{"vulnerability": "cve-2025-4912", "sightings": [{"uuid": "218f5548-987b-4d13-9884-00dfca6ab955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49126", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsccxf3t4h2u", "content": "", "creation_timestamp": "2025-06-23T19:29:24.706649Z"}, {"uuid": "b1a5b6a4-1692-4430-982b-2a0c4312c531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49127", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqxwfywuse2s", "content": "", "creation_timestamp": "2025-06-06T22:53:08.012545Z"}, {"uuid": "570106cd-162d-4178-8ab0-d36fb58ec8b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49124\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\n\ud83d\udccf Published: 2025-06-16T14:22:16.288Z\n\ud83d\udccf Modified: 2025-06-16T14:22:16.288Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv", "creation_timestamp": "2025-06-16T14:38:03.000000Z"}, {"uuid": "031745b9-9b94-45e9-baf2-60426cf40fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lruc6xl6o22x", "content": "", "creation_timestamp": "2025-06-18T05:38:29.380795Z"}, {"uuid": "5d69d326-551a-4038-bef7-7adc2fa216d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/253", "content": "", "creation_timestamp": "2025-06-16T15:19:46.000000Z"}, {"uuid": "a9b4ab0f-79a9-4068-b3fd-200217ca8dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49128", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqxw52h2ha23", "content": "", "creation_timestamp": "2025-06-06T22:48:07.850437Z"}, {"uuid": "5f2c1efc-926f-4a5b-a9d3-577abe31b7b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ltq2f44up22o", "content": "", "creation_timestamp": "2025-07-11T23:58:30.341515Z"}, {"uuid": "e36bdb7f-998c-4ca5-a278-15132cfd065c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://bsky.app/profile/osanpo.bsky.social/post/3lru3lbdtfi2k", "content": "", "creation_timestamp": "2025-06-18T03:40:06.473964Z"}, {"uuid": "d4a98dbc-aa5f-4cd4-9746-7db929f5087f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114693644318306796", "content": "", "creation_timestamp": "2025-06-16T15:02:05.880518Z"}, {"uuid": "225a4c19-dd5a-4a24-8d6f-baa641434a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "faf022b9-b863-49e4-befc-66cb3e51025d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49126", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49126\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)\n\ud83d\udd39 Description: Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation uses the get_swagger_ui_html function from FastAPI. This function does not encode or sanitize its arguments before using them to generate the HTML for the swagger documentation page and is not intended to be used with user-controlled arguments. Any user of this application can be targeted with a one-click attack that can takeover their session and all the secrets that may be contained within it. This issue has been patched in version 2.5.1.\n\ud83d\udccf Published: 2025-06-23T17:18:51.857Z\n\ud83d\udccf Modified: 2025-06-23T17:39:29.542Z\n\ud83d\udd17 References:\n1. https://github.com/Visionatrix/Visionatrix/security/advisories/GHSA-w36r-9jvx-q48v\n2. https://github.com/Visionatrix/Visionatrix/commit/63aafe6e4d1bffe4bf69e73b6fdfc65c71a8f5b8", "creation_timestamp": "2025-06-23T17:45:17.000000Z"}, {"uuid": "a179e6bb-02f1-4fd4-b3cd-4a7a0697e83d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49127", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114643981379166709", "content": "", "creation_timestamp": "2025-06-07T20:32:09.541342Z"}, {"uuid": "6a0e5e9b-e1a3-4fa5-b2e4-4d9315a58636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrqjibz4q32f", "content": "", "creation_timestamp": "2025-06-16T17:38:18.946934Z"}, {"uuid": "7083d58c-66e8-4403-b838-dc1ab355e36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrqk2ak73k26", "content": "", "creation_timestamp": "2025-06-16T17:48:21.483432Z"}, {"uuid": "bcc21cb7-31fa-4c21-86f0-24740ebe34d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/254", "content": "", "creation_timestamp": "2025-06-16T15:23:05.000000Z"}, {"uuid": "ade39ff6-227f-4aee-8e72-c70b89963f12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrsrc3gnvy2r", "content": "", "creation_timestamp": "2025-06-17T15:03:20.165119Z"}, {"uuid": "9eb9cab3-fc2c-4542-ad73-904bf0d8249d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://bsky.app/profile/osanpo.bsky.social/post/3lru3lbdtfi2k", "content": "", "creation_timestamp": "2025-06-18T03:40:06.375867Z"}, {"uuid": "97a411ad-ca50-4927-8c58-9a075ca1d0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4912", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16802", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4912\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-19T05:00:08.672Z\n\ud83d\udccf Modified: 2025-05-19T05:00:08.672Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309469\n2. https://vuldb.com/?ctiid.309469\n3. https://vuldb.com/?submit.579089\n4. https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-of-update_student-in-SRMS-1-0-1f5c693918ed8047ad31d03c6034b4f6\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-05-19T05:38:05.000000Z"}, {"uuid": "a685f268-3e9e-4f61-b537-a2f26a8c3bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "published-proof-of-concept", "source": "Telegram/ju3c4Gol6WBaOsj4yxbDoLpp0Ar5SBbue19Dno2qKGF8t7U", "content": "", "creation_timestamp": "2025-06-16T21:00:04.000000Z"}, {"uuid": "0463736e-22ab-4130-9b38-6bc5fcf8c319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18453", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49125\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.\u00a0 When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\n\ud83d\udccf Published: 2025-06-16T14:18:09.610Z\n\ud83d\udccf Modified: 2025-06-16T14:18:09.610Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk", "creation_timestamp": "2025-06-16T14:38:05.000000Z"}, {"uuid": "a642d792-f746-468a-b35e-a94fdad9e390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49126", "type": "published-proof-of-concept", "source": "Telegram/llanlRrbf3s9Rf868KZ425GV5KlSiI6fIpB3qhtKPPXkg-A", "content": "", "creation_timestamp": "2025-06-23T18:30:40.000000Z"}, {"uuid": "1a9cfc41-38d4-4184-81ca-a1b23e67d756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114693794996406990", "content": "", "creation_timestamp": "2025-06-16T15:40:25.215337Z"}, {"uuid": "d73e1c3c-9920-4e55-8962-ffc25e0cd858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lruc6xl6o22x", "content": "", "creation_timestamp": "2025-06-18T05:38:29.174770Z"}, {"uuid": "7256d93c-1ac3-4e1d-96c3-9522b542d892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49124", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lrr52oerps2m", "content": "", "creation_timestamp": "2025-06-16T23:28:40.279713Z"}, {"uuid": "4a45ea34-c1c2-4776-b2be-47fa848de5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49125", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lrr52oerps2m", "content": "", "creation_timestamp": "2025-06-16T23:28:40.371276Z"}, {"uuid": "a986ba0a-1f2c-4fc9-95bd-4b1ac5e499a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49127", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ltz5gpo37k2u", "content": "", "creation_timestamp": "2025-07-15T14:47:03.052806Z"}]}