{"vulnerability": "cve-2025-2733", "sightings": [{"uuid": "0208857d-34b9-4d3d-8fa0-0bd4e905a523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2733", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2733\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-25T04:31:04.535Z\n\ud83d\udccf Modified: 2025-03-25T04:31:04.535Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300753\n2. https://vuldb.com/?ctiid.300753\n3. https://vuldb.com/?submit.520426\n4. https://magnificent-dill-351.notion.site/Command-Execution-in-Openmanus-2025-3-13-1b6c693918ed80b2826ef6bb385693fa", "creation_timestamp": "2025-03-25T05:23:42.000000Z"}, {"uuid": "ed121921-42e3-4331-a0d3-9f28112e30a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2733", "type": "seen", "source": "https://t.me/cvedetector/21039", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2733 - Mannaandpoem OpenManus Os Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2733 \nPublished : March 25, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T06:57:00.000000Z"}, {"uuid": "4aa870c6-c842-4ff2-82a8-8e3bed36cdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27336", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liwz4m45pr2s", "content": "", "creation_timestamp": "2025-02-24T18:47:20.780942Z"}, {"uuid": "d4b7fe6e-9d36-44bd-8752-719a5303a746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27335", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liwz4mi4ze2s", "content": "", "creation_timestamp": "2025-02-24T18:47:21.468449Z"}, {"uuid": "f6646bde-b04d-4035-82e6-f75e786f09c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27339", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liwz4mp2cm2g", "content": "", "creation_timestamp": "2025-02-24T18:47:22.522517Z"}, {"uuid": "b2d57657-cca0-49c1-a43f-a42eb663ef9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27336", "type": "seen", "source": "https://t.me/cvedetector/18808", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27336 - Just Variables CSRF\", \n  \"Content\": \"CVE ID : CVE-2025-27336 \nPublished : Feb. 24, 2025, 3:15 p.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables allows Cross Site Request Forgery. This issue affects Just Variables: from n/a through 1.2.3. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-24T17:57:51.000000Z"}, {"uuid": "ce2b85be-cb4f-47ef-beb1-c0ef84d87c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27335", "type": "seen", "source": "https://t.me/cvedetector/18813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27335 - SEO Roma Auto Tag Links CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27335 \nPublished : Feb. 24, 2025, 3:15 p.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links allows Cross Site Request Forgery. This issue affects Auto Tag Links: from n/a through 1.0.13. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-24T17:57:57.000000Z"}, {"uuid": "ce72f184-4c4d-447d-b1b0-481aec748b9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27339", "type": "seen", "source": "https://t.me/cvedetector/18809", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27339 - Will Anderson Minimum Password Strength CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27339 \nPublished : Feb. 24, 2025, 3:15 p.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength allows Cross Site Request Forgery. This issue affects Minimum Password Strength: from n/a through 1.2.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-24T17:57:51.000000Z"}, {"uuid": "fb0aa7b1-fed7-4805-bc0a-3db4db2bd298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27332", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liwz4mshgt23", "content": "", "creation_timestamp": "2025-02-24T18:47:23.138351Z"}, {"uuid": "57137009-1b13-429b-a783-51b39680fb08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27339", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"}, {"uuid": "d1e5c94d-d76a-40b2-9d89-21f4cd1611a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27336", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"}, {"uuid": "528f35a4-50bf-408a-b74f-f294af0817a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27335", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"}]}