{"vulnerability": "cve-2025-2605", "sightings": [{"uuid": "2405ae45-d4b9-485a-8119-15dd1e2d6644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "Telegram/8FMcEoyafGP5AxoZLjRg0chmZC-BYAzE99ntHfuwtxpKRtc", "content": "", "creation_timestamp": "2025-05-02T15:31:08.000000Z"}, {"uuid": "4fb17eec-1b5c-45a0-bad3-903bb017c606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26054", "type": "seen", "source": "Telegram/3MBTytBz7FAWoUgV2aTVPXaX-kfAuOLht6JlK6Rx_m9ll3c", "content": "", "creation_timestamp": "2025-03-07T22:00:06.000000Z"}, {"uuid": "a7364116-dd2c-42f9-8188-3777b337e4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://t.me/cvedetector/24347", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2605 - Honeywell MB-Secure OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2605 \nPublished : May 2, 2025, 1:15 p.m. | 1\u00a0hour, 57\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T17:37:02.000000Z"}, {"uuid": "b9a463c4-1f8d-435a-81a6-5f5108cee802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26058", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihulnndlf2t", "content": "", "creation_timestamp": "2025-02-18T18:16:20.699441Z"}, {"uuid": "804b2875-dbc2-4ef9-8e03-b8d259fc3675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26058", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liiauwxgx322", "content": "", "creation_timestamp": "2025-02-18T21:56:20.620808Z"}, {"uuid": "09bba357-ba3e-4665-9bcf-53eaba847fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14477", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2605\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.\n\ud83d\udccf Published: 2025-05-02T12:39:39.979Z\n\ud83d\udccf Modified: 2025-05-02T12:39:39.979Z\n\ud83d\udd17 References:\n1. https://www.honeywell.com/us/en/product-security#security-notices", "creation_timestamp": "2025-05-02T13:15:46.000000Z"}, {"uuid": "5e7d3b8e-6daf-40ab-819e-244c5cbd890e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26056", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11660", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26056\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module \"MTR\" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process.\n\ud83d\udccf Published: 2025-04-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:41:23.657Z\n\ud83d\udd17 References:\n1. https://github.com/rohan-pt/CVE-2025-26056", "creation_timestamp": "2025-04-14T17:54:19.000000Z"}, {"uuid": "ed072bca-1de2-4d8e-ab25-ef001a329a6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26056", "type": "seen", "source": "https://t.me/cvedetector/21802", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26056 - Infinxt iEdge 100 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26056 \nPublished : April 1, 2025, 7:15 p.m. | 25\u00a0minutes ago \nDescription : A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module \"MTR\" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T22:15:44.000000Z"}, {"uuid": "6a7ac08d-b596-48cd-a362-a32dda153130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lohth6bavs2w", "content": "", "creation_timestamp": "2025-05-06T02:27:11.619168Z"}, {"uuid": "5f1b56dc-706e-4279-a800-337ac73742f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lohzjod3ey2a", "content": "", "creation_timestamp": "2025-05-06T04:15:53.207655Z"}, {"uuid": "e966c3cc-0f16-4318-99e8-048b25b60367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26058", "type": "seen", "source": "https://t.me/cvedetector/18348", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26058 - Webkul QloApps Authentication Token Exposur\", \n  \"Content\": \"CVE ID : CVE-2025-26058 \nPublished : Feb. 18, 2025, 6:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:46.000000Z"}, {"uuid": "51ac226a-c2a6-42ae-99dc-a397650a03fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26054", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/17480", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-26054\nURL\uff1ahttps://github.com/rohan-pt/CVE-2025-26054\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-07T18:28:28.000000Z"}, {"uuid": "b7104410-666b-435f-8e00-ca80e8661efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26054", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26054\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the \"Description\" field during LAN configuration.\n\ud83d\udccf Published: 2025-04-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T18:19:06.121Z\n\ud83d\udd17 References:\n1. https://github.com/rohan-pt/CVE-2025-26054", "creation_timestamp": "2025-04-01T18:32:48.000000Z"}, {"uuid": "cdb3a154-1209-4f35-acfb-408ffba0c762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26055", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11662", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26055\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function.\n\ud83d\udccf Published: 2025-04-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:36:55.479Z\n\ud83d\udd17 References:\n1. https://github.com/rohan-pt/CVE-2025-26055", "creation_timestamp": "2025-04-14T17:54:24.000000Z"}, {"uuid": "910e3138-410a-411b-b2fa-b345a40d79ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26055", "type": "seen", "source": "https://t.me/cvedetector/21801", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26055 - Infinxt iEdge Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26055 \nPublished : April 1, 2025, 7:15 p.m. | 25\u00a0minutes ago \nDescription : An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T22:15:43.000000Z"}, {"uuid": "59e22faa-eee5-4eac-9ee0-c9061ec02ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26058", "type": "seen", "source": "Telegram/5cqhjr3kIV3mz-Y4EpxtHm_Kouc7prNUEFtq3HqMJ2rV1VQG", "content": "", "creation_timestamp": "2025-02-20T01:27:45.000000Z"}, {"uuid": "e5f5fffb-0465-43e4-8fd1-e2bff968eaf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114438509930269915", "content": "", "creation_timestamp": "2025-05-02T13:38:04.232010Z"}, {"uuid": "8996637a-d292-4dad-a9c4-c3897f044628", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6wstk3xst2", "content": "", "creation_timestamp": "2025-05-02T14:45:07.529590Z"}, {"uuid": "3e37d6c1-78dd-4549-bfb0-bd70440679d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2605", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo772nlip62t", "content": "", "creation_timestamp": "2025-05-02T16:00:53.875521Z"}, {"uuid": "16279037-8219-4ab8-b931-d159ff9e7483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26055", "type": "seen", "source": "Telegram/3MBTytBz7FAWoUgV2aTVPXaX-kfAuOLht6JlK6Rx_m9ll3c", "content": "", "creation_timestamp": "2025-03-07T22:00:06.000000Z"}]}