882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lpw7qgrc6727", "content": "", "creation_timestamp": "2025-05-24T13:09:30.327284Z"}, {"uuid": "51eab91d-e5df-4d15-8caf-a622767d6d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/grafana.bsky.social/post/3lrqxey2v6k2g", "content": "", "creation_timestamp": "2025-06-16T21:47:01.931734Z"}, {"uuid": "bd619695-e989-434d-b24c-047e97c8b915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41235", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lqnnwzrilk2d", "content": "", "creation_timestamp": "2025-06-02T20:54:59.064784Z"}, {"uuid": "550f0565-a8a2-4fad-bb94-1be3f593c1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lpr6oifawb2a", "content": "", "creation_timestamp": "2025-05-22T13:07:13.165930Z"}, {"uuid": "9ebc4108-2703-4fb1-8214-3f7af0a1c4be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41232", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3lpr7jgohm62f", "content": "", "creation_timestamp": "2025-05-22T13:22:17.332303Z"}, {"uuid": "015ba8ac-cc0d-429c-9468-164923507a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41234", "type": "seen", "source": "https://bsky.app/profile/snicoll.be/post/3lrg2sogpfc2a", "content": "", "creation_timestamp": "2025-06-12T13:49:06.675632Z"}, {"uuid": "1115c2f3-f34e-4ebe-a669-87dbb19f1826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114858762801914674", "content": "", "creation_timestamp": "2025-07-15T18:53:54.338834Z"}, {"uuid": "a255d215-9219-4470-b58c-e09e3dd5eb7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41237", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114858762801914674", "content": "", "creation_timestamp": "2025-07-15T18:53:54.458026Z"}, {"uuid": "5ddbce11-f7d3-4083-92db-5ae9373deada", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41238", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114858762801914674", "content": "", "creation_timestamp": "2025-07-15T18:53:54.592976Z"}, {"uuid": "3e34c52d-55a3-4b61-97d3-66cbd3aa5830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41239", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114858762801914674", "content": "", "creation_timestamp": "2025-07-15T18:53:54.705198Z"}, {"uuid": "455f4c3a-73cd-4d7d-9cb2-6c02b0f0c4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4123", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqokgojjwst2", "content": "", "creation_timestamp": "2025-06-03T05:25:05.834923Z"}, {"uuid": "cd57c40e-1998-4958-9400-184a08397433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41232", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lps2aqjups2d", "content": "", "creation_timestamp": "2025-05-22T21:20:36.225345Z"}, {"uuid": "2c6cada0-f637-4a48-afd5-651fcd7b6b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4123", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3lt62aopasc25", "content": "", "creation_timestamp": "2025-07-04T20:08:05.727952Z"}, {"uuid": "e7afc9ca-679a-451c-a364-d5aa3741cb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lw4tgzljqc2t", "content": "", "creation_timestamp": "2025-08-11T12:49:23.355082Z"}, {"uuid": "3f06374d-ca38-4218-a0fe-7c808f000e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lw4th6icdk2t", "content": "", "creation_timestamp": "2025-08-11T12:49:24.389385Z"}, {"uuid": "2ef52b10-5599-4626-af27-0eda8c8cacbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lw4th6iec22t", "content": "", "creation_timestamp": "2025-08-11T12:49:25.389819Z"}, {"uuid": "1f22f51b-cff0-40a6-9bf3-6f9b80a96910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-41236", "type": "seen", "source": "https://infosec.exchange/users/shadowserver/statuses/115010220388295603", "content": "", "creation_timestamp": "2025-08-11T12:51:35.466011Z"}]}