{"vulnerability": "CVE-2025-4356", "sightings": [{"uuid": "3a77f6b2-0683-498f-b321-e2b97e3512b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4356", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4356\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-06T13:00:09.716Z\n\ud83d\udccf Modified: 2025-05-06T13:00:09.716Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.307474\n2. https://vuldb.com/?ctiid.307474\n3. https://vuldb.com/?submit.564722\n4. https://github.com/Ghostsuzhijian/Iot-/blob/main/dap1520_mod_graph_auth_uri_handler/dap1520_mod_graph_auth_uri_handler.md\n5. https://www.tenda.com.cn/", "creation_timestamp": "2025-05-06T13:21:00.000000Z"}, {"uuid": "c4bdd96b-07cc-4ba0-b9ad-052a57159540", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4356", "type": "exploited", "source": "https://t.me/cvedetector/24616", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4356 - Tenda DAP-1520 Stack-Based Buffer Overflow in Authentication Handler\", \n  \"Content\": \"CVE ID : CVE-2025-4356 \nPublished : May 6, 2025, 2:15 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T18:39:52.000000Z"}, {"uuid": "b437fe57-5429-48a2-8e5f-27806d6369e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4356", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj4ifuvpm2p", "content": "", "creation_timestamp": "2025-05-06T14:41:31.580091Z"}, {"uuid": "2b8cb73e-947d-4ba4-a652-70e90f9233ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43569", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp3e3pmd7ki2", "content": "", "creation_timestamp": "2025-05-13T21:02:14.613525Z"}, {"uuid": "e030c22a-264b-4cd6-b995-f44843f5d983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43567", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp3e3qty6ax2", "content": "", "creation_timestamp": "2025-05-13T21:02:15.766434Z"}, {"uuid": "bccb23e7-0e9e-4b86-bdc7-bbd79c4b6e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43563", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pehkwoq2o", "content": "", "creation_timestamp": "2025-05-14T00:07:15.771505Z"}, {"uuid": "4f121c33-b080-4858-97d4-328d516f8a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43567", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pehoasm2l", "content": "", "creation_timestamp": "2025-05-14T00:07:16.354733Z"}, {"uuid": "fc1de65a-9819-446c-948c-d68c98c7f90c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43565", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pehrsfy2o", "content": "", "creation_timestamp": "2025-05-14T00:07:17.026102Z"}, {"uuid": "9b125651-04e7-4a68-b32d-6205cc96de47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43568", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3peicvix24", "content": "", "creation_timestamp": "2025-05-14T00:07:20.114950Z"}, {"uuid": "c99f379a-3319-4dfe-99b5-dc2a0fb5c2aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43564", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3peigcqg2n", "content": "", "creation_timestamp": "2025-05-14T00:07:20.704591Z"}, {"uuid": "7985f9cf-cc85-4208-a36c-38b75c089fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43562", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3peijzsi2o", "content": "", "creation_timestamp": "2025-05-14T00:07:21.318593Z"}, {"uuid": "04eb9ef2-8014-4bf9-abc0-7534411ac5b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43566", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3peing372e", "content": "", "creation_timestamp": "2025-05-14T00:07:21.936691Z"}, {"uuid": "2cf655e9-4359-4538-9cc9-40c462e19fa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43560", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pejcf6g2n", "content": "", "creation_timestamp": "2025-05-14T00:07:25.743922Z"}, {"uuid": "ddffa4de-5717-4fcc-a7ae-40626cb57cce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pejfykh24", "content": "", "creation_timestamp": "2025-05-14T00:07:26.398051Z"}, {"uuid": "3b0a5900-894e-4244-ab7f-e0db122c78e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43569", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp3pejjcur2j", "content": "", "creation_timestamp": "2025-05-14T00:07:27.048929Z"}, {"uuid": "ed35ba35-9b20-4503-b7bf-ac61ced6aba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43564", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16445", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43564\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.\n\ud83d\udccf Published: 2025-05-13T20:49:28.118Z\n\ud83d\udccf Modified: 2025-05-15T04:01:48.859Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-15T04:32:40.000000Z"}, {"uuid": "a345575b-74c4-4a00-a340-e0295da75d1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43569", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43569\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-05-13T20:19:59.224Z\n\ud83d\udccf Modified: 2025-05-13T20:19:59.224Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/substance3d_stager/apsb25-46.html", "creation_timestamp": "2025-05-13T20:30:55.000000Z"}, {"uuid": "2417f937-2bad-4005-8aa7-493f05e2d7a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16444", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43562\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\n\ud83d\udccf Published: 2025-05-13T20:49:29.876Z\n\ud83d\udccf Modified: 2025-05-15T04:01:50.509Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-15T04:32:39.000000Z"}, {"uuid": "43ff4489-9a41-44fe-b685-a0191c30f744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43560", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16446", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43560\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\n\ud83d\udccf Published: 2025-05-13T20:49:27.360Z\n\ud83d\udccf Modified: 2025-05-15T04:01:47.430Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-15T04:32:41.000000Z"}, {"uuid": "77fc43d6-e54a-4157-823a-89122edcf130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43568", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16222", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43568\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-05-13T20:19:55.893Z\n\ud83d\udccf Modified: 2025-05-13T20:19:55.893Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/substance3d_stager/apsb25-46.html", "creation_timestamp": "2025-05-13T20:30:59.000000Z"}, {"uuid": "2ea5f69b-4044-45ec-9abd-f43178cb012c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43561", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43561\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\n\ud83d\udccf Published: 2025-05-13T20:49:25.787Z\n\ud83d\udccf Modified: 2025-05-14T18:48:58.175Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-14T19:33:16.000000Z"}, {"uuid": "7f32a766-d2d4-4d38-8f21-2f36488e876f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43567", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16379", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43567\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.\n\ud83d\udccf Published: 2025-05-13T20:32:22.317Z\n\ud83d\udccf Modified: 2025-05-14T19:11:04.358Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/connect/apsb25-36.html", "creation_timestamp": "2025-05-14T19:33:02.000000Z"}, {"uuid": "20d798ef-34bd-4098-a24d-e33673d4bd24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43565", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16448", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43565\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.\n\ud83d\udccf Published: 2025-05-13T20:49:31.403Z\n\ud83d\udccf Modified: 2025-05-15T04:01:41.254Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-15T04:32:43.000000Z"}, {"uuid": "81e510fa-eff6-4474-ae14-55c7505a2909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43563", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16447", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43563\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.\n\ud83d\udccf Published: 2025-05-13T20:49:26.593Z\n\ud83d\udccf Modified: 2025-05-15T04:01:45.890Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html", "creation_timestamp": "2025-05-15T04:32:42.000000Z"}]}