{"vulnerability": "CVE-2025-4575", "sightings": [{"uuid": "7fb6973d-fb9a-43bf-89c3-ad821cdb26e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3lq23pw4ikx2s", "content": "", "creation_timestamp": "2025-05-26T02:08:17.973657Z"}, {"uuid": "1081f277-304e-4e6c-be9d-0487097d4fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45751", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3logrd7qxib2h", "content": "", "creation_timestamp": "2025-05-05T16:16:27.037741Z"}, {"uuid": "ea6652e4-f7f2-4235-9b69-0a959d8f5b42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://hachyderm.io/users/ChrisShort/statuses/114559121240052584", "content": "", "creation_timestamp": "2025-05-23T20:51:06.891273Z"}, {"uuid": "b4dbfd47-86af-4f55-84d7-181a9f8ad92a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17265", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4575\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy & paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.\n\ud83d\udccf Published: 2025-05-22T13:36:49.694Z\n\ud83d\udccf Modified: 2025-05-22T13:36:49.694Z\n\ud83d\udd17 References:\n1. https://openssl-library.org/news/secadv/20250522.txt\n2. https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa", "creation_timestamp": "2025-05-22T13:43:14.000000Z"}, {"uuid": "d30e6c83-cdb9-400d-8b2a-b61efaea6866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45753", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45753\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.\n\ud83d\udccf Published: 2025-05-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-22T13:26:12.175Z\n\ud83d\udd17 References:\n1. https://www.simonjuguna.com/cve-2025-45753-authenticated-remote-code-execution-vulnerability-in-vtiger-open-source-edition-v8-3-0/", "creation_timestamp": "2025-05-22T13:45:43.000000Z"}, {"uuid": "fb6bc6b8-3712-4d88-b0d6-82130026c94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45754", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17163", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45754\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.\n\ud83d\udccf Published: 2025-05-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-21T17:05:30.902Z\n\ud83d\udd17 References:\n1. https://www.simonjuguna.com/cve-2025-45754-stored-cross-site-scripting-xss-vulnerability-in-seeddms-v6-0-32/", "creation_timestamp": "2025-05-21T17:43:18.000000Z"}, {"uuid": "4b3cf6e3-a332-4667-98bd-558ac40fb6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45755", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17174", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45755\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.\n\ud83d\udccf Published: 2025-05-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-21T19:37:54.373Z\n\ud83d\udd17 References:\n1. https://www.vtiger.com/open-source-crm/\n2. https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/", "creation_timestamp": "2025-05-21T19:42:43.000000Z"}, {"uuid": "c93c26b5-5789-4ae7-94a5-cd309bce32da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/114552192062947993", "content": "", "creation_timestamp": "2025-05-22T15:28:56.051047Z"}, {"uuid": "c4da0028-93fd-42cc-bd2f-29589efe6757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45751", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14876", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45751\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T13:41:29.826Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html\n2. https://github.com/sw8y/vulnerability_research/blob/main/CVE-2025-45751/CVE-2025-45751.md", "creation_timestamp": "2025-05-05T14:20:50.000000Z"}, {"uuid": "24b243a5-ebb8-4a09-8f8b-0b5e083f639e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45751", "type": "seen", "source": "https://t.me/cvedetector/24455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45751 - SourceCodester Web Based Pharmacy Product Management System Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-45751 \nPublished : May 5, 2025, 2:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T17:33:02.000000Z"}, {"uuid": "8c70cb2c-6e63-44f3-a577-d8cf7a85c30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://bsky.app/profile/news0.bsky.social/post/3lqfwpfs3sl2v", "content": "", "creation_timestamp": "2025-05-30T19:10:28.166374Z"}, {"uuid": "7b1c173a-9be1-4749-88a0-0b75e96a06ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114551940998291137", "content": "", "creation_timestamp": "2025-05-22T14:25:05.024318Z"}, {"uuid": "6c6ebc1d-7279-486b-a2ef-26753637ec34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3lprglydpwqo2", "content": "", "creation_timestamp": "2025-05-22T15:29:07.080034Z"}, {"uuid": "35304f14-622a-42c1-af34-e0593ac53b37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ltkznkudss2h", "content": "", "creation_timestamp": "2025-07-10T00:02:02.737267Z"}, {"uuid": "eae5936a-7341-47b0-9951-fc8eaaba190c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "6c3f1fdf-374a-423f-82d5-6cedc6777ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4575", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq42u4tijs23", "content": "", "creation_timestamp": "2025-05-26T20:58:04.232351Z"}, {"uuid": "82151427-ef97-47fe-abaa-28ed0a495ea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45752", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpplbf2og42l", "content": "", "creation_timestamp": "2025-05-21T21:47:11.854817Z"}, {"uuid": "b2b7f183-498d-4a15-957d-e353f193f0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45755", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppmiplbqn24", "content": "", "creation_timestamp": "2025-05-21T22:09:11.634748Z"}, {"uuid": "feeb0282-6906-406f-92b8-a9c16f5a2d12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45753", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppxs475wf2q", "content": "", "creation_timestamp": "2025-05-22T01:31:18.067872Z"}]}