{"vulnerability": "cve-2025-2771", "sightings": [{"uuid": "75ecaa16-4a0b-4781-a1fe-95a1491ba750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27715", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkvcp5cles2s", "content": "", "creation_timestamp": "2025-03-21T13:23:53.105657Z"}, {"uuid": "d6bd31eb-9591-465c-95ce-d0df7b066009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2771", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-184/", "content": "", "creation_timestamp": "2025-03-25T04:00:00.000000Z"}, {"uuid": "82e73e5a-6afe-4b02-a813-2801cb2b3a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27718", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lks3grzvck23", "content": "", "creation_timestamp": "2025-03-20T06:35:55.729127Z"}, {"uuid": "280fac31-c9b4-4311-9d97-26e08577e261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27719", "type": "seen", "source": "https://t.me/cvedetector/23031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27719 - Cisco Device Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-27719 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Unauthenticated attackers can query an API endpoint and get device details. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:49:06.000000Z"}, {"uuid": "ee1815bb-5656-45f3-96df-310ddd9fbba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27718", "type": "seen", "source": "https://t.me/cvedetector/21386", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27718 - HGW-BL1500HM Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27718 \nPublished : March 28, 2025, 9:15 a.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T11:53:24.000000Z"}, {"uuid": "33ca966a-4b54-4fa9-a5b1-a58d05d3f166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27715", "type": "seen", "source": "https://t.me/cvedetector/20800", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27715 - Mattermost Team Admin Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27715 \nPublished : March 21, 2025, 9:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : Mattermost versions 9.11.x <=\nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T11:47:59.000000Z"}, {"uuid": "60b2f71d-eee7-449a-9f84-fdbda5ffd963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2771", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114388579201738740", "content": "", "creation_timestamp": "2025-04-23T18:00:01.980354Z"}, {"uuid": "85da0d1d-13ba-4ea1-b397-9b77f0e3e887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2771", "type": "seen", "source": "https://t.me/cvedetector/23605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2771 - BEC Technologies Router Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2771 \nPublished : April 23, 2025, 5:16 p.m. | 59\u00a0minutes ago \nDescription : BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T21:10:24.000000Z"}, {"uuid": "e92c1c77-3aff-426b-af5c-93500649517c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27716", "type": "seen", "source": "https://t.me/cvedetector/21385", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27716 - HGW-BL1500HM Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27716 \nPublished : March 28, 2025, 9:15 a.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T11:53:23.000000Z"}, {"uuid": "664a8e40-f4b6-41ec-9aa4-2379351080a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27719", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "2dbb034f-38f6-4768-b866-6d4ee060e637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27716", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27716\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.\n\ud83d\udccf Published: 2025-03-28T08:18:23.782Z\n\ud83d\udccf Modified: 2025-03-28T08:18:23.782Z\n\ud83d\udd17 References:\n1. https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5\n2. https://jvn.jp/en/jp/JVN04278547/", "creation_timestamp": "2025-03-28T08:27:26.000000Z"}, {"uuid": "64f79317-a18f-4b51-b72c-54376620b339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27718", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9284", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27718\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.\n\ud83d\udccf Published: 2025-03-28T08:18:36.814Z\n\ud83d\udccf Modified: 2025-03-28T08:18:36.814Z\n\ud83d\udd17 References:\n1. https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5\n2. https://jvn.jp/en/jp/JVN04278547/", "creation_timestamp": "2025-03-28T08:27:25.000000Z"}]}