{"vulnerability": "cve-2025-4925", "sightings": [{"uuid": "848554fe-6f1b-4909-8ac5-a771d70da4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4925", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpjnnkb4pp2s", "content": "", "creation_timestamp": "2025-05-19T13:13:50.816463Z"}, {"uuid": "c42038dc-d933-46dc-ae48-5c19c745ee14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49259", "type": "seen", "source": "Telegram/SCENl0bmebBo-isLeSjNn7zy_-WAXbtsdyq9JC-AqVlk7Uo", "content": "", "creation_timestamp": "2025-06-17T16:18:20.000000Z"}, {"uuid": "14ad1d28-a986-4e47-90bf-54ca4f014247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49257", "type": "seen", "source": "Telegram/SCENl0bmebBo-isLeSjNn7zy_-WAXbtsdyq9JC-AqVlk7Uo", "content": "", "creation_timestamp": "2025-06-17T16:18:20.000000Z"}, {"uuid": "75fd22aa-a178-4773-86cd-fdd8edf64db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49255", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18775", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49255\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza allows PHP Local File Inclusion. This issue affects Ruza: from n/a through 1.0.7.\n\ud83d\udccf Published: 2025-06-17T15:01:28.175Z\n\ud83d\udccf Modified: 2025-06-18T15:03:05.214Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/ruza/vulnerability/wordpress-ruza-1-0-7-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-18T15:43:12.000000Z"}, {"uuid": "29aa7ab1-8215-4261-b692-df6f3854616c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49256", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18770", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49256\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa allows PHP Local File Inclusion. This issue affects Sapa: from n/a through 1.1.14.\n\ud83d\udccf Published: 2025-06-17T15:01:27.698Z\n\ud83d\udccf Modified: 2025-06-18T15:06:29.623Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/sapa/vulnerability/wordpress-sapa-1-1-14-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-18T15:43:04.000000Z"}, {"uuid": "9f89a265-a8c1-4333-84ce-73278630283f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49257", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18768", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49257\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota allows PHP Local File Inclusion. This issue affects Zota: from n/a through 1.3.8.\n\ud83d\udccf Published: 2025-06-17T15:01:27.235Z\n\ud83d\udccf Modified: 2025-06-18T15:11:31.548Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/zota/vulnerability/wordpress-zota-1-3-8-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-18T15:42:59.000000Z"}, {"uuid": "68b1552a-39d6-471c-8796-fdb52e224019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49258", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49258\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.\n\ud83d\udccf Published: 2025-06-17T15:01:26.682Z\n\ud83d\udccf Modified: 2025-06-18T15:18:29.189Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/maia/vulnerability/wordpress-maia-1-1-15-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-18T15:42:58.000000Z"}, {"uuid": "56dad92f-1d6e-4616-8da5-35e7fc5dc6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49256", "type": "seen", "source": "Telegram/H8qPUwjr8DSMn0ICOXk--yhIRM42jZjZtgGE_xUFRvcMjMM", "content": "", "creation_timestamp": "2025-06-17T16:18:28.000000Z"}, {"uuid": "901a5200-efe4-4465-b4ca-8c0aaeeea96c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49258", "type": "seen", "source": "Telegram/SCENl0bmebBo-isLeSjNn7zy_-WAXbtsdyq9JC-AqVlk7Uo", "content": "", "creation_timestamp": "2025-06-17T16:18:20.000000Z"}, {"uuid": "bc7262a3-57fd-497f-be5c-9f5a44a41762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16835", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4925\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-19T09:00:11.199Z\n\ud83d\udccf Modified: 2025-05-19T09:00:11.199Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309487\n2. https://vuldb.com/?ctiid.309487\n3. https://vuldb.com/?submit.579105\n4. https://github.com/f1rstb100d/myCVE/issues/24\n5. https://phpgurukul.com/", "creation_timestamp": "2025-05-19T09:38:24.000000Z"}]}