From 7a7b1155ff5b56da7ebee9e80d487a8456ca036a Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:25:56 +0000
Subject: [PATCH 01/23] Publish GHSA-jm43-hrq7-r7w6
---
.../GHSA-jm43-hrq7-r7w6.json | 126 ++++++++++++++++++
1 file changed, 126 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-jm43-hrq7-r7w6/GHSA-jm43-hrq7-r7w6.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-jm43-hrq7-r7w6/GHSA-jm43-hrq7-r7w6.json b/advisories/github-reviewed/2025/06/GHSA-jm43-hrq7-r7w6/GHSA-jm43-hrq7-r7w6.json
new file mode 100644
index 0000000000000..1304f5b80d7f5
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-jm43-hrq7-r7w6/GHSA-jm43-hrq7-r7w6.json
@@ -0,0 +1,126 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-jm43-hrq7-r7w6",
+ "modified": "2025-06-13T20:24:24Z",
+ "published": "2025-06-13T20:24:24Z",
+ "aliases": [
+ "CVE-2025-49580"
+ ],
+ "summary": "XWiki allows privilege escalation through link refactoring",
+ "details": "### Impact\n\nPages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. \nThis vulnerability affects all version of XWiki since 8.2 and 7.4.5.\n\n### Patches\n\nThe patch consists in only setting the `originalMetadataAuthor` when performing such change, so that it's displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation). \n\nThis patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.\n\n### Workarounds\n\nThere's no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights. \nAdministrators are strongly advised to upgrade. If not possible, the patch only impacts module `xwiki-platform-refactoring-default` so it's possible to apply the commit and rebuild and deploy only that module.\n\n### CVSS explanation\n\nAttack vector: Network - Always for XWiki.\nComplexity: Low - The set of operations to perform the attack is quite easy.\nAttack requirements: None - Any system is vulnerable, it doesn't depend on specific condition other than user interaction.\nPrivileges required: Low - The attacker only needs edit rights.\nUser interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page.\nConfidentiality: High - The attack might lead to execution of any script.\nIntegrity: High - The attack might lead to execution of any script.\nAvailability: High - The attack might lead to execution of any script.\nSubsequent system impacts: None for any criteria. Only current system is affected.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.1.0-rc-1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "8.2"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "7.4.5"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "< 8.0-milestone-1"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49580"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22836"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-266"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:24:24Z",
+ "nvd_published_at": "2025-06-13T16:15:27Z"
+ }
+}
\ No newline at end of file
From 02acef54ccf167d8fbd46e4a6cab911f1d9f2d79 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:40:21 +0000
Subject: [PATCH 02/23] Publish GHSA-c32m-27pj-4xcj
---
.../GHSA-c32m-27pj-4xcj.json | 305 ++++++++++++++++++
1 file changed, 305 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json b/advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json
new file mode 100644
index 0000000000000..45a4e033d2613
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json
@@ -0,0 +1,305 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-c32m-27pj-4xcj",
+ "modified": "2025-06-13T20:38:59Z",
+ "published": "2025-06-13T20:38:58Z",
+ "aliases": [
+ "CVE-2025-49582"
+ ],
+ "summary": "XWiki's required right warnings for macros are incomplete",
+ "details": "### Impact\nWhen editing content that contains \"dangerous\" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an attacker to hide malicious content. For most macros, the existing analyzers don't consider non-lowercase parameters. Further, most macro parameters that can contain XWiki syntax like titles of information boxes weren't analyzed at all. Similarly, the \"source\" parameters of the content and context macro weren't anylzed even though they could contain arbitrary XWiki syntax. In the worst case, this could allow a malicious to add malicious script macros including Groovy or Python macros to a page that are then executed after another user with programming righs edits the page, thus allowing remote code execution.\n\n### Patches\nThe required rights analyzers have been made more robust and extended to cover those cases in XWiki 16.4.7, 16.10.3 and 17.0.0.\n\n### Workarounds\nWe're not aware of any workarounds except for being careful when editing content authored by untrusted users.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-22763\n* https://jira.xwiki.org/browse/XWIKI-22759\n* https://jira.xwiki.org/browse/XWIKI-22758\n* https://jira.xwiki.org/browse/XWIKI-22799\n* https://github.com/xwiki/xwiki-platform/commit/abdcefc0db27035b67329add836fd683e0cf92b8\n* https://github.com/xwiki/xwiki-platform/commit/cc74dc802efe0e2d3fa2ba3355dbadc51c5fd8c7\n* https://github.com/xwiki/xwiki-platform/commit/0a705e8e253cb871b804e25c53b2bde879c886bd\n* https://github.com/xwiki/xwiki-platform/commit/3d451e957fe2b14459e9ac64172b4a0e4c46971c",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-xwiki"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "15.9-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-xwiki"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-xwiki"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-cache"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "15.9-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-cache"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-cache"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "15.9-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "< 16.10.3"
+ }
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-context"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "15.9-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-context"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-macro-context"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c32m-27pj-4xcj"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49582"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/0a705e8e253cb871b804e25c53b2bde879c886bd"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/3d451e957fe2b14459e9ac64172b4a0e4c46971c"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/abdcefc0db27035b67329add836fd683e0cf92b8"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/cc74dc802efe0e2d3fa2ba3355dbadc51c5fd8c7"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22758"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22759"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22763"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22799"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-357"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:38:58Z",
+ "nvd_published_at": "2025-06-13T17:15:23Z"
+ }
+}
\ No newline at end of file
From b2af91b1b65806bda03725dc991433b1b6a22009 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:42:04 +0000
Subject: [PATCH 03/23] Publish Advisories
GHSA-9875-cw22-f7cx
GHSA-ff6v-w58f-v97w
---
.../GHSA-9875-cw22-f7cx.json | 145 ++++++++++++++++++
.../GHSA-ff6v-w58f-v97w.json | 108 +++++++++++++
2 files changed, 253 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-9875-cw22-f7cx/GHSA-9875-cw22-f7cx.json
create mode 100644 advisories/github-reviewed/2025/06/GHSA-ff6v-w58f-v97w/GHSA-ff6v-w58f-v97w.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-9875-cw22-f7cx/GHSA-9875-cw22-f7cx.json b/advisories/github-reviewed/2025/06/GHSA-9875-cw22-f7cx/GHSA-9875-cw22-f7cx.json
new file mode 100644
index 0000000000000..1c4dab049e500
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-9875-cw22-f7cx/GHSA-9875-cw22-f7cx.json
@@ -0,0 +1,145 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-9875-cw22-f7cx",
+ "modified": "2025-06-13T20:40:19Z",
+ "published": "2025-06-13T20:40:19Z",
+ "aliases": [
+ "CVE-2025-49581"
+ ],
+ "summary": "XWiki allows remote code execution through default value of wiki macro wiki-type parameters",
+ "details": "### Impact\nAny user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the `children` macro that is used in a page that has programming right like the page `XWiki.ChildrenMacro` and thus allows arbitrary script macros. The full reproduction steps can be found in the [original issue](https://jira.xwiki.org/browse/XWIKI-22760).\n\n### Patches\nThis vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value.\n\n### Workarounds\nWe're not aware of any workarounds except for upgrading.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-wikimacro-store"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "11.10.11"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "< 12.0"
+ }
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-wikimacro-store"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "12.6.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "< 12.7"
+ }
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-wikimacro-store"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "12.8-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-wikimacro-store"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rendering-wikimacro-store"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9875-cw22-f7cx"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49581"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/c99d501ed41cbee6a3c02ff927714531570789de"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22760"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-94"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:40:19Z",
+ "nvd_published_at": "2025-06-13T16:15:27Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2025/06/GHSA-ff6v-w58f-v97w/GHSA-ff6v-w58f-v97w.json b/advisories/github-reviewed/2025/06/GHSA-ff6v-w58f-v97w/GHSA-ff6v-w58f-v97w.json
new file mode 100644
index 0000000000000..8cb545db8362a
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-ff6v-w58f-v97w/GHSA-ff6v-w58f-v97w.json
@@ -0,0 +1,108 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-ff6v-w58f-v97w",
+ "modified": "2025-06-13T20:41:12Z",
+ "published": "2025-06-13T20:41:12Z",
+ "aliases": [
+ "CVE-2025-49583"
+ ],
+ "summary": "XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right",
+ "details": "### Impact\nWhen a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.\n\n### Patches\nThis has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.\n\n### Workarounds\nWe're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "15.10.16"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.0.0-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ff6v-w58f-v97w"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49583"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/3d96bf3ceb167bf0213d63f0be1f7e1732eb0a92"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22471"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-270",
+ "CWE-357"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:41:12Z",
+ "nvd_published_at": "2025-06-13T17:15:23Z"
+ }
+}
\ No newline at end of file
From 19488210e88edb627c7681901f524a972d97a649 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:43:47 +0000
Subject: [PATCH 04/23] Publish GHSA-mvp5-qx9c-c3fv
---
.../GHSA-mvp5-qx9c-c3fv.json | 107 ++++++++++++++++++
1 file changed, 107 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-mvp5-qx9c-c3fv/GHSA-mvp5-qx9c-c3fv.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-mvp5-qx9c-c3fv/GHSA-mvp5-qx9c-c3fv.json b/advisories/github-reviewed/2025/06/GHSA-mvp5-qx9c-c3fv/GHSA-mvp5-qx9c-c3fv.json
new file mode 100644
index 0000000000000..474a686b60099
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-mvp5-qx9c-c3fv/GHSA-mvp5-qx9c-c3fv.json
@@ -0,0 +1,107 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-mvp5-qx9c-c3fv",
+ "modified": "2025-06-13T20:42:13Z",
+ "published": "2025-06-13T20:42:12Z",
+ "aliases": [
+ "CVE-2025-49584"
+ ],
+ "summary": "XWiki makes title of inaccessible pages available through the class property values REST API",
+ "details": "### Impact\nThe title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default for an XWiki installation. This allows an attacker to get titles of pages whose reference is known, one title per request. This doesn't affect fully [private wikis](https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/#HPrivateWiki) as the REST endpoint checks access rights on the XClass definition. The impact on confidentiality depends on the strategy for page names. By default, page names match the title, so the impact should be low but if page names are intentionally obfuscated because the titles are sensitive, the impact could be high.\n\n### Patches\nThis has been fixed in XWiki 16.4.7, 16.10.3 and 17.0.0 by adding access control checks before getting the title of any page.\n\n### Workarounds\nWe're not aware of any workarounds.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rest-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "10.9"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rest-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-rest-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvp5-qx9c-c3fv"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49584"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/ee642f973a7c95d2d146fe03c81bcdee1871f4ec"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22736"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-201"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:42:12Z",
+ "nvd_published_at": "2025-06-13T18:15:22Z"
+ }
+}
\ No newline at end of file
From a17449f4464e6d079a18f6ca61ce23fdea7152e5 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:46:33 +0000
Subject: [PATCH 05/23] Publish Advisories
GHSA-m7wr-2xf7-cm9p
GHSA-x3wm-hffr-chwm
GHSA-8j8w-wwqc-x596
GHSA-j7p2-87q3-44w7
---
.../GHSA-m7wr-2xf7-cm9p.json | 12 +-
.../GHSA-x3wm-hffr-chwm.json | 6 +-
.../GHSA-8j8w-wwqc-x596.json | 10 +-
.../GHSA-j7p2-87q3-44w7.json | 107 ++++++++++++++++++
4 files changed, 131 insertions(+), 4 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-j7p2-87q3-44w7/GHSA-j7p2-87q3-44w7.json
diff --git a/advisories/github-reviewed/2024/03/GHSA-m7wr-2xf7-cm9p/GHSA-m7wr-2xf7-cm9p.json b/advisories/github-reviewed/2024/03/GHSA-m7wr-2xf7-cm9p/GHSA-m7wr-2xf7-cm9p.json
index c5e2e55f55f16..18b3a81042913 100644
--- a/advisories/github-reviewed/2024/03/GHSA-m7wr-2xf7-cm9p/GHSA-m7wr-2xf7-cm9p.json
+++ b/advisories/github-reviewed/2024/03/GHSA-m7wr-2xf7-cm9p/GHSA-m7wr-2xf7-cm9p.json
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m7wr-2xf7-cm9p",
- "modified": "2024-09-13T15:34:58Z",
+ "modified": "2025-06-13T20:45:26Z",
"published": "2024-03-04T20:13:11Z",
"aliases": [
"CVE-2024-27289"
],
"summary": "pgx SQL Injection via Line Comment Creation",
- "details": "### Impact\n\nSQL injection can occur when all of the following conditions are met:\n\n1. The non-default simple protocol is used.\n2. A placeholder for a numeric value must be immediately preceded by a minus.\n3. There must be a second placeholder for a string value after the first placeholder; both\nmust be on the same line.\n4. Both parameter values must be user-controlled.\n\ne.g. \n\nSimple mode must be enabled:\n\n```go\n// connection string includes \"prefer_simple_protocol=true\"\n// or\n// directly enabled in code\nconfig.ConnConfig.PreferSimpleProtocol = true\n```\n\nParameterized query:\n\n```sql\nSELECT * FROM example WHERE result=-$1 OR name=$2;\n```\n\nParameter values:\n\n`$1` => `-42`\n`$2` => `\"foo\\n 1 AND 1=0 UNION SELECT * FROM secrets; --\"`\n\nResulting query after preparation:\n\n```sql\nSELECT * FROM example WHERE result=--42 OR name= 'foo\n1 AND 1=0 UNION SELECT * FROM secrets; --';\n```\n\n### Patches\n\nThe problem is resolved in v4.18.2.\n\n### Workarounds\n\nDo not use the simple protocol or do not place a minus directly before a placeholder.\n",
+ "details": "### Impact\n\nSQL injection can occur when all of the following conditions are met:\n\n1. The non-default simple protocol is used.\n2. A placeholder for a numeric value must be immediately preceded by a minus.\n3. There must be a second placeholder for a string value after the first placeholder; both\nmust be on the same line.\n4. Both parameter values must be user-controlled.\n\ne.g. \n\nSimple mode must be enabled:\n\n```go\n// connection string includes \"prefer_simple_protocol=true\"\n// or\n// directly enabled in code\nconfig.ConnConfig.PreferSimpleProtocol = true\n```\n\nParameterized query:\n\n```sql\nSELECT * FROM example WHERE result=-$1 OR name=$2;\n```\n\nParameter values:\n\n`$1` => `-42`\n`$2` => `\"foo\\n 1 AND 1=0 UNION SELECT * FROM secrets; --\"`\n\nResulting query after preparation:\n\n```sql\nSELECT * FROM example WHERE result=--42 OR name= 'foo\n1 AND 1=0 UNION SELECT * FROM secrets; --';\n```\n\n### Patches\n\nThe problem is resolved in v4.18.2.\n\n### Workarounds\n\nDo not use the simple protocol or do not place a minus directly before a placeholder.",
"severity": [
{
"type": "CVSS_V3",
@@ -63,6 +63,10 @@
"type": "WEB",
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27289"
+ },
{
"type": "WEB",
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
@@ -70,6 +74,10 @@
{
"type": "PACKAGE",
"url": "https://github.com/jackc/pgx"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw"
}
],
"database_specific": {
diff --git a/advisories/github-reviewed/2024/05/GHSA-x3wm-hffr-chwm/GHSA-x3wm-hffr-chwm.json b/advisories/github-reviewed/2024/05/GHSA-x3wm-hffr-chwm/GHSA-x3wm-hffr-chwm.json
index 81c458e1e2d91..8d094da9a8544 100644
--- a/advisories/github-reviewed/2024/05/GHSA-x3wm-hffr-chwm/GHSA-x3wm-hffr-chwm.json
+++ b/advisories/github-reviewed/2024/05/GHSA-x3wm-hffr-chwm/GHSA-x3wm-hffr-chwm.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x3wm-hffr-chwm",
- "modified": "2024-05-15T17:10:49Z",
+ "modified": "2025-06-13T20:45:13Z",
"published": "2024-05-15T17:10:49Z",
"aliases": [
"CVE-2024-32888"
@@ -63,6 +63,10 @@
{
"type": "PACKAGE",
"url": "https://github.com/aws/amazon-redshift-jdbc-driver"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw"
}
],
"database_specific": {
diff --git a/advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json b/advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json
index 88810cbf16a09..f46c808b92ec3 100644
--- a/advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json
+++ b/advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8j8w-wwqc-x596",
- "modified": "2025-06-09T06:30:21Z",
+ "modified": "2025-06-13T20:45:43Z",
"published": "2025-06-02T06:30:32Z",
"aliases": [
"CVE-2025-49113"
@@ -99,6 +99,14 @@
"type": "WEB",
"url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"
},
+ {
+ "type": "WEB",
+ "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection"
+ },
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/3"
diff --git a/advisories/github-reviewed/2025/06/GHSA-j7p2-87q3-44w7/GHSA-j7p2-87q3-44w7.json b/advisories/github-reviewed/2025/06/GHSA-j7p2-87q3-44w7/GHSA-j7p2-87q3-44w7.json
new file mode 100644
index 0000000000000..5f78cd71ba452
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-j7p2-87q3-44w7/GHSA-j7p2-87q3-44w7.json
@@ -0,0 +1,107 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-j7p2-87q3-44w7",
+ "modified": "2025-06-13T20:45:44Z",
+ "published": "2025-06-13T20:45:44Z",
+ "aliases": [
+ "CVE-2025-49587"
+ ],
+ "summary": "XWiki does not require right warnings for notification displayer objects",
+ "details": "### Impact\nWhen a user without script right creates a document with an `XWiki.Notifications.Code.NotificationDisplayerClass` object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.\n\n### Patches\nThis vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code.\n\n### Workarounds\nWe're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "15.9-rc-1"
+ },
+ {
+ "fixed": "15.10.16"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.0.0-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j7p2-87q3-44w7"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49587"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/55c5d568c4dc4619f37397d00d14dcdeab9c252d"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22470"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-357"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:45:44Z",
+ "nvd_published_at": "2025-06-13T18:15:22Z"
+ }
+}
\ No newline at end of file
From fa5982ec688f6f1e2ea412fe0cc33f87a8995852 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 20:48:24 +0000
Subject: [PATCH 06/23] Publish Advisories
GHSA-59w6-r9hm-439h
GHSA-jp4x-w9cj-97q7
---
.../GHSA-59w6-r9hm-439h.json | 107 ++++++++++++++++++
.../GHSA-jp4x-w9cj-97q7.json | 107 ++++++++++++++++++
2 files changed, 214 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-59w6-r9hm-439h/GHSA-59w6-r9hm-439h.json
create mode 100644 advisories/github-reviewed/2025/06/GHSA-jp4x-w9cj-97q7/GHSA-jp4x-w9cj-97q7.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-59w6-r9hm-439h/GHSA-59w6-r9hm-439h.json b/advisories/github-reviewed/2025/06/GHSA-59w6-r9hm-439h/GHSA-59w6-r9hm-439h.json
new file mode 100644
index 0000000000000..9a9e135f88645
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-59w6-r9hm-439h/GHSA-59w6-r9hm-439h.json
@@ -0,0 +1,107 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-59w6-r9hm-439h",
+ "modified": "2025-06-13T20:46:58Z",
+ "published": "2025-06-13T20:46:58Z",
+ "aliases": [
+ "CVE-2025-49585"
+ ],
+ "summary": "XWiki does not require right warnings for XClass definitions",
+ "details": "### Impact\nWhen an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior warning. In particular, this concerns custom display code, the script of computed properties and queries in database list properties. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.\n\n### Patches\nThis has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.\n\n### Workarounds\nWe're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "15.10.16"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.0.0-rc-1"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-security-requiredrights-default"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-59w6-r9hm-439h"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49585"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/385bde985cdb61ebf315d30c0b144b6d2e2c2d45"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22476"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-357"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:46:58Z",
+ "nvd_published_at": "2025-06-13T18:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2025/06/GHSA-jp4x-w9cj-97q7/GHSA-jp4x-w9cj-97q7.json b/advisories/github-reviewed/2025/06/GHSA-jp4x-w9cj-97q7/GHSA-jp4x-w9cj-97q7.json
new file mode 100644
index 0000000000000..76529c54e4603
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-jp4x-w9cj-97q7/GHSA-jp4x-w9cj-97q7.json
@@ -0,0 +1,107 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-jp4x-w9cj-97q7",
+ "modified": "2025-06-13T20:46:22Z",
+ "published": "2025-06-13T20:46:21Z",
+ "aliases": [
+ "CVE-2025-49586"
+ ],
+ "summary": "XWiki allows remote code execution through preview of XClass changes in AWM editor",
+ "details": "### Impact\nAny XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. The detailed reproduction steps can be found in the [original bug report](https://jira.xwiki.org/browse/XWIKI-22719).\n\n### Patches\nThis vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.\n\n### Workarounds\nRestricting edit rights on all existing App Within Minutes applications to trusted users mitigates at least the PoC exploit, but we can't exclude that there are other ways to exploit this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-oldcore"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "7.2-milestone-2"
+ },
+ {
+ "fixed": "16.4.7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-oldcore"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "16.5.0-rc-1"
+ },
+ {
+ "fixed": "16.10.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-oldcore"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.0.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49586"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-22719"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-863"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T20:46:21Z",
+ "nvd_published_at": "2025-06-13T18:15:22Z"
+ }
+}
\ No newline at end of file
From 0ec8acc3805eaece9f4ab293b972b2e29ea83e0a Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:10:17 +0000
Subject: [PATCH 07/23] Publish GHSA-x3c7-22c8-prg7
---
.../GHSA-x3c7-22c8-prg7.json | 61 +++++++++++++++++++
1 file changed, 61 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json b/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
new file mode 100644
index 0000000000000..d56142ba84661
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
@@ -0,0 +1,61 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-x3c7-22c8-prg7",
+ "modified": "2025-06-13T21:09:00Z",
+ "published": "2025-06-13T21:09:00Z",
+ "aliases": [
+ "CVE-2025-49597"
+ ],
+ "summary": "handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution",
+ "details": "### Impact\n\ngoodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called \"gadget chain\" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.\n\n### Patches\n\nHas the problem been patched? What versions should users upgrade to?\n\nThe problem is patched with Version 1.4.3\n\n### Workarounds\n\nPatch `src/Goodby/CSV/Export/Standard/Collection /CallbackCollection.php`:\n\n```diff\n+ public function __wakeup() {\n+ throw new \\BadMethodCallException('Cannot unserialize ' . __CLASS__);\n+ }\n```\n\nHowever, this is not directly exploitable; a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in goodby-csv.\n\n### References\n_Are there any links users can visit to find out more?_",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Packagist",
+ "name": "handcraftedinthealps/goodby-csv"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.4.3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/handcraftedinthealps/goodby-csv/security/advisories/GHSA-x3c7-22c8-prg7"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/handcraftedinthealps/goodby-csv/commit/acd14c6ed85116bb2cb4da35ab62821e5cf54519"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/handcraftedinthealps/goodby-csv"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-915"
+ ],
+ "severity": "LOW",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:09:00Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
From 2dd7ad294bc90f316ff80fb90c126d68884ee4cf Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:17:11 +0000
Subject: [PATCH 08/23] Publish Advisories
GHSA-4j59-vv55-q6h3
GHSA-4j59-vv55-q6h3
---
.../GHSA-4j59-vv55-q6h3.json | 92 +++++++++++++++++++
.../GHSA-4j59-vv55-q6h3.json | 40 --------
2 files changed, 92 insertions(+), 40 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json b/advisories/github-reviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
new file mode 100644
index 0000000000000..d1e3489ed88ad
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
@@ -0,0 +1,92 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-4j59-vv55-q6h3",
+ "modified": "2025-06-13T21:15:54Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2024-38825"
+ ],
+ "summary": "Salt's salt.auth.pki module does not properly authenticate callers",
+ "details": "The salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-287"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:15:54Z",
+ "nvd_published_at": "2025-06-13T07:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json b/advisories/unreviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
deleted file mode 100644
index 307bd2c77cf97..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-4j59-vv55-q6h3/GHSA-4j59-vv55-q6h3.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-4j59-vv55-q6h3",
- "modified": "2025-06-13T09:30:33Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2024-38825"
- ],
- "details": "The salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-287"
- ],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:20Z"
- }
-}
\ No newline at end of file
From 39c50fb74f3836f0fb05af5b02869903eb1f89b7 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:19:18 +0000
Subject: [PATCH 09/23] Publish Advisories
GHSA-jh7c-xh74-h76f
GHSA-jh7c-xh74-h76f
---
.../GHSA-jh7c-xh74-h76f.json | 84 +++++++++++++++++++
.../GHSA-jh7c-xh74-h76f.json | 40 ---------
2 files changed, 84 insertions(+), 40 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json b/advisories/github-reviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
new file mode 100644
index 0000000000000..ba257d3e4502d
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
@@ -0,0 +1,84 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-jh7c-xh74-h76f",
+ "modified": "2025-06-13T21:18:03Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22236"
+ ],
+ "summary": "Salt has minion event bus authorization bypass vulnerability",
+ "details": "Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-287"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:18:03Z",
+ "nvd_published_at": "2025-06-13T07:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json b/advisories/unreviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
deleted file mode 100644
index 8bcb22de95c97..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-jh7c-xh74-h76f/GHSA-jh7c-xh74-h76f.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-jh7c-xh74-h76f",
- "modified": "2025-06-13T09:30:33Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22236"
- ],
- "details": "Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-287"
- ],
- "severity": "HIGH",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:20Z"
- }
-}
\ No newline at end of file
From 2a60b19d1c80fdd86cc36dd0fa4e7e45ddb274d3 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:21:05 +0000
Subject: [PATCH 10/23] Publish Advisories
GHSA-fcr4-h6c4-rvvp
GHSA-r546-h3ff-q585
GHSA-fcr4-h6c4-rvvp
GHSA-r546-h3ff-q585
---
.../GHSA-fcr4-h6c4-rvvp.json | 88 +++++++++++++++++++
.../GHSA-r546-h3ff-q585.json | 88 +++++++++++++++++++
.../GHSA-fcr4-h6c4-rvvp.json | 40 ---------
.../GHSA-r546-h3ff-q585.json | 40 ---------
4 files changed, 176 insertions(+), 80 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
create mode 100644 advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json b/advisories/github-reviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
new file mode 100644
index 0000000000000..2a72582fd61b4
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-fcr4-h6c4-rvvp",
+ "modified": "2025-06-13T21:19:46Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22237"
+ ],
+ "summary": "Salt's on demand pillar functionality vulnerable to arbitrary command injections ",
+ "details": "An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-77"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:19:46Z",
+ "nvd_published_at": "2025-06-13T07:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json b/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
new file mode 100644
index 0000000000000..4e1f0635988f7
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-r546-h3ff-q585",
+ "modified": "2025-06-13T21:20:12Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22238"
+ ],
+ "summary": "Salt vulnerable to directory traversal attack in minion file cache creation",
+ "details": "Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:20:12Z",
+ "nvd_published_at": "2025-06-13T07:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json b/advisories/unreviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
deleted file mode 100644
index dbb850638275a..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-fcr4-h6c4-rvvp/GHSA-fcr4-h6c4-rvvp.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-fcr4-h6c4-rvvp",
- "modified": "2025-06-13T09:30:33Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22237"
- ],
- "details": "An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-77"
- ],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:21Z"
- }
-}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json b/advisories/unreviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
deleted file mode 100644
index 7fd0c82dad754..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-r546-h3ff-q585",
- "modified": "2025-06-13T09:30:33Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22238"
- ],
- "details": "Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-22"
- ],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:21Z"
- }
-}
\ No newline at end of file
From 2982f13172220da4d36f50f83d05d32f4eca3a5f Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:22:53 +0000
Subject: [PATCH 11/23] Publish Advisories
GHSA-c46w-gr7f-jm2p
GHSA-c46w-gr7f-jm2p
---
.../GHSA-c46w-gr7f-jm2p.json | 88 +++++++++++++++++++
.../GHSA-c46w-gr7f-jm2p.json | 40 ---------
2 files changed, 88 insertions(+), 40 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json b/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
new file mode 100644
index 0000000000000..602d08591619f
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-c46w-gr7f-jm2p",
+ "modified": "2025-06-13T21:21:04Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22239"
+ ],
+ "summary": "Salt vulnerable to arbitrary event injection",
+ "details": "Arbitrary event injection on Salt Master. The master's \"_minion_event\" method can be used by and authorized minion to send arbitrary events onto the master's event bus.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-285"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:21:04Z",
+ "nvd_published_at": "2025-06-13T07:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json b/advisories/unreviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
deleted file mode 100644
index 09e1fc7f01200..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-c46w-gr7f-jm2p",
- "modified": "2025-06-13T09:30:33Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22239"
- ],
- "details": "Arbitrary event injection on Salt Master. The master's \"_minion_event\" method can be used by and authorized minion to send arbitrary events onto the master's event bus.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-285"
- ],
- "severity": "HIGH",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:21Z"
- }
-}
\ No newline at end of file
From 60bf6a823ec0239d311f81a44ebfc9e75401de75 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:33:12 +0000
Subject: [PATCH 12/23] Publish Advisories
GHSA-j2wh-3mg8-x62m
GHSA-m6vj-6wj8-cpxm
GHSA-56gp-6mw9-wpfj
GHSA-5v6x-pfc7-q9g6
GHSA-6hjr-3x4p-h5w8
GHSA-7mg7-xh2x-37fm
GHSA-9rpp-w235-gxvg
GHSA-h582-52vg-77xv
GHSA-hm47-446q-7w5f
GHSA-hpgq-7xv5-xf25
GHSA-jhc2-hv2x-fj67
GHSA-q387-9xqr-fhhg
GHSA-qh2j-gj44-rv7h
GHSA-vrqj-vmcj-7cxx
---
.../GHSA-j2wh-3mg8-x62m.json | 2 +-
.../GHSA-m6vj-6wj8-cpxm.json | 2 +-
.../GHSA-56gp-6mw9-wpfj.json | 6 +++-
.../GHSA-5v6x-pfc7-q9g6.json | 36 +++++++++++++++++++
.../GHSA-6hjr-3x4p-h5w8.json | 36 +++++++++++++++++++
.../GHSA-7mg7-xh2x-37fm.json | 11 ++++--
.../GHSA-9rpp-w235-gxvg.json | 36 +++++++++++++++++++
.../GHSA-h582-52vg-77xv.json | 3 +-
.../GHSA-hm47-446q-7w5f.json | 36 +++++++++++++++++++
.../GHSA-hpgq-7xv5-xf25.json | 11 ++++--
.../GHSA-jhc2-hv2x-fj67.json | 3 +-
.../GHSA-q387-9xqr-fhhg.json | 11 ++++--
.../GHSA-qh2j-gj44-rv7h.json | 2 +-
.../GHSA-vrqj-vmcj-7cxx.json | 11 ++++--
14 files changed, 188 insertions(+), 18 deletions(-)
create mode 100644 advisories/unreviewed/2025/06/GHSA-5v6x-pfc7-q9g6/GHSA-5v6x-pfc7-q9g6.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-6hjr-3x4p-h5w8/GHSA-6hjr-3x4p-h5w8.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-9rpp-w235-gxvg/GHSA-9rpp-w235-gxvg.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
diff --git a/advisories/unreviewed/2024/01/GHSA-j2wh-3mg8-x62m/GHSA-j2wh-3mg8-x62m.json b/advisories/unreviewed/2024/01/GHSA-j2wh-3mg8-x62m/GHSA-j2wh-3mg8-x62m.json
index a9dcf98ce5f48..38c810e2b0fc8 100644
--- a/advisories/unreviewed/2024/01/GHSA-j2wh-3mg8-x62m/GHSA-j2wh-3mg8-x62m.json
+++ b/advisories/unreviewed/2024/01/GHSA-j2wh-3mg8-x62m/GHSA-j2wh-3mg8-x62m.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j2wh-3mg8-x62m",
- "modified": "2024-01-30T18:30:20Z",
+ "modified": "2025-06-13T21:31:08Z",
"published": "2024-01-23T21:30:20Z",
"aliases": [
"CVE-2023-47198"
diff --git a/advisories/unreviewed/2024/01/GHSA-m6vj-6wj8-cpxm/GHSA-m6vj-6wj8-cpxm.json b/advisories/unreviewed/2024/01/GHSA-m6vj-6wj8-cpxm/GHSA-m6vj-6wj8-cpxm.json
index be78d3769855b..a7a068967f62f 100644
--- a/advisories/unreviewed/2024/01/GHSA-m6vj-6wj8-cpxm/GHSA-m6vj-6wj8-cpxm.json
+++ b/advisories/unreviewed/2024/01/GHSA-m6vj-6wj8-cpxm/GHSA-m6vj-6wj8-cpxm.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m6vj-6wj8-cpxm",
- "modified": "2024-01-19T15:30:19Z",
+ "modified": "2025-06-13T21:31:08Z",
"published": "2024-01-16T18:31:10Z",
"aliases": [
"CVE-2023-6046"
diff --git a/advisories/unreviewed/2024/11/GHSA-56gp-6mw9-wpfj/GHSA-56gp-6mw9-wpfj.json b/advisories/unreviewed/2024/11/GHSA-56gp-6mw9-wpfj/GHSA-56gp-6mw9-wpfj.json
index 543fb9c64e969..e64996a94a79b 100644
--- a/advisories/unreviewed/2024/11/GHSA-56gp-6mw9-wpfj/GHSA-56gp-6mw9-wpfj.json
+++ b/advisories/unreviewed/2024/11/GHSA-56gp-6mw9-wpfj/GHSA-56gp-6mw9-wpfj.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-56gp-6mw9-wpfj",
- "modified": "2024-12-11T15:31:16Z",
+ "modified": "2025-06-13T21:31:08Z",
"published": "2024-11-28T18:38:37Z",
"aliases": [
"CVE-2023-52922"
@@ -19,6 +19,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52922"
},
+ {
+ "type": "WEB",
+ "url": "https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922"
+ },
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18"
diff --git a/advisories/unreviewed/2025/06/GHSA-5v6x-pfc7-q9g6/GHSA-5v6x-pfc7-q9g6.json b/advisories/unreviewed/2025/06/GHSA-5v6x-pfc7-q9g6/GHSA-5v6x-pfc7-q9g6.json
new file mode 100644
index 0000000000000..a0d34d4e3a9c9
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-5v6x-pfc7-q9g6/GHSA-5v6x-pfc7-q9g6.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-5v6x-pfc7-q9g6",
+ "modified": "2025-06-13T21:31:10Z",
+ "published": "2025-06-13T21:31:10Z",
+ "aliases": [
+ "CVE-2025-24311"
+ ],
+ "details": "An out-of-bounds read vulnerability exists in the cv_send_blockdata \nfunctionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted \nControlVault API call can lead to an information leak. An attacker can \nissue an API call to trigger this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24311"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-125"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T21:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-6hjr-3x4p-h5w8/GHSA-6hjr-3x4p-h5w8.json b/advisories/unreviewed/2025/06/GHSA-6hjr-3x4p-h5w8/GHSA-6hjr-3x4p-h5w8.json
new file mode 100644
index 0000000000000..4b2e85100871e
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-6hjr-3x4p-h5w8/GHSA-6hjr-3x4p-h5w8.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-6hjr-3x4p-h5w8",
+ "modified": "2025-06-13T21:31:10Z",
+ "published": "2025-06-13T21:31:10Z",
+ "aliases": [
+ "CVE-2025-24922"
+ ],
+ "details": "A stack-based buffer overflow vulnerability exists in the \nsecurebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A \nspecially crafted malicious cv_object can lead to a arbitrary code \nexecution. An attacker can issue an API call to trigger this \nvulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24922"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-121"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T21:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-7mg7-xh2x-37fm/GHSA-7mg7-xh2x-37fm.json b/advisories/unreviewed/2025/06/GHSA-7mg7-xh2x-37fm/GHSA-7mg7-xh2x-37fm.json
index 8f601773a5edf..1d0d57d563b1f 100644
--- a/advisories/unreviewed/2025/06/GHSA-7mg7-xh2x-37fm/GHSA-7mg7-xh2x-37fm.json
+++ b/advisories/unreviewed/2025/06/GHSA-7mg7-xh2x-37fm/GHSA-7mg7-xh2x-37fm.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7mg7-xh2x-37fm",
- "modified": "2025-06-13T18:30:35Z",
+ "modified": "2025-06-13T21:31:10Z",
"published": "2025-06-13T18:30:35Z",
"aliases": [
"CVE-2025-48915"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
+ }
+ ],
"affected": [],
"references": [
{
@@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-79"
],
- "severity": null,
+ "severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-13T16:15:26Z"
diff --git a/advisories/unreviewed/2025/06/GHSA-9rpp-w235-gxvg/GHSA-9rpp-w235-gxvg.json b/advisories/unreviewed/2025/06/GHSA-9rpp-w235-gxvg/GHSA-9rpp-w235-gxvg.json
new file mode 100644
index 0000000000000..9bade636d59ed
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-9rpp-w235-gxvg/GHSA-9rpp-w235-gxvg.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-9rpp-w235-gxvg",
+ "modified": "2025-06-13T21:31:10Z",
+ "published": "2025-06-13T21:31:10Z",
+ "aliases": [
+ "CVE-2025-25050"
+ ],
+ "details": "An out-of-bounds write vulnerability exists in the \ncv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36.\n A specially crafted ControlVault API call can lead to an out-of-bounds \nwrite. An attacker can issue an API call to trigger this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25050"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-787"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T21:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-h582-52vg-77xv/GHSA-h582-52vg-77xv.json b/advisories/unreviewed/2025/06/GHSA-h582-52vg-77xv/GHSA-h582-52vg-77xv.json
index 1cc53ef806a11..b426e7929c763 100644
--- a/advisories/unreviewed/2025/06/GHSA-h582-52vg-77xv/GHSA-h582-52vg-77xv.json
+++ b/advisories/unreviewed/2025/06/GHSA-h582-52vg-77xv/GHSA-h582-52vg-77xv.json
@@ -46,7 +46,8 @@
],
"database_specific": {
"cwe_ids": [
- "CWE-20"
+ "CWE-20",
+ "CWE-502"
],
"severity": "MODERATE",
"github_reviewed": false,
diff --git a/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json b/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
new file mode 100644
index 0000000000000..dea3379c6fea6
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-hm47-446q-7w5f",
+ "modified": "2025-06-13T21:31:10Z",
+ "published": "2025-06-13T21:31:10Z",
+ "aliases": [
+ "CVE-2025-6083"
+ ],
+ "details": "In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specfic owenr_id.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6083"
+ },
+ {
+ "type": "WEB",
+ "url": "https://extreme-networks.my.site.com"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-287"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T21:15:20Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hpgq-7xv5-xf25/GHSA-hpgq-7xv5-xf25.json b/advisories/unreviewed/2025/06/GHSA-hpgq-7xv5-xf25/GHSA-hpgq-7xv5-xf25.json
index d1ab00784e3b1..9d11553a92a7d 100644
--- a/advisories/unreviewed/2025/06/GHSA-hpgq-7xv5-xf25/GHSA-hpgq-7xv5-xf25.json
+++ b/advisories/unreviewed/2025/06/GHSA-hpgq-7xv5-xf25/GHSA-hpgq-7xv5-xf25.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hpgq-7xv5-xf25",
- "modified": "2025-06-13T18:30:35Z",
+ "modified": "2025-06-13T21:31:10Z",
"published": "2025-06-13T18:30:35Z",
"aliases": [
"CVE-2025-48920"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+ }
+ ],
"affected": [],
"references": [
{
@@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-79"
],
- "severity": null,
+ "severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-13T16:15:27Z"
diff --git a/advisories/unreviewed/2025/06/GHSA-jhc2-hv2x-fj67/GHSA-jhc2-hv2x-fj67.json b/advisories/unreviewed/2025/06/GHSA-jhc2-hv2x-fj67/GHSA-jhc2-hv2x-fj67.json
index 6d265de008fa2..53ebbf597beae 100644
--- a/advisories/unreviewed/2025/06/GHSA-jhc2-hv2x-fj67/GHSA-jhc2-hv2x-fj67.json
+++ b/advisories/unreviewed/2025/06/GHSA-jhc2-hv2x-fj67/GHSA-jhc2-hv2x-fj67.json
@@ -46,7 +46,8 @@
],
"database_specific": {
"cwe_ids": [
- "CWE-287"
+ "CWE-287",
+ "CWE-306"
],
"severity": "MODERATE",
"github_reviewed": false,
diff --git a/advisories/unreviewed/2025/06/GHSA-q387-9xqr-fhhg/GHSA-q387-9xqr-fhhg.json b/advisories/unreviewed/2025/06/GHSA-q387-9xqr-fhhg/GHSA-q387-9xqr-fhhg.json
index 6a9b8b0349528..fefa2026ecb3a 100644
--- a/advisories/unreviewed/2025/06/GHSA-q387-9xqr-fhhg/GHSA-q387-9xqr-fhhg.json
+++ b/advisories/unreviewed/2025/06/GHSA-q387-9xqr-fhhg/GHSA-q387-9xqr-fhhg.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q387-9xqr-fhhg",
- "modified": "2025-06-05T15:31:32Z",
+ "modified": "2025-06-13T21:31:09Z",
"published": "2025-06-05T15:31:32Z",
"aliases": [
"CVE-2025-30084"
],
"details": "A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
"affected": [],
"references": [
{
@@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-79"
],
- "severity": null,
+ "severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-05T14:15:31Z"
diff --git a/advisories/unreviewed/2025/06/GHSA-qh2j-gj44-rv7h/GHSA-qh2j-gj44-rv7h.json b/advisories/unreviewed/2025/06/GHSA-qh2j-gj44-rv7h/GHSA-qh2j-gj44-rv7h.json
index 61e524fd1275c..658bfd5c5e596 100644
--- a/advisories/unreviewed/2025/06/GHSA-qh2j-gj44-rv7h/GHSA-qh2j-gj44-rv7h.json
+++ b/advisories/unreviewed/2025/06/GHSA-qh2j-gj44-rv7h/GHSA-qh2j-gj44-rv7h.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qh2j-gj44-rv7h",
- "modified": "2025-06-11T00:30:40Z",
+ "modified": "2025-06-13T21:31:09Z",
"published": "2025-06-11T00:30:40Z",
"aliases": [
"CVE-2025-46953"
diff --git a/advisories/unreviewed/2025/06/GHSA-vrqj-vmcj-7cxx/GHSA-vrqj-vmcj-7cxx.json b/advisories/unreviewed/2025/06/GHSA-vrqj-vmcj-7cxx/GHSA-vrqj-vmcj-7cxx.json
index cf1e922f21adc..43cf190620475 100644
--- a/advisories/unreviewed/2025/06/GHSA-vrqj-vmcj-7cxx/GHSA-vrqj-vmcj-7cxx.json
+++ b/advisories/unreviewed/2025/06/GHSA-vrqj-vmcj-7cxx/GHSA-vrqj-vmcj-7cxx.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vrqj-vmcj-7cxx",
- "modified": "2025-06-13T18:30:35Z",
+ "modified": "2025-06-13T21:31:10Z",
"published": "2025-06-13T18:30:35Z",
"aliases": [
"CVE-2025-48914"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
+ }
+ ],
"affected": [],
"references": [
{
@@ -23,7 +28,7 @@
"cwe_ids": [
"CWE-79"
],
- "severity": null,
+ "severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-13T16:15:26Z"
From 1a53d1a36849025521dff232eb72353d4b55f6b2 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:55:41 +0000
Subject: [PATCH 13/23] Publish Advisories
GHSA-xh32-3m67-qjgf
GHSA-xh32-3m67-qjgf
---
.../GHSA-xh32-3m67-qjgf.json | 88 +++++++++++++++++++
.../GHSA-xh32-3m67-qjgf.json | 40 ---------
2 files changed, 88 insertions(+), 40 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json b/advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
new file mode 100644
index 0000000000000..652a6a4633cca
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-xh32-3m67-qjgf",
+ "modified": "2025-06-13T21:54:24Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22240"
+ ],
+ "summary": "Salt allows arbitrary directory creation or file deletion",
+ "details": "Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:54:24Z",
+ "nvd_published_at": "2025-06-13T07:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json b/advisories/unreviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
deleted file mode 100644
index e82a6a2d5d63d..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-xh32-3m67-qjgf",
- "modified": "2025-06-13T15:30:30Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22240"
- ],
- "details": "Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-22"
- ],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:21Z"
- }
-}
\ No newline at end of file
From 68ab05cceb5b7106ade896140542b02b8869d046 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 21:58:32 +0000
Subject: [PATCH 14/23] Publish Advisories
GHSA-7f3f-x5f5-79gw
GHSA-8pcp-r83j-fc92
GHSA-989c-m532-p2hv
GHSA-7f3f-x5f5-79gw
GHSA-8pcp-r83j-fc92
---
.../GHSA-7f3f-x5f5-79gw.json | 88 +++++++++++++++++++
.../GHSA-8pcp-r83j-fc92.json | 88 +++++++++++++++++++
.../GHSA-989c-m532-p2hv.json | 60 +++++++++++--
.../GHSA-7f3f-x5f5-79gw.json | 38 --------
.../GHSA-8pcp-r83j-fc92.json | 38 --------
5 files changed, 231 insertions(+), 81 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
create mode 100644 advisories/github-reviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
rename advisories/{unreviewed => github-reviewed}/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json (50%)
delete mode 100644 advisories/unreviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json b/advisories/github-reviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
new file mode 100644
index 0000000000000..cb4f8dfec50ff
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-7f3f-x5f5-79gw",
+ "modified": "2025-06-13T21:57:13Z",
+ "published": "2025-06-13T09:30:33Z",
+ "aliases": [
+ "CVE-2025-22241"
+ ],
+ "summary": "Salt's file contents overwrite the VirtKey class",
+ "details": "File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-73"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:57:13Z",
+ "nvd_published_at": "2025-06-13T07:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json b/advisories/github-reviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
new file mode 100644
index 0000000000000..bf2cf376aa70f
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
@@ -0,0 +1,88 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-8pcp-r83j-fc92",
+ "modified": "2025-06-13T21:58:01Z",
+ "published": "2025-06-13T09:30:34Z",
+ "aliases": [
+ "CVE-2024-38824"
+ ],
+ "summary": "Salt vulnerable to directory traversal attack in file receiving method",
+ "details": "Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "CRITICAL",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:58:01Z",
+ "nvd_published_at": "2025-06-13T08:15:18Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json b/advisories/github-reviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json
similarity index 50%
rename from advisories/unreviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json
rename to advisories/github-reviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json
index d716c82f5cf83..ed542140b3d70 100644
--- a/advisories/unreviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json
+++ b/advisories/github-reviewed/2025/06/GHSA-989c-m532-p2hv/GHSA-989c-m532-p2hv.json
@@ -1,11 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-989c-m532-p2hv",
- "modified": "2025-06-13T09:30:34Z",
+ "modified": "2025-06-13T21:57:41Z",
"published": "2025-06-13T09:30:34Z",
"aliases": [
"CVE-2025-22242"
],
+ "summary": "Salt's worker process vulnerable to denial of service through file read operation",
"details": "Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.",
"severity": [
{
@@ -13,12 +14,55 @@
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"
}
],
- "affected": [],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3007.0rc1"
+ },
+ {
+ "fixed": "3007.4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "salt"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3006.0rc1"
+ },
+ {
+ "fixed": "3006.12"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22242"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe"
+ },
{
"type": "WEB",
"url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
@@ -26,13 +70,19 @@
{
"type": "WEB",
"url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/saltstack/salt"
}
],
"database_specific": {
- "cwe_ids": [],
+ "cwe_ids": [
+ "CWE-770"
+ ],
"severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T21:57:41Z",
"nvd_published_at": "2025-06-13T07:15:21Z"
}
}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json b/advisories/unreviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
deleted file mode 100644
index 79828d23ee100..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-7f3f-x5f5-79gw/GHSA-7f3f-x5f5-79gw.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-7f3f-x5f5-79gw",
- "modified": "2025-06-13T09:30:34Z",
- "published": "2025-06-13T09:30:33Z",
- "aliases": [
- "CVE-2025-22241"
- ],
- "details": "File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T07:15:21Z"
- }
-}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json b/advisories/unreviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
deleted file mode 100644
index 35f5f5dca4845..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-8pcp-r83j-fc92/GHSA-8pcp-r83j-fc92.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-8pcp-r83j-fc92",
- "modified": "2025-06-13T09:30:34Z",
- "published": "2025-06-13T09:30:34Z",
- "aliases": [
- "CVE-2024-38824"
- ],
- "details": "Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
- },
- {
- "type": "WEB",
- "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
- }
- ],
- "database_specific": {
- "cwe_ids": [],
- "severity": "CRITICAL",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-13T08:15:18Z"
- }
-}
\ No newline at end of file
From 1093899457dc6f86a7d5948058e3ab796c6b91b0 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 22:14:14 +0000
Subject: [PATCH 15/23] Publish Advisories
GHSA-6r3c-xf4w-jxjm
GHSA-6r3c-xf4w-jxjm
---
.../GHSA-6r3c-xf4w-jxjm.json | 107 ++++++++++++++++++
.../GHSA-6r3c-xf4w-jxjm.json | 40 -------
2 files changed, 107 insertions(+), 40 deletions(-)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
delete mode 100644 advisories/unreviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json b/advisories/github-reviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
new file mode 100644
index 0000000000000..437827cfb5efe
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
@@ -0,0 +1,107 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-6r3c-xf4w-jxjm",
+ "modified": "2025-06-13T22:12:57Z",
+ "published": "2025-06-13T00:33:18Z",
+ "aliases": [
+ "CVE-2025-41234"
+ ],
+ "summary": "Spring Framework vulnerable to a reflected file download (RFD)",
+ "details": "### Description\n\nIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\n\nSpecifically, an application is vulnerable when all the following are true:\n\n - The header is prepared with `org.springframework.http.ContentDisposition`.\n - The filename is set via `ContentDisposition.Builder#filename(String, Charset)`.\n - The value for the filename is derived from user-supplied input.\n - The application does not sanitize the user-supplied input.\n - The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\n\n\nAn application is not vulnerable if any of the following is true:\n\n - The application does not set a “Content-Disposition” response header.\n - The header is not prepared with `org.springframework.http.ContentDisposition`.\n - The filename is set via one of: \n - `ContentDisposition.Builder#filename(String)`, or\n - `ContentDisposition.Builder#filename(String, ASCII)`\n - The filename is not derived from user-supplied input.\n - The filename is derived from user-supplied input but sanitized by the application.\n - The attacker cannot inject malicious content in the downloaded content of the response.\n\n\n### Affected Spring Products and VersionsSpring Framework\n\n - 6.2.0 - 6.2.7\n - 6.1.0 - 6.1.20\n - 6.0.5 - 6.0.28\n - Older, unsupported versions are not affected\n\n\n### Mitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\n| Affected version(s) | Fix version | Availability |\n| - | - | - |\n| 6.2.x | 6.2.8 | OSS |\n| 6.1.x | 6.1.21 | OSS |\n| 6.0.x | 6.0.29 | [Commercial](https://enterprise.spring.io/) |\n\nNo further mitigation steps are necessary.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.springframework:spring-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "6.2.0"
+ },
+ {
+ "fixed": "6.2.8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.springframework:spring-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "6.1.0"
+ },
+ {
+ "fixed": "6.1.21"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.springframework:spring-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "6.0.5"
+ },
+ {
+ "last_affected": "6.0.23"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41234"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/spring-projects/spring-framework/issues/35034"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/spring-projects/spring-framework"
+ },
+ {
+ "type": "WEB",
+ "url": "https://spring.io/security/cve-2025-41234"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-113"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T22:12:57Z",
+ "nvd_published_at": "2025-06-12T22:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json b/advisories/unreviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
deleted file mode 100644
index 4c770e79a2969..0000000000000
--- a/advisories/unreviewed/2025/06/GHSA-6r3c-xf4w-jxjm/GHSA-6r3c-xf4w-jxjm.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "schema_version": "1.4.0",
- "id": "GHSA-6r3c-xf4w-jxjm",
- "modified": "2025-06-13T00:33:18Z",
- "published": "2025-06-13T00:33:18Z",
- "aliases": [
- "CVE-2025-41234"
- ],
- "details": "Description\n\nIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\n\nSpecifically, an application is vulnerable when all the following are true:\n\n * The header is prepared with org.springframework.http.ContentDisposition.\n * The filename is set via ContentDisposition.Builder#filename(String, Charset).\n * The value for the filename is derived from user-supplied input.\n * The application does not sanitize the user-supplied input.\n * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not set a “Content-Disposition” response header.\n * The header is not prepared with org.springframework.http.ContentDisposition.\n * The filename is set via one of: * ContentDisposition.Builder#filename(String), or\n * ContentDisposition.Builder#filename(String, ASCII)\n\n\n\n * The filename is not derived from user-supplied input.\n * The filename is derived from user-supplied input but sanitized by the application.\n * The attacker cannot inject malicious content in the downloaded content of the response.\n\n\nAffected Spring Products and VersionsSpring Framework:\n\n * 6.2.0 - 6.2.7\n * 6.1.0 - 6.1.20\n * 6.0.5 - 6.0.28\n * Older, unsupported versions are not affected\n\n\nMitigationUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.\n\n\nCWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.",
- "severity": [
- {
- "type": "CVSS_V3",
- "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"
- }
- ],
- "affected": [],
- "references": [
- {
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41234"
- },
- {
- "type": "WEB",
- "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1"
- },
- {
- "type": "WEB",
- "url": "https://spring.io/security/cve-2025-41234"
- }
- ],
- "database_specific": {
- "cwe_ids": [
- "CWE-113"
- ],
- "severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
- "nvd_published_at": "2025-06-12T22:15:21Z"
- }
-}
\ No newline at end of file
From 460874ab8780525d70c6c20aac34055d79127238 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 22:17:07 +0000
Subject: [PATCH 16/23] Publish GHSA-7f8r-222p-6f5g
---
.../GHSA-7f8r-222p-6f5g.json | 65 +++++++++++++++++++
1 file changed, 65 insertions(+)
create mode 100644 advisories/github-reviewed/2025/06/GHSA-7f8r-222p-6f5g/GHSA-7f8r-222p-6f5g.json
diff --git a/advisories/github-reviewed/2025/06/GHSA-7f8r-222p-6f5g/GHSA-7f8r-222p-6f5g.json b/advisories/github-reviewed/2025/06/GHSA-7f8r-222p-6f5g/GHSA-7f8r-222p-6f5g.json
new file mode 100644
index 0000000000000..83311c1be8768
--- /dev/null
+++ b/advisories/github-reviewed/2025/06/GHSA-7f8r-222p-6f5g/GHSA-7f8r-222p-6f5g.json
@@ -0,0 +1,65 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-7f8r-222p-6f5g",
+ "modified": "2025-06-13T22:15:26Z",
+ "published": "2025-06-13T22:15:26Z",
+ "aliases": [
+ "CVE-2025-49596"
+ ],
+ "summary": "MCP Inspector proxy server lacks authentication between the Inspector client and proxy",
+ "details": "Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.\n\nCredit: Rémy Marot <bughunters@tenable.com>",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "@modelcontextprotocol/inspector"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.14.1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49596"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/modelcontextprotocol/inspector"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-306"
+ ],
+ "severity": "CRITICAL",
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T22:15:26Z",
+ "nvd_published_at": "2025-06-13T20:15:23Z"
+ }
+}
\ No newline at end of file
From 479c4ab930fce49ed9a0b4c6a3a96227e8ff852b Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 22:19:27 +0000
Subject: [PATCH 17/23] Publish GHSA-m63q-4hr8-5r5h
---
.../GHSA-m63q-4hr8-5r5h.json | 40 ++++++++++++++++---
1 file changed, 35 insertions(+), 5 deletions(-)
rename advisories/{unreviewed => github-reviewed}/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json (52%)
diff --git a/advisories/unreviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json b/advisories/github-reviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json
similarity index 52%
rename from advisories/unreviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json
rename to advisories/github-reviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json
index 329d27f70d0cd..3afeb114722dc 100644
--- a/advisories/unreviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json
+++ b/advisories/github-reviewed/2025/06/GHSA-m63q-4hr8-5r5h/GHSA-m63q-4hr8-5r5h.json
@@ -1,11 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m63q-4hr8-5r5h",
- "modified": "2025-06-13T18:30:34Z",
+ "modified": "2025-06-13T22:17:44Z",
"published": "2025-06-13T15:30:31Z",
"aliases": [
"CVE-2025-46096"
],
+ "summary": "Solon Vulnerable to Directory Traversal",
"details": "Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component",
"severity": [
{
@@ -13,7 +14,27 @@
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
- "affected": [],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.noear:solon-faas-luffy"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "3.1.2"
+ },
+ {
+ "fixed": "3.2.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"type": "ADVISORY",
@@ -23,18 +44,27 @@
"type": "WEB",
"url": "https://github.com/opensolon/solon/issues/357"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/opensolon/solon/commit/49a3bf95fdcf050829843004b65a2b336ca6ddff"
+ },
{
"type": "WEB",
"url": "https://gist.github.com/yaoyao-cool/1b7d80930fea88b6fd4839646cedc437"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/opensolon/solon"
}
],
"database_specific": {
"cwe_ids": [
- "CWE-22"
+ "CWE-22",
+ "CWE-79"
],
"severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
+ "github_reviewed": true,
+ "github_reviewed_at": "2025-06-13T22:17:44Z",
"nvd_published_at": "2025-06-13T13:15:21Z"
}
}
\ No newline at end of file
From 3f9e52f49c42cfebadd0c55c2f26a6cec6178228 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 00:25:06 +0000
Subject: [PATCH 18/23] Publish Advisories
GHSA-m5vv-7jxc-8p6x
GHSA-x3c7-22c8-prg7
---
.../2024/11/GHSA-m5vv-7jxc-8p6x/GHSA-m5vv-7jxc-8p6x.json | 6 +++++-
.../2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json | 8 ++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/advisories/github-reviewed/2024/11/GHSA-m5vv-7jxc-8p6x/GHSA-m5vv-7jxc-8p6x.json b/advisories/github-reviewed/2024/11/GHSA-m5vv-7jxc-8p6x/GHSA-m5vv-7jxc-8p6x.json
index a42dfa9dda94c..5a705f9cf63a4 100644
--- a/advisories/github-reviewed/2024/11/GHSA-m5vv-7jxc-8p6x/GHSA-m5vv-7jxc-8p6x.json
+++ b/advisories/github-reviewed/2024/11/GHSA-m5vv-7jxc-8p6x/GHSA-m5vv-7jxc-8p6x.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m5vv-7jxc-8p6x",
- "modified": "2024-11-19T20:35:11Z",
+ "modified": "2025-06-14T00:23:09Z",
"published": "2024-11-19T18:31:00Z",
"aliases": [
"CVE-2024-50803"
@@ -51,6 +51,10 @@
{
"type": "WEB",
"url": "https://medium.com/@praison66/redaxo-cve-2024-50803-5d15a3cd054d"
+ },
+ {
+ "type": "WEB",
+ "url": "http://redaxo.com"
}
],
"database_specific": {
diff --git a/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json b/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
index d56142ba84661..a051d954748a2 100644
--- a/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
+++ b/advisories/github-reviewed/2025/06/GHSA-x3c7-22c8-prg7/GHSA-x3c7-22c8-prg7.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x3c7-22c8-prg7",
- "modified": "2025-06-13T21:09:00Z",
+ "modified": "2025-06-14T00:23:21Z",
"published": "2025-06-13T21:09:00Z",
"aliases": [
"CVE-2025-49597"
@@ -40,6 +40,10 @@
"type": "WEB",
"url": "https://github.com/handcraftedinthealps/goodby-csv/security/advisories/GHSA-x3c7-22c8-prg7"
},
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49597"
+ },
{
"type": "WEB",
"url": "https://github.com/handcraftedinthealps/goodby-csv/commit/acd14c6ed85116bb2cb4da35ab62821e5cf54519"
@@ -56,6 +60,6 @@
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2025-06-13T21:09:00Z",
- "nvd_published_at": null
+ "nvd_published_at": "2025-06-13T20:15:23Z"
}
}
\ No newline at end of file
From a4a0fb9624c4581d5f74f25f09477cbcf160a411 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 00:32:23 +0000
Subject: [PATCH 19/23] Publish Advisories
GHSA-fvxq-m6wq-rqqv
GHSA-hm47-446q-7w5f
GHSA-j6h7-76gh-2j3r
---
.../GHSA-fvxq-m6wq-rqqv.json | 36 +++++++++++++++++++
.../GHSA-hm47-446q-7w5f.json | 6 +++-
.../GHSA-j6h7-76gh-2j3r.json | 36 +++++++++++++++++++
3 files changed, 77 insertions(+), 1 deletion(-)
create mode 100644 advisories/unreviewed/2025/06/GHSA-fvxq-m6wq-rqqv/GHSA-fvxq-m6wq-rqqv.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-j6h7-76gh-2j3r/GHSA-j6h7-76gh-2j3r.json
diff --git a/advisories/unreviewed/2025/06/GHSA-fvxq-m6wq-rqqv/GHSA-fvxq-m6wq-rqqv.json b/advisories/unreviewed/2025/06/GHSA-fvxq-m6wq-rqqv/GHSA-fvxq-m6wq-rqqv.json
new file mode 100644
index 0000000000000..f41f31d357111
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-fvxq-m6wq-rqqv/GHSA-fvxq-m6wq-rqqv.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-fvxq-m6wq-rqqv",
+ "modified": "2025-06-14T00:30:22Z",
+ "published": "2025-06-14T00:30:22Z",
+ "aliases": [
+ "CVE-2025-24919"
+ ],
+ "details": "A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24919"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-502"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T22:15:18Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json b/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
index dea3379c6fea6..a5fbdb276cd2a 100644
--- a/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
+++ b/advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hm47-446q-7w5f",
- "modified": "2025-06-13T21:31:10Z",
+ "modified": "2025-06-14T00:30:22Z",
"published": "2025-06-13T21:31:10Z",
"aliases": [
"CVE-2025-6083"
@@ -22,6 +22,10 @@
{
"type": "WEB",
"url": "https://extreme-networks.my.site.com"
+ },
+ {
+ "type": "WEB",
+ "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000126912"
}
],
"database_specific": {
diff --git a/advisories/unreviewed/2025/06/GHSA-j6h7-76gh-2j3r/GHSA-j6h7-76gh-2j3r.json b/advisories/unreviewed/2025/06/GHSA-j6h7-76gh-2j3r/GHSA-j6h7-76gh-2j3r.json
new file mode 100644
index 0000000000000..7a2b47b63c424
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-j6h7-76gh-2j3r/GHSA-j6h7-76gh-2j3r.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-j6h7-76gh-2j3r",
+ "modified": "2025-06-14T00:30:22Z",
+ "published": "2025-06-14T00:30:22Z",
+ "aliases": [
+ "CVE-2025-25215"
+ ],
+ "details": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25215"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-763"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-13T22:15:19Z"
+ }
+}
\ No newline at end of file
From 3c716a274d56f8e1b7b4261af44b30c69bdf3448 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 03:31:43 +0000
Subject: [PATCH 20/23] Publish Advisories
GHSA-45r7-9fh5-3vpw
GHSA-49w6-3ccf-2xg2
GHSA-6385-3ppv-p735
GHSA-6jff-f5rm-jgq5
GHSA-c5fj-fp4v-3gqr
GHSA-fw32-3jxp-3gxf
GHSA-g22f-mfh2-pj65
GHSA-gp37-hv4j-g2qj
GHSA-hhh5-6rpm-wxgq
GHSA-jcph-jfm7-9jg7
GHSA-w26j-5278-xhxj
---
.../GHSA-45r7-9fh5-3vpw.json | 44 +++++++++++++++++++
.../GHSA-49w6-3ccf-2xg2.json | 25 +++++++++++
.../GHSA-6385-3ppv-p735.json | 25 +++++++++++
.../GHSA-6jff-f5rm-jgq5.json | 25 +++++++++++
.../GHSA-c5fj-fp4v-3gqr.json | 36 +++++++++++++++
.../GHSA-fw32-3jxp-3gxf.json | 25 +++++++++++
.../GHSA-g22f-mfh2-pj65.json | 25 +++++++++++
.../GHSA-gp37-hv4j-g2qj.json | 25 +++++++++++
.../GHSA-hhh5-6rpm-wxgq.json | 25 +++++++++++
.../GHSA-jcph-jfm7-9jg7.json | 25 +++++++++++
.../GHSA-w26j-5278-xhxj.json | 25 +++++++++++
11 files changed, 305 insertions(+)
create mode 100644 advisories/unreviewed/2025/06/GHSA-45r7-9fh5-3vpw/GHSA-45r7-9fh5-3vpw.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-49w6-3ccf-2xg2/GHSA-49w6-3ccf-2xg2.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-6385-3ppv-p735/GHSA-6385-3ppv-p735.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-6jff-f5rm-jgq5/GHSA-6jff-f5rm-jgq5.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-c5fj-fp4v-3gqr/GHSA-c5fj-fp4v-3gqr.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-fw32-3jxp-3gxf/GHSA-fw32-3jxp-3gxf.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-g22f-mfh2-pj65/GHSA-g22f-mfh2-pj65.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-gp37-hv4j-g2qj/GHSA-gp37-hv4j-g2qj.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-hhh5-6rpm-wxgq/GHSA-hhh5-6rpm-wxgq.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-jcph-jfm7-9jg7/GHSA-jcph-jfm7-9jg7.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-w26j-5278-xhxj/GHSA-w26j-5278-xhxj.json
diff --git a/advisories/unreviewed/2025/06/GHSA-45r7-9fh5-3vpw/GHSA-45r7-9fh5-3vpw.json b/advisories/unreviewed/2025/06/GHSA-45r7-9fh5-3vpw/GHSA-45r7-9fh5-3vpw.json
new file mode 100644
index 0000000000000..22c2bccc6b07e
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-45r7-9fh5-3vpw/GHSA-45r7-9fh5-3vpw.json
@@ -0,0 +1,44 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-45r7-9fh5-3vpw",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-6059"
+ ],
+ "details": "The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6059"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2259"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3284098"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f711c9d0-aa56-4e4c-bbcf-afa9598c3518?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-49w6-3ccf-2xg2/GHSA-49w6-3ccf-2xg2.json b/advisories/unreviewed/2025/06/GHSA-49w6-3ccf-2xg2/GHSA-49w6-3ccf-2xg2.json
new file mode 100644
index 0000000000000..36f0d0c5a7391
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-49w6-3ccf-2xg2/GHSA-49w6-3ccf-2xg2.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-49w6-3ccf-2xg2",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50149"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50149"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-6385-3ppv-p735/GHSA-6385-3ppv-p735.json b/advisories/unreviewed/2025/06/GHSA-6385-3ppv-p735/GHSA-6385-3ppv-p735.json
new file mode 100644
index 0000000000000..9bbbe56a0ac5e
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-6385-3ppv-p735/GHSA-6385-3ppv-p735.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-6385-3ppv-p735",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50146"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50146"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-6jff-f5rm-jgq5/GHSA-6jff-f5rm-jgq5.json b/advisories/unreviewed/2025/06/GHSA-6jff-f5rm-jgq5/GHSA-6jff-f5rm-jgq5.json
new file mode 100644
index 0000000000000..4064d6e379a32
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-6jff-f5rm-jgq5/GHSA-6jff-f5rm-jgq5.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-6jff-f5rm-jgq5",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50142"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50142"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-c5fj-fp4v-3gqr/GHSA-c5fj-fp4v-3gqr.json b/advisories/unreviewed/2025/06/GHSA-c5fj-fp4v-3gqr/GHSA-c5fj-fp4v-3gqr.json
new file mode 100644
index 0000000000000..609ef92a9df30
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-c5fj-fp4v-3gqr/GHSA-c5fj-fp4v-3gqr.json
@@ -0,0 +1,36 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-c5fj-fp4v-3gqr",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-33108"
+ ],
+ "details": "IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33108"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.ibm.com/support/pages/node/7236663"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-250"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T01:15:19Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-fw32-3jxp-3gxf/GHSA-fw32-3jxp-3gxf.json b/advisories/unreviewed/2025/06/GHSA-fw32-3jxp-3gxf/GHSA-fw32-3jxp-3gxf.json
new file mode 100644
index 0000000000000..5346ad54d3902
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-fw32-3jxp-3gxf/GHSA-fw32-3jxp-3gxf.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-fw32-3jxp-3gxf",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50145"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50145"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-g22f-mfh2-pj65/GHSA-g22f-mfh2-pj65.json b/advisories/unreviewed/2025/06/GHSA-g22f-mfh2-pj65/GHSA-g22f-mfh2-pj65.json
new file mode 100644
index 0000000000000..b590275127830
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-g22f-mfh2-pj65/GHSA-g22f-mfh2-pj65.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-g22f-mfh2-pj65",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50143"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50143"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-gp37-hv4j-g2qj/GHSA-gp37-hv4j-g2qj.json b/advisories/unreviewed/2025/06/GHSA-gp37-hv4j-g2qj/GHSA-gp37-hv4j-g2qj.json
new file mode 100644
index 0000000000000..d73f9ce726d80
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-gp37-hv4j-g2qj/GHSA-gp37-hv4j-g2qj.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-gp37-hv4j-g2qj",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50150"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50150"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hhh5-6rpm-wxgq/GHSA-hhh5-6rpm-wxgq.json b/advisories/unreviewed/2025/06/GHSA-hhh5-6rpm-wxgq/GHSA-hhh5-6rpm-wxgq.json
new file mode 100644
index 0000000000000..a4d362bb0cd39
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-hhh5-6rpm-wxgq/GHSA-hhh5-6rpm-wxgq.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-hhh5-6rpm-wxgq",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50144"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50144"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:21Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-jcph-jfm7-9jg7/GHSA-jcph-jfm7-9jg7.json b/advisories/unreviewed/2025/06/GHSA-jcph-jfm7-9jg7/GHSA-jcph-jfm7-9jg7.json
new file mode 100644
index 0000000000000..f94cd0efa9d9b
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-jcph-jfm7-9jg7/GHSA-jcph-jfm7-9jg7.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-jcph-jfm7-9jg7",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50148"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50148"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-w26j-5278-xhxj/GHSA-w26j-5278-xhxj.json b/advisories/unreviewed/2025/06/GHSA-w26j-5278-xhxj/GHSA-w26j-5278-xhxj.json
new file mode 100644
index 0000000000000..83545d0ad0e46
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-w26j-5278-xhxj/GHSA-w26j-5278-xhxj.json
@@ -0,0 +1,25 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-w26j-5278-xhxj",
+ "modified": "2025-06-14T03:30:28Z",
+ "published": "2025-06-14T03:30:28Z",
+ "aliases": [
+ "CVE-2025-50147"
+ ],
+ "details": "Rejected reason: Not used",
+ "severity": [],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50147"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [],
+ "severity": null,
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T03:15:22Z"
+ }
+}
\ No newline at end of file
From 598e0101ad45b646454a45c584cee9533f3f26a1 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 06:32:06 +0000
Subject: [PATCH 21/23] Publish GHSA-m4f9-j244-5hfh
---
.../GHSA-m4f9-j244-5hfh.json | 40 +++++++++++++++++++
1 file changed, 40 insertions(+)
create mode 100644 advisories/unreviewed/2025/06/GHSA-m4f9-j244-5hfh/GHSA-m4f9-j244-5hfh.json
diff --git a/advisories/unreviewed/2025/06/GHSA-m4f9-j244-5hfh/GHSA-m4f9-j244-5hfh.json b/advisories/unreviewed/2025/06/GHSA-m4f9-j244-5hfh/GHSA-m4f9-j244-5hfh.json
new file mode 100644
index 0000000000000..95f33d91abcab
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-m4f9-j244-5hfh/GHSA-m4f9-j244-5hfh.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-m4f9-j244-5hfh",
+ "modified": "2025-06-14T06:30:31Z",
+ "published": "2025-06-14T06:30:31Z",
+ "aliases": [
+ "CVE-2025-3234"
+ ],
+ "details": "The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3234"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3310066%40filester%2Ftrunk&old=3294389%40filester%2Ftrunk&sfp_email=&sfph_mail="
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00df02cd-b4d3-477a-86ee-aa2f9b5216e8?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-434"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T06:15:18Z"
+ }
+}
\ No newline at end of file
From 1b5225eb4ec1401e10c58cf758479873333bce17 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 09:34:15 +0000
Subject: [PATCH 22/23] Publish Advisories
GHSA-2pff-264c-2hqm
GHSA-7c7p-ggr4-28g8
GHSA-83pp-hvhj-8fv5
GHSA-89w2-57ff-4989
GHSA-c96c-cv9h-9f96
GHSA-f7j7-4g7x-mp48
GHSA-ffpc-23x7-9cwj
GHSA-gxqj-2gvr-3p2f
GHSA-hg2r-rg5c-cgfv
GHSA-hhc9-p5vj-px33
GHSA-hwxq-8wxw-6cx3
GHSA-jp5v-6hxw-6c5f
GHSA-mmmr-63h5-2fmw
GHSA-qfq8-jc26-7f48
GHSA-vm9c-gv5w-3h2f
---
.../GHSA-2pff-264c-2hqm.json | 44 ++++++++++++++++
.../GHSA-7c7p-ggr4-28g8.json | 48 +++++++++++++++++
.../GHSA-83pp-hvhj-8fv5.json | 52 +++++++++++++++++++
.../GHSA-89w2-57ff-4989.json | 40 ++++++++++++++
.../GHSA-c96c-cv9h-9f96.json | 40 ++++++++++++++
.../GHSA-f7j7-4g7x-mp48.json | 40 ++++++++++++++
.../GHSA-ffpc-23x7-9cwj.json | 40 ++++++++++++++
.../GHSA-gxqj-2gvr-3p2f.json | 44 ++++++++++++++++
.../GHSA-hg2r-rg5c-cgfv.json | 40 ++++++++++++++
.../GHSA-hhc9-p5vj-px33.json | 40 ++++++++++++++
.../GHSA-hwxq-8wxw-6cx3.json | 40 ++++++++++++++
.../GHSA-jp5v-6hxw-6c5f.json | 40 ++++++++++++++
.../GHSA-mmmr-63h5-2fmw.json | 40 ++++++++++++++
.../GHSA-qfq8-jc26-7f48.json | 40 ++++++++++++++
.../GHSA-vm9c-gv5w-3h2f.json | 40 ++++++++++++++
15 files changed, 628 insertions(+)
create mode 100644 advisories/unreviewed/2025/06/GHSA-2pff-264c-2hqm/GHSA-2pff-264c-2hqm.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-7c7p-ggr4-28g8/GHSA-7c7p-ggr4-28g8.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-83pp-hvhj-8fv5/GHSA-83pp-hvhj-8fv5.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-89w2-57ff-4989/GHSA-89w2-57ff-4989.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-c96c-cv9h-9f96/GHSA-c96c-cv9h-9f96.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-f7j7-4g7x-mp48/GHSA-f7j7-4g7x-mp48.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-ffpc-23x7-9cwj/GHSA-ffpc-23x7-9cwj.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-gxqj-2gvr-3p2f/GHSA-gxqj-2gvr-3p2f.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-hg2r-rg5c-cgfv/GHSA-hg2r-rg5c-cgfv.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-hhc9-p5vj-px33/GHSA-hhc9-p5vj-px33.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-hwxq-8wxw-6cx3/GHSA-hwxq-8wxw-6cx3.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-jp5v-6hxw-6c5f/GHSA-jp5v-6hxw-6c5f.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-mmmr-63h5-2fmw/GHSA-mmmr-63h5-2fmw.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-qfq8-jc26-7f48/GHSA-qfq8-jc26-7f48.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-vm9c-gv5w-3h2f/GHSA-vm9c-gv5w-3h2f.json
diff --git a/advisories/unreviewed/2025/06/GHSA-2pff-264c-2hqm/GHSA-2pff-264c-2hqm.json b/advisories/unreviewed/2025/06/GHSA-2pff-264c-2hqm/GHSA-2pff-264c-2hqm.json
new file mode 100644
index 0000000000000..87b1803c3fa33
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-2pff-264c-2hqm/GHSA-2pff-264c-2hqm.json
@@ -0,0 +1,44 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-2pff-264c-2hqm",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-5487"
+ ],
+ "details": "The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5487"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/automatorwp/tags/5.2.3/integrations/automatorwp/triggers/all-posts.php#L256"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3307465%40automatorwp%2Ftrunk&old=3302138%40automatorwp%2Ftrunk&sfp_email=&sfph_mail="
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1a84c6-e28b-42fe-a16a-aeb227cfe956?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-89"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T07:15:17Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-7c7p-ggr4-28g8/GHSA-7c7p-ggr4-28g8.json b/advisories/unreviewed/2025/06/GHSA-7c7p-ggr4-28g8/GHSA-7c7p-ggr4-28g8.json
new file mode 100644
index 0000000000000..5f3dc5f83affa
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-7c7p-ggr4-28g8/GHSA-7c7p-ggr4-28g8.json
@@ -0,0 +1,48 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-7c7p-ggr4-28g8",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-5589"
+ ],
+ "details": "The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5589"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php#L50"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3309930/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/streamweasels-kick-integration/#developers"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:23Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-83pp-hvhj-8fv5/GHSA-83pp-hvhj-8fv5.json b/advisories/unreviewed/2025/06/GHSA-83pp-hvhj-8fv5/GHSA-83pp-hvhj-8fv5.json
new file mode 100644
index 0000000000000..62af681dd8307
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-83pp-hvhj-8fv5/GHSA-83pp-hvhj-8fv5.json
@@ -0,0 +1,52 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-83pp-hvhj-8fv5",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-5336"
+ ],
+ "details": "The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-no_number’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5336"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L126"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L818"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3309693"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/click-to-chat-for-whatsapp/#developers"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:23Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-89w2-57ff-4989/GHSA-89w2-57ff-4989.json b/advisories/unreviewed/2025/06/GHSA-89w2-57ff-4989/GHSA-89w2-57ff-4989.json
new file mode 100644
index 0000000000000..ccecce85272e6
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-89w2-57ff-4989/GHSA-89w2-57ff-4989.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-89w2-57ff-4989",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-4200"
+ ],
+ "details": "The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4200"
+ },
+ {
+ "type": "WEB",
+ "url": "https://themeforest.net/item/zagg-electronics-accessories-woocommerce-wordpress-theme/54636595"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-98"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:22Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-c96c-cv9h-9f96/GHSA-c96c-cv9h-9f96.json b/advisories/unreviewed/2025/06/GHSA-c96c-cv9h-9f96/GHSA-c96c-cv9h-9f96.json
new file mode 100644
index 0000000000000..62263502bc6a5
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-c96c-cv9h-9f96/GHSA-c96c-cv9h-9f96.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-c96c-cv9h-9f96",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:03Z",
+ "aliases": [
+ "CVE-2025-6070"
+ ],
+ "details": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6070"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:25Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-f7j7-4g7x-mp48/GHSA-f7j7-4g7x-mp48.json b/advisories/unreviewed/2025/06/GHSA-f7j7-4g7x-mp48/GHSA-f7j7-4g7x-mp48.json
new file mode 100644
index 0000000000000..323365d393c45
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-f7j7-4g7x-mp48/GHSA-f7j7-4g7x-mp48.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-f7j7-4g7x-mp48",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-6055"
+ ],
+ "details": "The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6055"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/zen-social-sticky/trunk/zen-sticky-social.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:24Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-ffpc-23x7-9cwj/GHSA-ffpc-23x7-9cwj.json b/advisories/unreviewed/2025/06/GHSA-ffpc-23x7-9cwj/GHSA-ffpc-23x7-9cwj.json
new file mode 100644
index 0000000000000..dff962abd323c
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-ffpc-23x7-9cwj/GHSA-ffpc-23x7-9cwj.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-ffpc-23x7-9cwj",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:03Z",
+ "aliases": [
+ "CVE-2025-6062"
+ ],
+ "details": "The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6062"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/yougler-blogger-profile-page/trunk/yougler-plugin.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:24Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-gxqj-2gvr-3p2f/GHSA-gxqj-2gvr-3p2f.json b/advisories/unreviewed/2025/06/GHSA-gxqj-2gvr-3p2f/GHSA-gxqj-2gvr-3p2f.json
new file mode 100644
index 0000000000000..c6a806abd9728
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-gxqj-2gvr-3p2f/GHSA-gxqj-2gvr-3p2f.json
@@ -0,0 +1,44 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-gxqj-2gvr-3p2f",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:03Z",
+ "aliases": [
+ "CVE-2025-6065"
+ ],
+ "details": "The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6065"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/image-resizer-on-the-fly/trunk/image-resizer-on-the-fly.php#L25"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/image-resizer-on-the-fly"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "CRITICAL",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:25Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hg2r-rg5c-cgfv/GHSA-hg2r-rg5c-cgfv.json b/advisories/unreviewed/2025/06/GHSA-hg2r-rg5c-cgfv/GHSA-hg2r-rg5c-cgfv.json
new file mode 100644
index 0000000000000..445fce0143363
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-hg2r-rg5c-cgfv/GHSA-hg2r-rg5c-cgfv.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-hg2r-rg5c-cgfv",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-4592"
+ ],
+ "details": "The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4592"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/ai-image-generator-lab/trunk/includes/admin/admin-page.php#L3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:23Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hhc9-p5vj-px33/GHSA-hhc9-p5vj-px33.json b/advisories/unreviewed/2025/06/GHSA-hhc9-p5vj-px33/GHSA-hhc9-p5vj-px33.json
new file mode 100644
index 0000000000000..d733fcbdf2bd5
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-hhc9-p5vj-px33/GHSA-hhc9-p5vj-px33.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-hhc9-p5vj-px33",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:03Z",
+ "aliases": [
+ "CVE-2025-6064"
+ ],
+ "details": "The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'url_shortener_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6064"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/wp-url-shortener/trunk/index.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/154b3a1a-7246-42de-a555-2c655778d59e?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:24Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-hwxq-8wxw-6cx3/GHSA-hwxq-8wxw-6cx3.json b/advisories/unreviewed/2025/06/GHSA-hwxq-8wxw-6cx3/GHSA-hwxq-8wxw-6cx3.json
new file mode 100644
index 0000000000000..9a18e9d233876
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-hwxq-8wxw-6cx3/GHSA-hwxq-8wxw-6cx3.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-hwxq-8wxw-6cx3",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-6040"
+ ],
+ "details": "The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'ef_settings_submenu' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6040"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/easy-flashcards/#developers"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:23Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-jp5v-6hxw-6c5f/GHSA-jp5v-6hxw-6c5f.json b/advisories/unreviewed/2025/06/GHSA-jp5v-6hxw-6c5f/GHSA-jp5v-6hxw-6c5f.json
new file mode 100644
index 0000000000000..4725594d7807e
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-jp5v-6hxw-6c5f/GHSA-jp5v-6hxw-6c5f.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-jp5v-6hxw-6c5f",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-6061"
+ ],
+ "details": "The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6061"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/kk-youtube-video/trunk/kk-youtube-video.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd581604-e2f6-42c4-81ef-10873683526b?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:24Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-mmmr-63h5-2fmw/GHSA-mmmr-63h5-2fmw.json b/advisories/unreviewed/2025/06/GHSA-mmmr-63h5-2fmw/GHSA-mmmr-63h5-2fmw.json
new file mode 100644
index 0000000000000..ed8232e08cc13
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-mmmr-63h5-2fmw/GHSA-mmmr-63h5-2fmw.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-mmmr-63h5-2fmw",
+ "modified": "2025-06-14T09:32:03Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-6063"
+ ],
+ "details": "The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6063"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/xisearch-bar/trunk/xisearch.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-352"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:24Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-qfq8-jc26-7f48/GHSA-qfq8-jc26-7f48.json b/advisories/unreviewed/2025/06/GHSA-qfq8-jc26-7f48/GHSA-qfq8-jc26-7f48.json
new file mode 100644
index 0000000000000..51e572b878ce8
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-qfq8-jc26-7f48/GHSA-qfq8-jc26-7f48.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-qfq8-jc26-7f48",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-4216"
+ ],
+ "details": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4216"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:23Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-vm9c-gv5w-3h2f/GHSA-vm9c-gv5w-3h2f.json b/advisories/unreviewed/2025/06/GHSA-vm9c-gv5w-3h2f/GHSA-vm9c-gv5w-3h2f.json
new file mode 100644
index 0000000000000..438eb24d11b15
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-vm9c-gv5w-3h2f/GHSA-vm9c-gv5w-3h2f.json
@@ -0,0 +1,40 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-vm9c-gv5w-3h2f",
+ "modified": "2025-06-14T09:32:02Z",
+ "published": "2025-06-14T09:32:02Z",
+ "aliases": [
+ "CVE-2025-4187"
+ ],
+ "details": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4187"
+ },
+ {
+ "type": "WEB",
+ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T09:15:22Z"
+ }
+}
\ No newline at end of file
From de5b295d42c4098b41fed867c92410f1a0159078 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 14 Jun 2025 12:32:47 +0000
Subject: [PATCH 23/23] Publish Advisories
GHSA-726g-7g37-3pjg
GHSA-phwc-hg84-m6jx
GHSA-vhxw-84g6-ch4r
---
.../GHSA-726g-7g37-3pjg.json | 56 +++++++++++++++++++
.../GHSA-phwc-hg84-m6jx.json | 52 +++++++++++++++++
.../GHSA-vhxw-84g6-ch4r.json | 48 ++++++++++++++++
3 files changed, 156 insertions(+)
create mode 100644 advisories/unreviewed/2025/06/GHSA-726g-7g37-3pjg/GHSA-726g-7g37-3pjg.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-phwc-hg84-m6jx/GHSA-phwc-hg84-m6jx.json
create mode 100644 advisories/unreviewed/2025/06/GHSA-vhxw-84g6-ch4r/GHSA-vhxw-84g6-ch4r.json
diff --git a/advisories/unreviewed/2025/06/GHSA-726g-7g37-3pjg/GHSA-726g-7g37-3pjg.json b/advisories/unreviewed/2025/06/GHSA-726g-7g37-3pjg/GHSA-726g-7g37-3pjg.json
new file mode 100644
index 0000000000000..06ee78a8ec499
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-726g-7g37-3pjg/GHSA-726g-7g37-3pjg.json
@@ -0,0 +1,56 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-726g-7g37-3pjg",
+ "modified": "2025-06-14T12:31:35Z",
+ "published": "2025-06-14T12:31:35Z",
+ "aliases": [
+ "CVE-2025-4667"
+ ],
+ "details": "The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all versions up to, and including, 1.6.8.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4667"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L718"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L754"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L784"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3306064/simply-schedule-appointments/tags/1.6.8.32/includes/class-shortcodes.php"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/simply-schedule-appointments/#developers"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T10:15:18Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-phwc-hg84-m6jx/GHSA-phwc-hg84-m6jx.json b/advisories/unreviewed/2025/06/GHSA-phwc-hg84-m6jx/GHSA-phwc-hg84-m6jx.json
new file mode 100644
index 0000000000000..9fa385543a2d3
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-phwc-hg84-m6jx/GHSA-phwc-hg84-m6jx.json
@@ -0,0 +1,52 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-phwc-hg84-m6jx",
+ "modified": "2025-06-14T12:31:35Z",
+ "published": "2025-06-14T12:31:35Z",
+ "aliases": [
+ "CVE-2025-5238"
+ ],
+ "details": "The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5238"
+ },
+ {
+ "type": "WEB",
+ "url": "https://docs.yithemes.com/yith-woocommerce-wishlist/changelog/changelog-free-version"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.svn.wordpress.org/yith-woocommerce-wishlist/tags/4.5.0/assets/js/unminified/jquery.yith-wcwl.js"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3310555"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/yith-woocommerce-wishlist/#description"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d4b0434-61ca-47b1-9119-7208283f916f?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T10:15:19Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/06/GHSA-vhxw-84g6-ch4r/GHSA-vhxw-84g6-ch4r.json b/advisories/unreviewed/2025/06/GHSA-vhxw-84g6-ch4r/GHSA-vhxw-84g6-ch4r.json
new file mode 100644
index 0000000000000..4b9e825f8c295
--- /dev/null
+++ b/advisories/unreviewed/2025/06/GHSA-vhxw-84g6-ch4r/GHSA-vhxw-84g6-ch4r.json
@@ -0,0 +1,48 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-vhxw-84g6-ch4r",
+ "modified": "2025-06-14T12:31:35Z",
+ "published": "2025-06-14T12:31:35Z",
+ "aliases": [
+ "CVE-2025-5337"
+ ],
+ "details": "The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "affected": [],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5337"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/browser/ml-slider/tags/3.98.0/assets/metaslider/script.js#L11"
+ },
+ {
+ "type": "WEB",
+ "url": "https://plugins.trac.wordpress.org/changeset/3309932/ml-slider/tags/3.99.0/assets/metaslider/script.js"
+ },
+ {
+ "type": "WEB",
+ "url": "https://wordpress.org/plugins/ml-slider/#developers"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e6492e5-a506-4d77-96d2-08f700b6ee76?source=cve"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": false,
+ "github_reviewed_at": null,
+ "nvd_published_at": "2025-06-14T10:15:20Z"
+ }
+}
\ No newline at end of file