{"vulnerability": "CVE-2025-4919", "sightings": [{"uuid": "ca3058a7-6de8-4434-9c55-7760df296c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49194", "type": "seen", "source": "Telegram/-Z8bW5r_UdY0_zzyRbqIQGPhh1Zbav73XDtGPdgJl4r2-D8", "content": "", "creation_timestamp": "2025-06-12T15:34:25.000000Z"}, {"uuid": "296b0aec-a100-4e2d-b282-85adab7ee097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "Telegram/4Vx4R6xo_u6qXHv3AbtTLRrpL9hIHAaokGjUtgj9B731Cf0", "content": "", "creation_timestamp": "2026-04-13T17:55:39.000000Z"}, {"uuid": "db536919-a151-45b1-b1f3-046ed845f8f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16774", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4919\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox &lt; 138.0.4, Firefox ESR &lt; 128.10.1, and Firefox ESR &lt; 115.23.1.\n\ud83d\udccf Published: 2025-05-17T21:07:27.734Z\n\ud83d\udccf Modified: 2025-05-18T19:21:12.900Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1966614\n2. https://www.mozilla.org/security/advisories/mfsa2025-36/\n3. https://www.mozilla.org/security/advisories/mfsa2025-37/\n4. https://www.mozilla.org/security/advisories/mfsa2025-38/", "creation_timestamp": "2025-05-18T19:37:57.000000Z"}, {"uuid": "683d27a9-e2ac-4d14-96a5-ab0a6e812b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49192", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18173", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49192\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.\n\ud83d\udccf Published: 2025-06-12T14:12:11.750Z\n\ud83d\udccf Modified: 2025-06-12T14:12:11.750Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T14:33:29.000000Z"}, {"uuid": "cf0440cd-3501-431a-bf0d-c2031c0817ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49196", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18264", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49196\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.\n\ud83d\udccf Published: 2025-06-12T14:20:53.321Z\n\ud83d\udccf Modified: 2025-06-13T06:17:26.069Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T06:36:20.000000Z"}, {"uuid": "e3b1c2ce-0a26-4422-8873-cf55588c2bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49198", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18263", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49198\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.\n\ud83d\udccf Published: 2025-06-12T14:24:55.991Z\n\ud83d\udccf Modified: 2025-06-13T06:18:49.644Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T06:36:19.000000Z"}, {"uuid": "0a6e74c8-cd06-420b-9013-1999c326f286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49197", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18659", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49197\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.\n\ud83d\udccf Published: 2025-06-12T14:23:04.373Z\n\ud83d\udccf Modified: 2025-06-17T19:03:20.901Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-17T19:39:38.000000Z"}, {"uuid": "9687fe2a-d9c4-4a84-876b-d2592f9232a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "exploited", "source": "https://t.me/CyberUnderworlds/7", "content": "\ud83c\udf11 @CyberUnderworlds | Shadows of the Digital Realm \ud83c\udf11\nMay 27, 2025 \u2013 In the silent pulse of cyberspace, threats weave their intricate dance. Here\u2019s the latest from the frontlines of the digital underworld:\n\n\ud83d\udd0d China\u2019s Silent Strike: The UNC5221 group exploits Ivanti Endpoint Manager flaws (CVE-2025-4427, CVE-2025-4428), infiltrating critical sectors across Europe, North America, and Asia-Pacific. Espionage executed with surgical precision.\n\n\ud83c\uddf7\ud83c\uddfa APT28\u2019s Shadow Play: Russian hackers target NATO-aligned logistics and tech firms aiding Ukraine, wielding malware, phishing, and seven CVEs to spy on vital aid routes.\n\n\ud83d\udc89 Lumma\u2019s Global Plague: 394,000 Windows devices fall to Lumma malware. From Booking.com phishing scams to crypto wallet heists, this digital scourge spares no one.\n\n\ud83c\uddec\ud83c\udde7 UK Retail Under Siege: Scattered Spider is suspected in attacks on Marks &amp; Spencer, Co-op, and Harrods. Customer data stolen, though payment details and passwords remain secure\u2014for now.\n\n\ud83d\udcb0 Coinbase\u2019s Costly Breach: Hackers bribed rogue support agents, siphoning customer data and causing $45M in losses with $400M in damages. Coinbase rejected a $20M ransom, offering a bounty instead.\n\n\ud83e\udd16 AI Ascends as Top Threat: Arctic Wolf\u2019s 2025 Trends Report crowns AI, including LLMs, as the new king of cybersecurity fears, dethroning ransomware.\n\n\u26a0\ufe0f Critical Exploits: Firefox (CVE-2025-4918, CVE-2025-4919) and Chrome (CVE-2025-4664) vulnerabilities are actively exploited for data theft and remote code execution. Patch now, or pay the price later.\n\n@CyberUnderworlds \u2013 #CyberUnderworlds", "creation_timestamp": "2025-05-27T05:05:05.000000Z"}, {"uuid": "e0e8071d-f2f5-44e9-a5b4-ec996b9ad3dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "exploited", "source": "Telegram/yBzfSKDekFO7HHiPgi-ex5h-Zy_cWbN6nhkX_k-OsEE1bg", "content": "", "creation_timestamp": "2025-05-19T12:52:36.000000Z"}, {"uuid": "2d1db4a3-0f35-4edc-8df8-90da159af56f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "exploited", "source": "https://t.me/thehackernews/6851", "content": "\ud83d\uded1 2 critical Firefox zero-days \u2014 CVE-2025-4918 &amp; CVE-2025-4919 \u2014 proven exploitable.\n\nAttackers can read/write sensitive data or trigger remote code execution.\n\nAffects all versions before: \u2022 Firefox 138.0.4 \u2022 ESR 128.10.1 / 115.23.1\n\ud83d\udd17 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html", "creation_timestamp": "2025-05-19T12:41:09.000000Z"}, {"uuid": "34f630f0-d3a8-4b10-b806-b5f21997a2fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://t.me/CybNux/7968", "content": "\ud83d\uded1 \u062b\u063a\u0631\u062a\u0627\u0646 \u062e\u0637\u064a\u0631\u062a\u0627\u0646 \u0641\u064a Firefox \u2014 CVE-2025-4918 \u0648CVE-2025-4919 \u2014 \u062a\u0645 \u0625\u062b\u0628\u0627\u062a \u0642\u0627\u0628\u0644\u064a\u062a\u0647\u0645\u0627 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0642\u0631\u0627\u0621\u0629 \u0623\u0648 \u0643\u062a\u0627\u0628\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u062a\u0634\u063a\u064a\u0644 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f.\n\n\u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062c\u0645\u064a\u0639 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0633\u0627\u0628\u0642\u0629: \u2022 Firefox 138.0.4 \u2022 ESR 128.10.1 / 115.23.1\n#\u0623\u062e\u0628\u0627\u0631", "creation_timestamp": "2025-05-19T21:42:05.000000Z"}, {"uuid": "0c080c8d-331b-45d7-ad63-80e85cc3af44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://t.me/CyberBulletin/3298", "content": "\u26a1\ufe0fThe second flaw, CVE-2025-4919, allows attackers to perform out-of-bounds reads/writes on a JavaScript object by confusing array index sizes.", "creation_timestamp": "2025-05-20T04:25:09.000000Z"}, {"uuid": "c6c7baf3-bd52-4bfa-ae78-e4911bd7744e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://t.me/true_secator/7052", "content": "\ud83e\uddca Firefox \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 JavaScript, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 Pwn2Own Berlin 2025\n\nMozilla \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0438 \u0435\u0433\u043e \u0432\u0435\u0440\u0441\u0438\u0439 ESR, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Pwn2Own Berlin 2025. \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 JavaScript \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043d\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2025-4918, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u042d\u0434\u0443\u0430\u0440\u043e\u043c \u0411\u043e\u0448\u0435\u043d\u043e\u043c \u0438 \u0422\u0430\u043e \u042f\u043d\u043e\u043c \u0438\u0437 Palo Alto Networks. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Promise \u0432 JavaScript, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430. \n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2025-4919, \u0431\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u041c\u0430\u043d\u0444\u0440\u0435\u0434\u043e\u043c \u041f\u043e\u043b\u043e\u043c \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u0432 \u043f\u0440\u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u0445 \u0441\u0443\u043c\u043c, \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Berlin 2025, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u043e\u0439 Zero Day Initiative \u043e\u0442 Trend Micro. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u043e $50\u202f000 \u0438 \u043f\u043e 5 \u043e\u0447\u043a\u043e\u0432 \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \"Master of Pwn\" \u0437\u0430 \u0441\u0432\u043e\u0438 \u043d\u0430\u0445\u043e\u0434\u043a\u0438. Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0441\u0443\u0442\u043e\u043a \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \n\n\ud83d\udee1\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Firefox, Mozilla \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 c \u0446\u0435\u043b\u044c\u044e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2025-05-21T13:15:02.000000Z"}, {"uuid": "5e2bc664-407c-42c0-ba4a-c635cb1b1505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://t.me/Russian_OSINT/5566", "content": "\ud83e\uddca Firefox \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 JavaScript, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 Pwn2Own Berlin 2025\n\nMozilla \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0438 \u0435\u0433\u043e \u0432\u0435\u0440\u0441\u0438\u0439 ESR, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Pwn2Own Berlin 2025. \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 JavaScript \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043d\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2025-4918, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u042d\u0434\u0443\u0430\u0440\u043e\u043c \u0411\u043e\u0448\u0435\u043d\u043e\u043c \u0438 \u0422\u0430\u043e \u042f\u043d\u043e\u043c \u0438\u0437 Palo Alto Networks. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Promise \u0432 JavaScript, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430. \n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2025-4919, \u0431\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u041c\u0430\u043d\u0444\u0440\u0435\u0434\u043e\u043c \u041f\u043e\u043b\u043e\u043c \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u0432 \u043f\u0440\u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u0445 \u0441\u0443\u043c\u043c, \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Berlin 2025, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u043e\u0439 Zero Day Initiative \u043e\u0442 Trend Micro. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u043e $50\u202f000 \u0438 \u043f\u043e 5 \u043e\u0447\u043a\u043e\u0432 \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \"Master of Pwn\" \u0437\u0430 \u0441\u0432\u043e\u0438 \u043d\u0430\u0445\u043e\u0434\u043a\u0438. Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0441\u0443\u0442\u043e\u043a \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \n\n\ud83d\udee1\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Firefox, Mozilla \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 c \u0446\u0435\u043b\u044c\u044e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2025-05-19T12:21:17.000000Z"}, {"uuid": "b4a4e562-d403-411a-8b66-cb25c9db441f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "exploited", "source": "https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results", "content": "", "creation_timestamp": "2025-05-24T09:43:42.076845Z"}, {"uuid": "0cba192c-9143-4f64-b5b0-83a5aa64de95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqbnqbwyos2p", "content": "", "creation_timestamp": "2025-05-29T02:19:14.933330Z"}, {"uuid": "67112083-4fb2-46c5-a561-ac5b95fbf46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lpk6blfwvk26", "content": "", "creation_timestamp": "2025-05-19T18:11:21.552644Z"}, {"uuid": "c08eff36-9a7d-4cf8-8d87-eab49e083303", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ltzdvjuapb2u", "content": "", "creation_timestamp": "2025-07-15T16:42:41.891738Z"}, {"uuid": "a8b5f785-b9dc-4af9-850f-022bb5db9bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lu2twborl42d", "content": "", "creation_timestamp": "2025-07-16T07:02:06.764429Z"}, {"uuid": "e08b4099-fa64-486e-95f9-630fba32a515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49199", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrgeu6z4272k", "content": "", "creation_timestamp": "2025-06-12T16:48:52.783945Z"}, {"uuid": "7ca30d28-f54a-45e5-b059-074b4946ad48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpkzjsdt6u2p", "content": "", "creation_timestamp": "2025-05-20T02:19:08.185837Z"}, {"uuid": "f2746023-7d24-4cf8-b149-1952470e1dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpfuvqmyf52p", "content": "", "creation_timestamp": "2025-05-18T01:13:03.701421Z"}, {"uuid": "85c18a91-9c99-47fc-8ce3-8d9f84be2289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq7y5yfzu22m", "content": "", "creation_timestamp": "2025-05-28T10:20:38.509269Z"}, {"uuid": "83ffb204-95a7-434b-8e92-9d472786d3ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://gist.github.com/EbonJaeger/4959b52b5b6898ca4e109d36bb8b6d36", "content": "", "creation_timestamp": "2025-05-23T22:39:43.000000Z"}, {"uuid": "9a7f34c1-f3eb-4aa3-837f-261ee22b6bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/Firefox.activitypub.awakari.com.ap.brid.gy/post/3lu4kfeeozfo2", "content": "", "creation_timestamp": "2025-07-16T23:17:05.639910Z"}, {"uuid": "a61894b7-e223-4fed-a5bc-8fd5479fbc2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-4919", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-b73bbde9-751543f940567cd2", "content": "", "creation_timestamp": "2025-07-18T14:10:23.119095Z"}, {"uuid": "a169b2af-12ba-457b-9995-01bc3233e478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49199", "type": "seen", "source": "Telegram/wgoTb_5XaYjt4edW9eGqU_US797b0TcQmpar0c_1bJk2kSM", "content": "", "creation_timestamp": "2025-06-12T15:34:18.000000Z"}, {"uuid": "90050b63-963c-4b3d-a36c-d20dcbc099ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49196", "type": "seen", "source": "Telegram/wgoTb_5XaYjt4edW9eGqU_US797b0TcQmpar0c_1bJk2kSM", "content": "", "creation_timestamp": "2025-06-12T15:34:18.000000Z"}, {"uuid": "120623fb-2538-4745-b465-5ec6a35acff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49197", "type": "seen", "source": "Telegram/wgoTb_5XaYjt4edW9eGqU_US797b0TcQmpar0c_1bJk2kSM", "content": "", "creation_timestamp": "2025-06-12T15:34:18.000000Z"}, {"uuid": "8013c9df-ecb5-4ba8-9b09-77bfe8799594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49193", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18169", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49193\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\n\ud83d\udccf Published: 2025-06-12T14:15:07.492Z\n\ud83d\udccf Modified: 2025-06-12T14:17:01.557Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T14:33:22.000000Z"}, {"uuid": "922a33d3-7e1b-4b09-9d20-c61bba347673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49194", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18168", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49194\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.\n\ud83d\udccf Published: 2025-06-12T14:17:36.499Z\n\ud83d\udccf Modified: 2025-06-12T14:17:36.499Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T14:33:22.000000Z"}, {"uuid": "5a3db8e5-397f-4c04-ba49-7a19f48f15cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49195", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18167", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49195\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.\n\ud83d\udccf Published: 2025-06-12T14:19:21.686Z\n\ud83d\udccf Modified: 2025-06-12T14:19:21.686Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T14:33:21.000000Z"}, {"uuid": "3a447388-bdad-49a4-ae16-14cff0b33de2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-292/", "content": "", "creation_timestamp": "2025-05-21T03:00:00.000000Z"}, {"uuid": "e0ede361-62f7-4d80-a1c4-e926322e316c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-291/", "content": "", "creation_timestamp": "2025-05-21T03:00:00.000000Z"}, {"uuid": "7eb4dc51-a1cf-47bc-99e4-45d4864389de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq43wib6yc23", "content": "", "creation_timestamp": "2025-05-26T21:17:17.212411Z"}, {"uuid": "294f9086-e433-41a1-9bae-4a0563b6a35c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/thezdi.bsky.social/post/3lqathonwxs2t", "content": "", "creation_timestamp": "2025-05-28T18:29:10.298609Z"}, {"uuid": "bd3582fa-5a59-428e-92eb-cb7c9ede1fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://infosec.exchange/users/thezdi/statuses/114586874920443870", "content": "", "creation_timestamp": "2025-05-28T18:29:14.256819Z"}, {"uuid": "00cbb197-2181-4b0a-a77f-c20dd952d0b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lqatjyp6vx2i", "content": "", "creation_timestamp": "2025-05-28T18:30:26.933291Z"}, {"uuid": "31c3eb72-c984-4106-8380-0a76f48760d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lqatjyqkh726", "content": "", "creation_timestamp": "2025-05-28T18:30:27.431205Z"}, {"uuid": "1cbbbb5f-7836-4015-b715-afd189977e34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114534135731269951", "content": "", "creation_timestamp": "2025-05-19T10:56:58.091341Z"}, {"uuid": "c246fb98-1bd9-41a1-b228-1fe1342e2197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lpjhlobrwn2d", "content": "", "creation_timestamp": "2025-05-19T11:25:24.617168Z"}, {"uuid": "f34f8d53-585f-4f6c-8837-db2dda1f4dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/Firefox.activitypub.awakari.com.ap.brid.gy/post/3ltz6kcv2elp2", "content": "", "creation_timestamp": "2025-07-15T15:09:28.808953Z"}, {"uuid": "88deb1c3-3dc1-4528-b031-61c25d0abea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/Firefox.activitypub.awakari.com.ap.brid.gy/post/3ltzrlqs7dte2", "content": "", "creation_timestamp": "2025-07-15T20:47:56.964379Z"}, {"uuid": "680b7e72-c71c-4ec0-af67-257eb7998e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpklrn7lwk2x", "content": "", "creation_timestamp": "2025-05-19T22:12:59.082529Z"}, {"uuid": "0c3e4e46-4adc-46ef-bd0f-d0cd08df351b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpklvwhb522x", "content": "", "creation_timestamp": "2025-05-19T22:15:28.204307Z"}, {"uuid": "1b4c903c-97bd-47da-b881-a6278c4933db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpfl5ildd5j2", "content": "", "creation_timestamp": "2025-05-17T22:18:58.509397Z"}, {"uuid": "68ae78b0-35fc-4827-82fe-2f87c9d43d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49191", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49191\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.\n\ud83d\udccf Published: 2025-06-12T14:08:02.756Z\n\ud83d\udccf Modified: 2025-06-12T14:12:22.866Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-12T14:33:28.000000Z"}, {"uuid": "c1aca588-b4d2-4815-84b3-fc410ec90502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49199", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49199\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring  the  services  in  a  way  that  they  are  unable  to  run,  making  the  application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.\n\ud83d\udccf Published: 2025-06-12T14:26:32.507Z\n\ud83d\udccf Modified: 2025-06-13T06:07:37.540Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\n3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\n4. https://www.first.org/cvss/calculator/3.1\n5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\n6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "creation_timestamp": "2025-06-13T06:36:25.000000Z"}, {"uuid": "2cd781e0-0f01-4144-88b2-6a680e18fd26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://bsky.app/profile/hackmanac.com/post/3lpjnceck2k2j", "content": "", "creation_timestamp": "2025-05-19T13:07:53.836724Z"}, {"uuid": "1b5bf8f0-d2b2-4055-80cf-0c4e8785288c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4919", "type": "seen", "source": "https://www.thezdi.com/blog/2025/7/14/cve-2025-4919-corruption-via-math-space-in-mozilla-firefox", "content": "", "creation_timestamp": "2025-07-15T12:27:27.000000Z"}]}