Skip to content

Commit

Permalink
6 changes (2 new | 4 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2023-38693, CVE-2025-27411
      - 4 updated CVEs: CVE-2023-25223, CVE-2025-25609, CVE-2025-25610, CVE-2025-25635
  • Loading branch information
cvelistV5 Github Action committed Mar 5, 2025
1 parent b2f4040 commit a131c8f
Show file tree
Hide file tree
Showing 6 changed files with 447 additions and 10 deletions.
68 changes: 64 additions & 4 deletions cves/2023/25xxx/CVE-2023-25223.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@
"cveId": "CVE-2023-25223",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-08-02T11:18:36.241Z",
"dateReserved": "2023-02-06T00:00:00",
"datePublished": "2023-03-07T00:00:00"
"dateUpdated": "2025-03-05T15:38:06.874Z",
"dateReserved": "2023-02-06T00:00:00.000Z",
"datePublished": "2023-03-07T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2023-03-07T00:00:00"
"dateUpdated": "2023-03-07T00:00:00.000Z"
},
"descriptions": [
{
Expand Down Expand Up @@ -68,6 +68,66 @@
]
}
]
},
{
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-89",
"lang": "en",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.2,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
}
},
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-03-05T15:36:33.650223Z",
"id": "CVE-2023-25223",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-03-05T15:38:06.874Z"
}
}
]
}
Expand Down
100 changes: 100 additions & 0 deletions cves/2023/38xxx/CVE-2023-38693.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2023-38693",
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"state": "PUBLISHED",
"assignerShortName": "GitHub_M",
"dateReserved": "2023-07-24T16:19:28.364Z",
"datePublished": "2025-03-05T15:37:55.847Z",
"dateUpdated": "2025-03-05T15:37:55.847Z"
},
"containers": {
"cna": {
"title": "RCE in Lucee REST endpoint",
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"lang": "en",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"references": [
{
"name": "https://github.com/lucee/Lucee/security/advisories/GHSA-vwjx-mmwm-pwrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lucee/Lucee/security/advisories/GHSA-vwjx-mmwm-pwrf"
}
],
"affected": [
{
"vendor": "lucee",
"product": "Lucee",
"versions": [
{
"version": ">= 5.4.0.0, < 5.4.3.2",
"status": "affected"
},
{
"version": ">= 5.3.12.0, < 5.3.12.1",
"status": "affected"
},
{
"version": "< 5.3.7.59",
"status": "affected"
},
{
"version": ">= 5.3.8.0, < 5.3.8.236",
"status": "affected"
},
{
"version": ">= 5.3.9.0, < 5.3.9.173",
"status": "affected"
}
]
}
],
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
"dateUpdated": "2025-03-05T15:37:55.847Z"
},
"descriptions": [
{
"lang": "en",
"value": "Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173."
}
],
"source": {
"advisory": "GHSA-vwjx-mmwm-pwrf",
"discovery": "UNKNOWN"
}
}
}
}
66 changes: 64 additions & 2 deletions cves/2025/25xxx/CVE-2025-25609.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"cveId": "CVE-2025-25609",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-28T18:53:32.725Z",
"dateUpdated": "2025-03-05T15:44:47.116Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"datePublished": "2025-02-28T00:00:00.000Z"
},
Expand Down Expand Up @@ -50,7 +50,69 @@
]
}
]
}
},
"adp": [
{
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-120",
"lang": "en",
"description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8,
"attackVector": "ADJACENT_NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
},
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-03-05T15:44:10.971740Z",
"id": "CVE-2025-25609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-03-05T15:44:47.116Z"
}
}
]
},
"dataVersion": "5.1"
}
66 changes: 64 additions & 2 deletions cves/2025/25xxx/CVE-2025-25610.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"cveId": "CVE-2025-25610",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-28T18:56:11.881Z",
"dateUpdated": "2025-03-05T15:43:58.613Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"datePublished": "2025-02-28T00:00:00.000Z"
},
Expand Down Expand Up @@ -50,7 +50,69 @@
]
}
]
}
},
"adp": [
{
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-120",
"lang": "en",
"description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8,
"attackVector": "ADJACENT_NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
},
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-03-05T15:42:20.991866Z",
"id": "CVE-2025-25610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-03-05T15:43:58.613Z"
}
}
]
},
"dataVersion": "5.1"
}
Loading

0 comments on commit a131c8f

Please sign in to comment.