{"vulnerability": "cve-2025-3604", "sightings": [{"uuid": "11ce0ae3-fb17-4a6f-b677-0d85e61f3cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36048", "type": "seen", "source": "Telegram/T9EREMrZJ40Ll1HhU5KoHVoW6Lc4lkfgV3T7v7c_6jHizrY", "content": "", "creation_timestamp": "2025-06-18T16:32:08.000000Z"}, {"uuid": "f71ef3c6-bbfe-43b0-9ca8-ca59d6b1557b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36049", "type": "seen", "source": "Telegram/T9EREMrZJ40Ll1HhU5KoHVoW6Lc4lkfgV3T7v7c_6jHizrY", "content": "", "creation_timestamp": "2025-06-18T16:32:08.000000Z"}, {"uuid": "cba150e7-a382-4c1c-b39d-96d64542ae42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "published-proof-of-concept", "source": "Telegram/hXteSjuIwP9Mbeb83eyDoYQTBNomaKTVWkToiPBGs2MzhcU", "content": "", "creation_timestamp": "2025-06-20T03:00:07.000000Z"}, {"uuid": "5bfd549f-f446-4b81-9f77-e64935ec2e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "published-proof-of-concept", "source": "Telegram/Kuay90XNMEzvyQ_OVUBX2jvITO525AByNXYZHQPCwqrAG4M", "content": "", "creation_timestamp": "2025-06-20T07:00:09.000000Z"}, {"uuid": "325ee2ed-f4a7-4241-ab4b-e38f63851292", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3604\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.\n\ud83d\udccf Published: 2025-04-24T08:23:49.297Z\n\ud83d\udccf Modified: 2025-04-24T08:23:49.297Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/935caa43-4c75-47ad-a631-63988e21f834?source=cve\n2. https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php", "creation_timestamp": "2025-04-24T09:12:19.000000Z"}, {"uuid": "292db4b0-0acb-47cb-a07b-a31d709beed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/41138", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aExploit (C) of the CVE-2025-36041 vulnerability in IBM MQ\nURL\uff1ahttps://github.com/byteReaper77/CVE-2025-36041\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-19T22:45:56.000000Z"}, {"uuid": "1cf525c1-f57c-4a1a-b0bb-d86a1ace3d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36048", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18791", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-36048\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.\n\ud83d\udccf Published: 2025-06-18T16:04:28.802Z\n\ud83d\udccf Modified: 2025-06-18T16:04:28.802Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7237144", "creation_timestamp": "2025-06-18T16:43:42.000000Z"}, {"uuid": "b9cf7f63-e923-4b60-bc29-337ba795e419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrviztp7v72p", "content": "", "creation_timestamp": "2025-06-18T17:13:32.960782Z"}, {"uuid": "7c3ee53e-951b-40cc-bbf9-4a2791846b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrnxvd7zhr2i", "content": "", "creation_timestamp": "2025-06-15T17:18:10.019798Z"}, {"uuid": "e6149802-bdc2-43b6-9fb5-478112f0fb7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36047", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3lwbxrlisyr2a", "content": "", "creation_timestamp": "2025-08-13T13:50:05.404095Z"}, {"uuid": "b9234fd0-d2d0-405d-829e-a7a17d5e5d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36047", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mbynk52otn26", "content": "", "creation_timestamp": "2026-01-09T13:55:20.319236Z"}, {"uuid": "835ad272-c317-456f-b248-3dc251ff0f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36049", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18788", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-36049\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 \n\nis vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.\n\ud83d\udccf Published: 2025-06-18T16:06:18.983Z\n\ud83d\udccf Modified: 2025-06-18T16:06:18.983Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7237146", "creation_timestamp": "2025-06-18T16:43:38.000000Z"}, {"uuid": "e293853d-d930-4ac4-bc34-c13b47113148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "seen", "source": "https://t.me/cvedetector/23660", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3604 - Flynax Bridge WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3604 \nPublished : April 24, 2025, 9:15 a.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T13:03:44.000000Z"}, {"uuid": "b18ef364-c7d4-426c-b62a-ecfb46ae0d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7caij2t", "content": "", "creation_timestamp": "2025-04-24T10:15:14.246900Z"}, {"uuid": "e6f977ef-fdc5-465a-b971-561c1627633a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114392779929223191", "content": "", "creation_timestamp": "2025-04-24T11:48:22.748415Z"}, {"uuid": "a5140693-0925-48a9-a398-5a9cf7a87b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36047", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3lwcm67aryy2i", "content": "", "creation_timestamp": "2025-08-13T19:55:03.551975Z"}, {"uuid": "f3aca10e-842e-4bad-ba64-c8b8762885f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18377", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-36041\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N)\n\ud83d\udd39 Description: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.\n\ud83d\udccf Published: 2025-06-15T12:51:06.394Z\n\ud83d\udccf Modified: 2025-06-15T12:51:06.394Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7236608", "creation_timestamp": "2025-06-15T13:36:03.000000Z"}, {"uuid": "da8f1e6d-600c-4681-bae7-0c6f86f613c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "published-proof-of-concept", "source": "Telegram/aFwfStP8wFlVkLpHBloIlhn7vOW90LKUAH04hsmOYUZn0T4", "content": "", "creation_timestamp": "2025-05-06T09:00:07.000000Z"}, {"uuid": "bac5b54a-52a6-423a-b41b-2e0c90c15cec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrvr6j74zs2s", "content": "", "creation_timestamp": "2025-06-18T19:39:19.763081Z"}, {"uuid": "ea9dd738-9d3a-431d-b903-e9bd736bad05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-36041", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114692582520225791", "content": "", "creation_timestamp": "2025-06-16T10:32:04.174587Z"}, {"uuid": "9d8c3954-a80d-4ab0-9821-c147e52721e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3604", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlby2svc24", "content": "", "creation_timestamp": "2025-08-03T21:03:03.868052Z"}]}