{"vulnerability": "cve-2025-2194", "sightings": [{"uuid": "90fb3b7a-0821-4927-b0dd-35aa3ea8edd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2194", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:35.000000Z"}, {"uuid": "4f222c81-3fce-480d-a1e9-7fc89ec52151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21947", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "c7f39d94-7717-46a6-8fdb-1867545f1aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21941", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "2fadcd5f-1243-4521-940c-f4f1d82b90a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21947", "type": "seen", "source": "Telegram/Ig1PoEkLRkLZXw2uOx0iXI5kdj6breIEyUIy1Z-iyA-tgLY", "content": "", "creation_timestamp": "2026-04-02T11:19:48.000000Z"}, {"uuid": "3fc6230f-bdae-4cec-a396-3c6cb45589db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2194", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7132", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2194\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-11T13:31:04.585Z\n\ud83d\udccf Modified: 2025-03-11T13:31:04.585Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299219\n2. https://vuldb.com/?ctiid.299219\n3. https://vuldb.com/?submit.511732\n4. https://github.com/IceFoxH/VULN/issues/3", "creation_timestamp": "2025-03-11T13:39:46.000000Z"}, {"uuid": "ae3ff402-b784-4965-a7da-cb338f8bb85e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21947", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10049", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21947\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix type confusion via race condition when using ipc_msg_send_request\n\nreq->handle is allocated using ksmbd_acquire_id(&ipc_ida), based on\nida_alloc. req->handle from ksmbd_ipc_login_request and\nFSCTL_PIPE_TRANSCEIVE ioctl can be same and it could lead to type confusion\nbetween messages, resulting in access to unexpected parts of memory after\nan incorrect delivery. ksmbd check type of ipc response but missing add\ncontinue to check next ipc reponse.\n\ud83d\udccf Published: 2025-04-01T15:41:09.457Z\n\ud83d\udccf Modified: 2025-04-02T12:16:58.912Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/6321bbda4244b93802d61cfe0887883aae322f4b\n2. https://git.kernel.org/stable/c/76861630b29e51373e73e7b00ad0d467b6941162\n3. https://git.kernel.org/stable/c/3cb2b2e41541fe6f9cc55ca22d4c0bd260498aea\n4. https://git.kernel.org/stable/c/1e8833c03a38e1d5d5df6484e3f670a2fd38fb76\n5. https://git.kernel.org/stable/c/e2ff19f0b7a30e03516e6eb73b948e27a55bc9d2", "creation_timestamp": "2025-04-02T12:36:38.000000Z"}, {"uuid": "f48b8797-6c83-445a-a910-746498e9f0e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21946", "type": "seen", "source": "Telegram/XWbUozvBnZFZaJxuYJQhgn4U8YQh0aGW0LQo7pqkrJZCpA4", "content": "", "creation_timestamp": "2026-01-11T18:01:52.000000Z"}, {"uuid": "e2ede63f-9af9-4e56-8934-3ca7991c34c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21944", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7c880aa3-6df6-473f-a599-ee15307f5bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21945", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "55062535-9570-4322-8cfb-51d357f95101", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21946", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "bc0c21c7-ecef-4737-92b6-3f13521a532b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21944", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21944\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix bug on trap in smb2_lock\n\nIf lock count is greater than 1, flags could be old value.\nIt should be checked with flags of smb_lock, not flags.\nIt will cause bug-on trap from locks_free_lock in error handling\nroutine.\n\ud83d\udccf Published: 2025-04-01T15:41:07.977Z\n\ud83d\udccf Modified: 2025-04-02T12:16:55.685Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/11e0e74e14f1832a95092f2c98ed3b99f57797ee\n2. https://git.kernel.org/stable/c/8994f0ce8259f812b4f4a681d8298c6ff682efaa\n3. https://git.kernel.org/stable/c/dbcd7fdd86f77529210fe8978154a81cd479844c\n4. https://git.kernel.org/stable/c/2b70e3ac79eacbdf32571f7af48dd81cdd957ca8\n5. https://git.kernel.org/stable/c/e26e2d2e15daf1ab33e0135caf2304a0cfa2744b", "creation_timestamp": "2025-04-02T12:36:41.000000Z"}, {"uuid": "b326ce9c-d13c-4a09-bc89-087d541c560f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21946", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10050", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21946\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out-of-bounds in parse_sec_desc()\n\nIf osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd\nstruct size. If it is smaller, It could cause slab-out-of-bounds.\nAnd when validating sid, It need to check it included subauth array size.\n\ud83d\udccf Published: 2025-04-01T15:41:08.955Z\n\ud83d\udccf Modified: 2025-04-02T12:16:57.827Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c1569dbbe2d43041be9f3fef7ca08bec3b66ad1b\n2. https://git.kernel.org/stable/c/159d059cbcb0e6d0e7a7b34af3862ba09a6b22d1\n3. https://git.kernel.org/stable/c/6a9831180d0b23b5c97e2bd841aefc8f82900172\n4. https://git.kernel.org/stable/c/d6e13e19063db24f94b690159d0633aaf72a0f03", "creation_timestamp": "2025-04-02T12:36:39.000000Z"}, {"uuid": "25613f9f-e501-488c-9d0c-bba8a7a0d9cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21945", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10051", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21945\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb2_lock\n\nIf smb_lock->zero_len has value, ->llist of smb_lock is not delete and\nflock is old one. It will cause use-after-free on error handling\nroutine.\n\ud83d\udccf Published: 2025-04-01T15:41:08.471Z\n\ud83d\udccf Modified: 2025-04-02T12:16:56.760Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7\n2. https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506\n3. https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e\n4. https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb\n5. https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc", "creation_timestamp": "2025-04-02T12:36:40.000000Z"}]}