{"vulnerability": "cve-2025-27888", "sightings": [{"uuid": "d7cc3865-c966-44dd-9274-ec08fb3c4f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8679", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27888\n\ud83d\udd25 CVSS Score: 5.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Severity: medium (5.8) / important\n\nServer-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),\u00a0URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid.\n\nThis issue affects all previous Druid versions.\n\n\nWhen using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected.\n\n\nUsers are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue.\n\ud83d\udccf Published: 2025-03-20T11:29:00.730Z\n\ud83d\udccf Modified: 2025-03-25T15:18:04.929Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/c0qo989pwtrqkjv6xfr0c30dnjq8vf39", "creation_timestamp": "2025-03-25T15:23:56.000000Z"}, {"uuid": "3a8730fc-c41e-4c32-9e66-00df8827c511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://t.me/cvedetector/20729", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27888 - Apache Druid SSRF, XSS and Open Redirect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27888 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : Severity: medium (5.8) / important  \n  \nServer-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),\u00a0URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid.  \n  \nThis issue affects all previous Druid versions.  \n  \n  \nWhen using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected.  \n  \n  \nUsers are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:38.000000Z"}, {"uuid": "a57d22c9-0a9c-46c3-979e-e45fbe333cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114194866048910223", "content": "", "creation_timestamp": "2025-03-20T12:56:13.576682Z"}, {"uuid": "88df84a1-0184-42b9-a22b-debb152daaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lkqpzhrmus2b", "content": "", "creation_timestamp": "2025-03-19T17:38:56.406526Z"}, {"uuid": "4b9b74a0-00d3-4810-9366-471f6b690332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://bsky.app/profile/license-token.com/post/3luih7m52uj24", "content": "", "creation_timestamp": "2025-07-21T16:51:57.192485Z"}, {"uuid": "122de915-58a1-4c94-9ed2-1b95a354e0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcbq2haz2t", "content": "", "creation_timestamp": "2025-08-18T21:02:52.886978Z"}, {"uuid": "db149f6a-32a5-4588-bd89-7e157a1af9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/10243", "content": "XBOW - CVE-2025-27888:  Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint\n\nhttps://xbow.com/blog/apache-druid-proxy", "creation_timestamp": "2025-09-23T15:31:59.000000Z"}, {"uuid": "3eba228d-55e6-4841-92b0-4e4460786461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkzypwoevs2o", "content": "", "creation_timestamp": "2025-03-23T10:08:40.645632Z"}, {"uuid": "22aa0ad9-ab6e-4a6d-b848-508e413610b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27888", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-27888.yaml", "content": "", "creation_timestamp": "2025-08-15T23:41:47.000000Z"}]}