{"vulnerability": "cve-2025-3790", "sightings": [{"uuid": "08723fe1-0466-44e3-948d-4de1765cd3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37907", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "b84d0af8-e020-45a7-8344-c422223540ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37903", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e9fd482c-b39b-447d-843e-f92b57570f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37907", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17103", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37907\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix locking order in ivpu_job_submit\n\nFix deadlock in job submission and abort handling.\nWhen a thread aborts currently executing jobs due to a fault,\nit first locks the global lock protecting submitted_jobs (#1).\n\nAfter the last job is destroyed, it proceeds to release the related context\nand locks file_priv (#2). Meanwhile, in the job submission thread,\nthe file_priv lock (#2) is taken first, and then the submitted_jobs\nlock (#1) is obtained when a job is added to the submitted jobs list.\n\n       CPU0                            CPU1\n       ----                            ----\n  (for example due to a fault)         (jobs submissions keep coming)\n\n  lock(&vdev->submitted_jobs_lock) #1\n  ivpu_jobs_abort_all()\n  job_destroy()\n                                      lock(&file_priv->lock)           #2\n                                      lock(&vdev->submitted_jobs_lock) #1\n  file_priv_release()\n  lock(&vdev->context_list_lock)\n  lock(&file_priv->lock)           #2\n\nThis order of locking causes a deadlock. To resolve this issue,\nchange the order of locking in ivpu_job_submit().\n\ud83d\udccf Published: 2025-05-20T15:21:40.482Z\n\ud83d\udccf Modified: 2025-05-21T07:58:16.031Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/079d2622f8c9e0c380149645fff21d35c59ce6ff\n2. https://git.kernel.org/stable/c/b9b70924a272c2d72023306bc56f521c056212ee\n3. https://git.kernel.org/stable/c/ab680dc6c78aa035e944ecc8c48a1caab9f39924", "creation_timestamp": "2025-05-21T08:47:21.000000Z"}, {"uuid": "f64382f4-cb86-4ff8-a1d9-a27bb1345165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3790", "type": "seen", "source": "https://t.me/cvedetector/23327", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3790 - Apache Druid Monitoring Console Remote Improper Access Controls Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3790 \nPublished : April 18, 2025, 1:15 p.m. | 3\u00a0hours, 25\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:05:13.000000Z"}, {"uuid": "fbe14880-259d-4f41-bdee-769030854a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3790", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln3uugto3vs2", "content": "", "creation_timestamp": "2025-04-18T14:55:35.951163Z"}, {"uuid": "ab0aa93b-1b7e-4545-b488-a0b39b5a3d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3790", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln42fr2yy62d", "content": "", "creation_timestamp": "2025-04-18T16:34:34.966177Z"}]}