{"vulnerability": "cve-2025-4370", "sightings": [{"uuid": "0833dc6b-d691-48d8-b43d-77a72a9e7898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43708", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3rxj5s52h", "content": "", "creation_timestamp": "2025-04-17T02:48:33.290905Z"}, {"uuid": "c5c3a810-b0d2-4226-8efb-eb035b630632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43704", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3ryhuhp2v", "content": "", "creation_timestamp": "2025-04-17T02:48:38.776844Z"}, {"uuid": "1f652097-989a-4380-957d-b1a6586a3836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43700", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lre2fbcygh24", "content": "", "creation_timestamp": "2025-06-11T18:36:15.186751Z"}, {"uuid": "bdf38e7f-5258-4c7b-8006-16a2e125e185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43701", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lre2fbcygh24", "content": "", "creation_timestamp": "2025-06-11T18:36:15.259847Z"}, {"uuid": "ad2f3b3d-cc85-4a51-adaa-c70ffca08f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbpbojth2d2c", "content": "", "creation_timestamp": "2026-01-05T20:29:06.575427Z"}, {"uuid": "49cc877d-9029-4e2e-8ef6-2f4175eaf313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43706", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpjecavay2z", "content": "", "creation_timestamp": "2026-01-05T22:46:31.714301Z"}, {"uuid": "75fd20f0-f74a-4c19-9a07-67a56d794437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43700", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43700\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.\u00a0\n\nThis impacts OmniStudio: before Spring 2025.\n\ud83d\udccf Published: 2025-06-10T11:12:53.559Z\n\ud83d\udccf Modified: 2025-06-10T11:23:16.736Z\n\ud83d\udd17 References:\n1. https://help.salesforce.com/s/articleView?id=004980323&amp;type=1", "creation_timestamp": "2025-06-10T11:34:11.000000Z"}, {"uuid": "b4928285-b38f-49a7-95bb-3c16e78f844e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43701", "type": "seen", "source": "Telegram/57-ZwpsnCne6luO5PRV3ORhWnDZIYPtLViEm2vB0oS0gThM", "content": "", "creation_timestamp": "2025-06-10T16:31:31.000000Z"}, {"uuid": "20077ba7-8d4f-4260-8707-491c16358476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43708", "type": "seen", "source": "https://t.me/cvedetector/23207", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43708 - VisiCut XML Deserialization Stack Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-43708 \nPublished : April 17, 2025, 1:15 a.m. | 48\u00a0minutes ago \nDescription : VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an \"insecure deserialization\" issue. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T04:37:07.000000Z"}, {"uuid": "78920ebc-df95-4478-8bbd-7b7d4df6ecf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43704", "type": "seen", "source": "https://t.me/cvedetector/23194", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43704 - Arctera Veritas Data Insight HTTP Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-43704 \nPublished : April 16, 2025, 11:15 p.m. | 39\u00a0minutes ago \nDescription : Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:29.000000Z"}, {"uuid": "9cca263d-4314-4d68-ae02-dfd73073fb2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43707", "type": "seen", "source": "https://bsky.app/profile/darosior.bsky.social/post/3lnlliq6px22g", "content": "", "creation_timestamp": "2025-04-24T20:50:15.082477Z"}, {"uuid": "a86230d3-8a52-4966-9d5f-01ee3f5bf6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43708", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12177", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43708\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an \"insecure deserialization\" issue.\n\ud83d\udccf Published: 2025-04-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T00:25:39.027Z\n\ud83d\udd17 References:\n1. https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul\n2. https://github.com/t-oster/VisiCut\n3. https://visicut.org", "creation_timestamp": "2025-04-17T00:59:47.000000Z"}, {"uuid": "c3ab65c4-eb49-4f61-b39e-91ad63f6e3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43700", "type": "seen", "source": "Telegram/57-ZwpsnCne6luO5PRV3ORhWnDZIYPtLViEm2vB0oS0gThM", "content": "", "creation_timestamp": "2025-06-10T16:31:31.000000Z"}, {"uuid": "15012ed0-a5be-49ed-bfa7-6c571f4af95d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43700", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lsjyzojmjs2w", "content": "", "creation_timestamp": "2025-06-26T20:53:02.610284Z"}, {"uuid": "a2ef0daa-7495-43e7-ab77-2068db7f9f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43701", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lsjyzojmjs2w", "content": "", "creation_timestamp": "2025-06-26T20:53:02.709804Z"}, {"uuid": "36c0898e-a268-470b-83f3-cdab8d6a438e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43700", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114659134321706802", "content": "", "creation_timestamp": "2025-06-10T12:45:45.610246Z"}, {"uuid": "345ad425-892d-46b1-8b65-e7c125b8f9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43701", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114659134321706802", "content": "", "creation_timestamp": "2025-06-10T12:45:45.703668Z"}, {"uuid": "f3d7c8ff-5146-4f5f-a542-f8171a4fb977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43703", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo3kuyyf2b", "content": "", "creation_timestamp": "2025-04-16T22:43:23.112356Z"}, {"uuid": "33d327f4-b795-41d5-9ea0-2d1bab3497ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43704", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12174", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43704\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.\n\ud83d\udccf Published: 2025-04-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T23:00:10.778Z\n\ud83d\udd17 References:\n1. https://www.veritas.com/support/en_US/security/ARC25-006", "creation_timestamp": "2025-04-16T23:58:41.000000Z"}, {"uuid": "84650dfa-2917-427a-ad1a-7d7aeffb7110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43703", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12157", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43703\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.\n\ud83d\udccf Published: 2025-04-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T21:50:45.391Z\n\ud83d\udd17 References:\n1. https://github.com/ankitects/anki/pull/3925\n2. https://github.com/ankitects/anki/pull/3925/commits/24bca15fd3d9dc386916509eb2d4862d1184e709", "creation_timestamp": "2025-04-16T21:58:52.000000Z"}, {"uuid": "13a8d08b-35f2-4498-b6a3-28c8385449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43701", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43701\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.\u00a0\n\nThis impacts OmniStudio: before version 254.\n\ud83d\udccf Published: 2025-06-10T11:21:57.415Z\n\ud83d\udccf Modified: 2025-06-10T11:21:57.415Z\n\ud83d\udd17 References:\n1. https://help.salesforce.com/s/articleView?id=004980323&amp;type=1", "creation_timestamp": "2025-06-10T11:34:14.000000Z"}, {"uuid": "42f517d2-be28-4857-a23a-a47cd1e29249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43703", "type": "seen", "source": "https://t.me/cvedetector/23201", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43703 - Anki Ankitects API Key Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43703 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:37.000000Z"}]}