{"vulnerability": "cve-2025-8420", "sightings": [{"uuid": "fa103c41-7739-4394-9007-2706f85af9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-8420", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3lvpabkhg7f2m", "content": "", "creation_timestamp": "2025-08-06T03:01:37.107941Z"}, {"uuid": "f1292e18-1197-49a4-b3cb-ad7448f370ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-8420", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvpiiiwcnd2k", "content": "", "creation_timestamp": "2025-08-06T05:28:39.236317Z"}, {"uuid": "21105dc8-b91b-4006-82f6-5709c6567af3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-8420", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/62", "content": "{VIP} CVE-2025-8420\nRequest a Quote Form \u2264 \u2013 Unauthenticated Limited RCE\n\nAllows unauthenticated attaks to excte certain PHP functions on the server without credn. Parameters cannot be passed to these functions, but it can still reveal sensitive information such as phpinfo() output.\n\nExample:\n_SERVER[\"HTTP_HOST\"] \n_SERVER[\"HTTP_USER_AGENT\"]\n_SERVER[\"SERVER_ADDR\"]\n_SERVER[\"SERVER_PORT\"]\n_SERVER[\"REMOTE_ADDR\"]\n_SERVER[\"DOCUMENT_ROOT\"]\n\nThis exp installed in the VIP.", "creation_timestamp": "2025-08-11T01:48:32.000000Z"}]}