{"vulnerability": "cve-2025-2558", "sightings": [{"uuid": "a40806d4-3b69-41df-81fc-d4254eebf526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-2558", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-2558.yaml", "content": "", "creation_timestamp": "2026-04-09T02:52:43.000000Z"}, {"uuid": "077618ab-fe7f-42b2-8f5e-5cf3b1eff199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-2558", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mj67us6sjt2o", "content": "", "creation_timestamp": "2026-04-10T21:03:09.036017Z"}, {"uuid": "257359d2-aa1d-46ae-882d-2e68ad570de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25589", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8343", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25589\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T13:35:19.864Z\n\ud83d\udd17 References:\n1. https://gitee.com/r1bbit/yimioa/issues/IBI81R", "creation_timestamp": "2025-03-21T14:19:16.000000Z"}, {"uuid": "78f2c08a-61d9-4f40-9054-1bc16ed2b5b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2558", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13190", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2558\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server\n\ud83d\udccf Published: 2025-04-24T06:00:07.297Z\n\ud83d\udccf Modified: 2025-04-24T06:00:07.297Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6a8e1c89-a01d-4347-91fc-ba454784b153/", "creation_timestamp": "2025-04-24T06:05:34.000000Z"}, {"uuid": "aa7f5066-318c-4a39-ab13-21408d9b58eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25580", "type": "seen", "source": "https://t.me/cvedetector/20588", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25580 - Yimioa SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25580 \nPublished : March 18, 2025, 3:16 p.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:26.000000Z"}, {"uuid": "5e1a6ba8-c2e8-42ed-a5de-a3ef3a7e463f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25580", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobidkfze2w", "content": "", "creation_timestamp": "2025-03-18T18:13:34.872433Z"}, {"uuid": "0263aaa7-611c-4635-a8e9-a08de3b80f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoihz3ucn2m", "content": "", "creation_timestamp": "2025-03-18T20:18:37.695788Z"}, {"uuid": "a6bc277f-188f-42cf-b74e-e79d1bd80d24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25586", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoihz7bkh2n", "content": "", "creation_timestamp": "2025-03-18T20:18:38.303991Z"}, {"uuid": "2e6254db-01d7-44f6-ac38-5e47b5c3c678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2558", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114394194900112274", "content": "", "creation_timestamp": "2025-04-24T17:48:11.895543Z"}, {"uuid": "0ed2034e-1e47-42b4-80b7-0d1861e7fc09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25580", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "2283eee9-6163-4eeb-b840-267427e9c092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2558", "type": "seen", "source": "https://t.me/cvedetector/23640", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2558 - \"WordPress Theme-Wound LFI Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2558 \nPublished : April 24, 2025, 6:15 a.m. | 14\u00a0minutes ago \nDescription : The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T08:52:53.000000Z"}, {"uuid": "876f6ec8-827c-4f61-95b2-6ef812a77f74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25582", "type": "seen", "source": "https://t.me/cvedetector/20572", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25582 - Yimioa SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25582 \nPublished : March 18, 2025, 4:15 p.m. | 16\u00a0minutes ago \nDescription : yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:04.000000Z"}, {"uuid": "8df4bc4b-f155-433f-b519-a6074ba1f728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25589", "type": "seen", "source": "https://t.me/cvedetector/20570", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25589 - Yimioa XML External Entity Injection (XXE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25589 \nPublished : March 18, 2025, 4:15 p.m. | 16\u00a0minutes ago \nDescription : An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:03.000000Z"}, {"uuid": "fd6136e7-3a51-45bc-8389-3b628fe15f2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25586", "type": "seen", "source": "https://t.me/cvedetector/20569", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25586 - Yimioa Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25586 \nPublished : March 18, 2025, 4:15 p.m. | 16\u00a0minutes ago \nDescription : yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:02.000000Z"}, {"uuid": "69072f73-9bdb-4474-a624-75fb8f9f2865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25585", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobid4qef26", "content": "", "creation_timestamp": "2025-03-18T18:13:32.963736Z"}, {"uuid": "9543432c-d79d-47b8-8582-1b23e897de04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25589", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoihykwyv26", "content": "", "creation_timestamp": "2025-03-18T20:18:34.795060Z"}, {"uuid": "aa079301-41ca-4d99-9a27-01352977c100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2558", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnkenucnex2r", "content": "", "creation_timestamp": "2025-04-24T09:15:13.020591Z"}, {"uuid": "f8d93fe8-f495-4382-a012-e95610eda06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25580", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}]}