{"vulnerability": "CVE-2025-4487", "sightings": [{"uuid": "bde9e342-3b40-4e5e-86b0-4a4b16acf035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44872", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44872\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\ud83d\udccf Published: 2025-05-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-02T14:39:25.635Z\n\ud83d\udd17 References:\n1. https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formsetUsbUnload", "creation_timestamp": "2025-05-02T15:17:08.000000Z"}, {"uuid": "cc33154f-6e36-4c0b-b12d-96c94420a6fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4487", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15847", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4487\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-09T20:00:07.399Z\n\ud83d\udccf Modified: 2025-05-09T20:00:07.399Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.308202\n2. https://vuldb.com/?ctiid.308202\n3. https://vuldb.com/?submit.566782\n4. https://github.com/wyl091256/CVE/issues/7\n5. https://itsourcecode.com/", "creation_timestamp": "2025-05-09T20:26:24.000000Z"}, {"uuid": "4839dc50-06f0-48e9-80ab-f084892004a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44879", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16416", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44879\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.\n\ud83d\udccf Published: 2025-05-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T21:05:22.559Z\n\ud83d\udd17 References:\n1. https://lafdrew.github.io/2025/03/17/Buffer%20Overflow%20in%20upload.cgi%20of%20WINSTAR_WN572HP3%20Device/", "creation_timestamp": "2025-05-14T21:32:22.000000Z"}, {"uuid": "fd563533-7c40-473e-bea2-c3e84f1c0365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44872", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo73xkzqzvk2", "content": "", "creation_timestamp": "2025-05-02T15:59:02.678683Z"}, {"uuid": "b2c2ad57-58a3-435a-a4cb-aee29b80c52e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44877", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo73xmo4pkt2", "content": "", "creation_timestamp": "2025-05-02T15:59:03.194571Z"}, {"uuid": "c2cf3752-6654-43a3-b52a-4a40a2651db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo7frfx6pw2o", "content": "", "creation_timestamp": "2025-05-02T18:01:01.353281Z"}, {"uuid": "f373b717-9553-4f86-86c7-4b9bde398c53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo7frgi57c2h", "content": "", "creation_timestamp": "2025-05-02T18:01:04.624233Z"}, {"uuid": "7c362c10-7c14-498b-9676-5b3aaf47c028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp63wi4q6c2e", "content": "", "creation_timestamp": "2025-05-14T22:57:29.881177Z"}, {"uuid": "d6714dd4-4ee5-4581-8cb8-6635688c04cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44877", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44877\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\ud83d\udccf Published: 2025-05-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T15:16:43.764Z\n\ud83d\udd17 References:\n1. https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formSetSambaConf", "creation_timestamp": "2025-05-06T15:21:26.000000Z"}, {"uuid": "f9d51e19-79c0-4bed-a5b1-96e2bc51f400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4487", "type": "seen", "source": "https://t.me/cvedetector/24984", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4487 - iSourcecode Gym Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4487 \nPublished : May 9, 2025, 8:15 p.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-10T00:34:27.000000Z"}, {"uuid": "9b6f2755-3432-416a-9b27-b2d5b89bb4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4487", "type": "published-proof-of-concept", "source": "Telegram/HfdZK7IaNw2IgiSWMbJAgdBOWQpganIA_skYVFqg6YQ3yyg", "content": "", "creation_timestamp": "2025-05-09T23:31:22.000000Z"}, {"uuid": "145e8cf2-4780-4362-8e58-f95c922da47b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4487", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lorbeynhoxd2", "content": "", "creation_timestamp": "2025-05-09T22:06:56.777134Z"}, {"uuid": "227daef4-60c2-4c1c-9918-9e59bdb199eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4487", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lori7co5gd2l", "content": "", "creation_timestamp": "2025-05-09T22:32:33.365242Z"}]}