Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-26660 (GCVE-0-2025-26660)
Vulnerability from cvelistv5
Published
2025-03-11 00:36
Modified
2025-03-11 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Fiori apps (Posting Library) |
Version: S4CORE 103 Version: 104 Version: 105 Version: 106 Version: 107 Version: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:13:51.312177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:13:59.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Fiori apps (Posting Library)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.\u003c/p\u003e"
}
],
"value": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T00:36:54.383Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3557655"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in SAP Fiori apps (Posting Library)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-26660",
"datePublished": "2025-03-11T00:36:54.383Z",
"dateReserved": "2025-02-12T21:05:31.735Z",
"dateUpdated": "2025-03-11T14:13:59.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-26660\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2025-03-11T01:15:35.837\",\"lastModified\":\"2025-03-11T01:15:35.837\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.\"},{\"lang\":\"es\",\"value\":\"Las aplicaciones SAP Fiori que utilizan la librer\u00eda de publicaci\u00f3n no configuran correctamente los par\u00e1metros de seguridad durante el proceso de configuraci\u00f3n, por lo que los dejan en los valores predeterminados o definidos de forma inadecuada. Esta vulnerabilidad permite que un atacante con pocos privilegios eluda los controles de acceso dentro de la aplicaci\u00f3n, lo que le permite modificar potencialmente los datos. La confidencialidad y la disponibilidad no se ven afectadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3557655\",\"source\":\"cna@sap.com\"},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26660\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T14:13:51.312177Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T14:13:56.011Z\"}}], \"cna\": {\"title\": \"Broken Access Control in SAP Fiori apps (Posting Library)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP Fiori apps (Posting Library)\", \"versions\": [{\"status\": \"affected\", \"version\": \"S4CORE 103\"}, {\"status\": \"affected\", \"version\": \"104\"}, {\"status\": \"affected\", \"version\": \"105\"}, {\"status\": \"affected\", \"version\": \"106\"}, {\"status\": \"affected\", \"version\": \"107\"}, {\"status\": \"affected\", \"version\": \"108\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3557655\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639: Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2025-03-11T00:36:54.383Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-26660\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T14:13:59.512Z\", \"dateReserved\": \"2025-02-12T21:05:31.735Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2025-03-11T00:36:54.383Z\", \"assignerShortName\": \"sap\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ghsa-6xr2-ww2p-m9pg
Vulnerability from github
Published
2025-03-11 03:30
Modified
2025-03-11 03:30
Severity ?
VLAI Severity ?
Details
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.
{
"affected": [],
"aliases": [
"CVE-2025-26660"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T01:15:35Z",
"severity": "MODERATE"
},
"details": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.",
"id": "GHSA-6xr2-ww2p-m9pg",
"modified": "2025-03-11T03:30:50Z",
"published": "2025-03-11T03:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26660"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3557655"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
ncsc-2025-0076
Vulnerability from csaf_ncscnl
Published
2025-03-11 12:20
Modified
2025-03-11 12:20
Summary
Kwetsbaarheden verholpen in SAP software
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft meerdere kwetsbaarheden verholpen in zijn softwarecomponenten, waaronder SAP Commerce, SAP NetWeaver, en SAP BusinessObjects.
Interpretaties
De kwetsbaarheden omvatten onder andere Cross-Site Scripting (XSS) en ontbrekende autorisatiecontroles, die aanvallers in staat stellen om ongeautoriseerde toegang te verkrijgen, gegevens te manipuleren en gevoelige informatie te onthullen. Deze kwetsbaarheden kunnen leiden tot ernstige gevolgen voor de integriteit en vertrouwelijkheid van de gegevens binnen de getroffen systemen. Specifieke kwetsbaarheden zijn onder andere het ontbreken van essentiële autorisatiecontroles in SAP NetWeaver en de mogelijkheid voor aanvallers om sessies te stelen via de SAP Approuter Node.js package.
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen, waaronder 21 beveiligingspatches voor de SAP Approuter en andere kritieke kwetsbaarheden. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-302
Authentication Bypass by Assumed-Immutable Data
CWE-1287
Improper Validation of Specified Type of Input
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-532
Insertion of Sensitive Information into Log File
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-306
Missing Authentication for Critical Function
CWE-862
Missing Authorization
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-918
Server-Side Request Forgery (SSRF)
CWE-384
Session Fixation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft meerdere kwetsbaarheden verholpen in zijn softwarecomponenten, waaronder SAP Commerce, SAP NetWeaver, en SAP BusinessObjects.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere Cross-Site Scripting (XSS) en ontbrekende autorisatiecontroles, die aanvallers in staat stellen om ongeautoriseerde toegang te verkrijgen, gegevens te manipuleren en gevoelige informatie te onthullen. Deze kwetsbaarheden kunnen leiden tot ernstige gevolgen voor de integriteit en vertrouwelijkheid van de gegevens binnen de getroffen systemen. Specifieke kwetsbaarheden zijn onder andere het ontbreken van essenti\u00eble autorisatiecontroles in SAP NetWeaver en de mogelijkheid voor aanvallers om sessies te stelen via de SAP Approuter Node.js package.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen, waaronder 21 beveiligingspatches voor de SAP Approuter en andere kritieke kwetsbaarheden. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Authentication Bypass by Assumed-Immutable Data",
"title": "CWE-302"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - sap",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP software",
"tracking": {
"current_release_date": "2025-03-11T12:20:06.258896Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0076",
"initial_release_date": "2025-03-11T12:20:06.258896Z",
"revision_history": [
{
"date": "2025-03-11T12:20:06.258896Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1298148",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "product_name",
"name": "SAP Software"
}
],
"category": "vendor",
"name": "SAP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/com_cloud2211",
"product": {
"name": "vers:unknown/com_cloud2211",
"product_id": "CSAFPID-2455751"
}
}
],
"category": "product_name",
"name": "SAP Commerce (Swagger UI)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis700",
"product": {
"name": "vers:unknown/sap_basis700",
"product_id": "CSAFPID-2455822"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis701",
"product": {
"name": "vers:unknown/sap_basis701",
"product_id": "CSAFPID-2455823"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis702",
"product": {
"name": "vers:unknown/sap_basis702",
"product_id": "CSAFPID-2455824"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis731",
"product": {
"name": "vers:unknown/sap_basis731",
"product_id": "CSAFPID-2455825"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis740",
"product": {
"name": "vers:unknown/sap_basis740",
"product_id": "CSAFPID-2455826"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis750",
"product": {
"name": "vers:unknown/sap_basis750",
"product_id": "CSAFPID-2455827"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis751",
"product": {
"name": "vers:unknown/sap_basis751",
"product_id": "CSAFPID-2455828"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis752",
"product": {
"name": "vers:unknown/sap_basis752",
"product_id": "CSAFPID-2455829"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis753",
"product": {
"name": "vers:unknown/sap_basis753",
"product_id": "CSAFPID-2455830"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis754",
"product": {
"name": "vers:unknown/sap_basis754",
"product_id": "CSAFPID-2455831"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis755",
"product": {
"name": "vers:unknown/sap_basis755",
"product_id": "CSAFPID-2455832"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis756",
"product": {
"name": "vers:unknown/sap_basis756",
"product_id": "CSAFPID-2455833"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis757",
"product": {
"name": "vers:unknown/sap_basis757",
"product_id": "CSAFPID-2455834"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis758",
"product": {
"name": "vers:unknown/sap_basis758",
"product_id": "CSAFPID-2455835"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis914",
"product": {
"name": "vers:unknown/sap_basis914",
"product_id": "CSAFPID-2455836"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver (ABAP Class Builder)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2.6.1to16.7.1",
"product": {
"name": "vers:unknown/2.6.1to16.7.1",
"product_id": "CSAFPID-1987654"
}
}
],
"category": "product_name",
"name": "SAP Approuter Node.js package"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/b1_on_hana10.0",
"product": {
"name": "vers:unknown/b1_on_hana10.0",
"product_id": "CSAFPID-2455809"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap-m-bo10.0",
"product": {
"name": "vers:unknown/sap-m-bo10.0",
"product_id": "CSAFPID-2455810"
}
}
],
"category": "product_name",
"name": "SAP Business One (Service Layer)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/dw4core100",
"product": {
"name": "vers:unknown/dw4core100",
"product_id": "CSAFPID-2455779"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_bw730",
"product": {
"name": "vers:unknown/sap_bw730",
"product_id": "CSAFPID-2455784"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/200",
"product": {
"name": "vers:unknown/200",
"product_id": "CSAFPID-2455780"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/300",
"product": {
"name": "vers:unknown/300",
"product_id": "CSAFPID-2455781"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/400",
"product": {
"name": "vers:unknown/400",
"product_id": "CSAFPID-2455782"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/731",
"product": {
"name": "vers:unknown/731",
"product_id": "CSAFPID-2455785"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/740",
"product": {
"name": "vers:unknown/740",
"product_id": "CSAFPID-2455786"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/750",
"product": {
"name": "vers:unknown/750",
"product_id": "CSAFPID-2455787"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/751",
"product": {
"name": "vers:unknown/751",
"product_id": "CSAFPID-2455788"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/752",
"product": {
"name": "vers:unknown/752",
"product_id": "CSAFPID-2455789"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/753",
"product": {
"name": "vers:unknown/753",
"product_id": "CSAFPID-2455790"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/754",
"product": {
"name": "vers:unknown/754",
"product_id": "CSAFPID-2455791"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/755",
"product": {
"name": "vers:unknown/755",
"product_id": "CSAFPID-2455792"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/756",
"product": {
"name": "vers:unknown/756",
"product_id": "CSAFPID-2455793"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/757",
"product": {
"name": "vers:unknown/757",
"product_id": "CSAFPID-2455794"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/758",
"product": {
"name": "vers:unknown/758",
"product_id": "CSAFPID-2455795"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/914",
"product": {
"name": "vers:unknown/914",
"product_id": "CSAFPID-2455783"
}
}
],
"category": "product_name",
"name": "SAP Business Warehouse (Process Chains)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/7.54",
"product": {
"name": "vers:unknown/7.54",
"product_id": "CSAFPID-2455756"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.77",
"product": {
"name": "vers:unknown/7.77",
"product_id": "CSAFPID-2455757"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.89",
"product": {
"name": "vers:unknown/7.89",
"product_id": "CSAFPID-2455758"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.93",
"product": {
"name": "vers:unknown/7.93",
"product_id": "CSAFPID-2455759"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/9.14",
"product": {
"name": "vers:unknown/9.14",
"product_id": "CSAFPID-2455761"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/kernel7.53",
"product": {
"name": "vers:unknown/kernel7.53",
"product_id": "CSAFPID-2455760"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/krnl64uc7.53",
"product": {
"name": "vers:unknown/krnl64uc7.53",
"product_id": "CSAFPID-2455754"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/webdisp7.53",
"product": {
"name": "vers:unknown/webdisp7.53",
"product_id": "CSAFPID-2455755"
}
}
],
"category": "product_name",
"name": "SAP Web Dispatcher and Internet Communication Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2025",
"product": {
"name": "vers:unknown/2025",
"product_id": "CSAFPID-2455797"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/enterprise430",
"product": {
"name": "vers:unknown/enterprise430",
"product_id": "CSAFPID-2455796"
}
}
],
"category": "product_name",
"name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455763"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core107",
"product": {
"name": "vers:unknown/s4core107",
"product_id": "CSAFPID-2455762"
}
}
],
"category": "product_name",
"name": "SAP S/4HANA (Manage Bank Statements)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/103",
"product": {
"name": "vers:unknown/103",
"product_id": "CSAFPID-2455770"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2455771"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2455772"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455773"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455774"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455775"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/ea-finserv618",
"product": {
"name": "vers:unknown/ea-finserv618",
"product_id": "CSAFPID-2455776"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/ea-finserv800",
"product": {
"name": "vers:unknown/ea-finserv800",
"product_id": "CSAFPID-2455777"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core102",
"product": {
"name": "vers:unknown/s4core102",
"product_id": "CSAFPID-2455769"
}
}
],
"category": "product_name",
"name": "SAP S/4HANA (RBD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2455817"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2455818"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455819"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455820"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455821"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core103",
"product": {
"name": "vers:unknown/s4core103",
"product_id": "CSAFPID-2455816"
}
}
],
"category": "product_name",
"name": "SAP Fiori apps (Posting Library)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455806"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455807"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455808"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core105",
"product": {
"name": "vers:unknown/s4core105",
"product_id": "CSAFPID-2455805"
}
}
],
"category": "product_name",
"name": "S/4HANA (Manage Purchasing Info Records)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2025",
"product": {
"name": "vers:unknown/2025",
"product_id": "CSAFPID-2455765"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2027",
"product": {
"name": "vers:unknown/2027",
"product_id": "CSAFPID-2455766"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/enterprise430",
"product": {
"name": "vers:unknown/enterprise430",
"product_id": "CSAFPID-2455764"
}
}
],
"category": "product_name",
"name": "SAP Business Objects Business Intelligence Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2025",
"product": {
"name": "vers:unknown/2025",
"product_id": "CSAFPID-1425566"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/enterprise430",
"product": {
"name": "vers:unknown/enterprise430",
"product_id": "CSAFPID-1425565"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/enterpriseclienttools430",
"product": {
"name": "vers:unknown/enterpriseclienttools430",
"product_id": "CSAFPID-2455753"
}
}
],
"category": "product_name",
"name": "SAP BusinessObjects Business Intelligence Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/103",
"product": {
"name": "vers:unknown/103",
"product_id": "CSAFPID-2455843"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2455844"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2455845"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455846"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455847"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455848"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/200",
"product": {
"name": "vers:unknown/200",
"product_id": "CSAFPID-2455838"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/204",
"product": {
"name": "vers:unknown/204",
"product_id": "CSAFPID-2455839"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/205",
"product": {
"name": "vers:unknown/205",
"product_id": "CSAFPID-2455840"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/206",
"product": {
"name": "vers:unknown/206",
"product_id": "CSAFPID-2455841"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/702",
"product": {
"name": "vers:unknown/702",
"product_id": "CSAFPID-2455851"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/712",
"product": {
"name": "vers:unknown/712",
"product_id": "CSAFPID-2455852"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/713",
"product": {
"name": "vers:unknown/713",
"product_id": "CSAFPID-2455853"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/714",
"product": {
"name": "vers:unknown/714",
"product_id": "CSAFPID-2455854"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/731",
"product": {
"name": "vers:unknown/731",
"product_id": "CSAFPID-2455856"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/746",
"product": {
"name": "vers:unknown/746",
"product_id": "CSAFPID-2455857"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/747",
"product": {
"name": "vers:unknown/747",
"product_id": "CSAFPID-2455858"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/748",
"product": {
"name": "vers:unknown/748",
"product_id": "CSAFPID-2455859"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/800",
"product": {
"name": "vers:unknown/800",
"product_id": "CSAFPID-2455860"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/801",
"product": {
"name": "vers:unknown/801",
"product_id": "CSAFPID-2455861"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/bbpcrm701",
"product": {
"name": "vers:unknown/bbpcrm701",
"product_id": "CSAFPID-2455850"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4cext107",
"product": {
"name": "vers:unknown/s4cext107",
"product_id": "CSAFPID-2455849"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4crm100",
"product": {
"name": "vers:unknown/s4crm100",
"product_id": "CSAFPID-2455837"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4fnd102",
"product": {
"name": "vers:unknown/s4fnd102",
"product_id": "CSAFPID-2455842"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/webcuif701",
"product": {
"name": "vers:unknown/webcuif701",
"product_id": "CSAFPID-2455855"
}
}
],
"category": "product_name",
"name": "SAP CRM and SAP S/4HANA (Interaction Center)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/103",
"product": {
"name": "vers:unknown/103",
"product_id": "CSAFPID-2455865"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2455866"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2455867"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455868"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455869"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2455870"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/618",
"product": {
"name": "vers:unknown/618",
"product_id": "CSAFPID-2455863"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core102",
"product": {
"name": "vers:unknown/s4core102",
"product_id": "CSAFPID-2455864"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_appl617",
"product": {
"name": "vers:unknown/sap_appl617",
"product_id": "CSAFPID-2455862"
}
}
],
"category": "product_name",
"name": "SAP Electronic Invoicing for Brazil (eDocument Cockpit)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/103",
"product": {
"name": "vers:unknown/103",
"product_id": "CSAFPID-2455799"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2455800"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2455801"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2455802"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2455803"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/ecc-dimp618",
"product": {
"name": "vers:unknown/ecc-dimp618",
"product_id": "CSAFPID-2455804"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core102",
"product": {
"name": "vers:unknown/s4core102",
"product_id": "CSAFPID-2455798"
}
}
],
"category": "product_name",
"name": "SAP Just In Time"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis740",
"product": {
"name": "vers:unknown/sap_basis740",
"product_id": "CSAFPID-1761541"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis750",
"product": {
"name": "vers:unknown/sap_basis750",
"product_id": "CSAFPID-1761542"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis751",
"product": {
"name": "vers:unknown/sap_basis751",
"product_id": "CSAFPID-1761543"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis752",
"product": {
"name": "vers:unknown/sap_basis752",
"product_id": "CSAFPID-1761544"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server ABAP"
}
],
"category": "vendor",
"name": "SAP_SE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27434",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27434",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27434.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-27434"
},
{
"cve": "CVE-2025-26661",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26661",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26661.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26661"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2025-24876",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "other",
"text": "Authentication Bypass by Assumed-Immutable Data",
"title": "CWE-302"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24876",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-24876"
},
{
"cve": "CVE-2024-39592",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39592.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2024-39592"
},
{
"cve": "CVE-2025-26658",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "other",
"text": "Session Fixation",
"title": "CWE-384"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26658",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26658.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26658"
},
{
"cve": "CVE-2025-26659",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26659",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26659.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26659"
},
{
"cve": "CVE-2025-25242",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25242",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-25242"
},
{
"cve": "CVE-2025-25244",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25244",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25244.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-25244"
},
{
"cve": "CVE-2025-27431",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27431",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27431.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-27431"
},
{
"cve": "CVE-2025-25245",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25245",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25245.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-25245"
},
{
"cve": "CVE-2025-23194",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23194",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-23194"
},
{
"cve": "CVE-2025-0071",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0071",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0071.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-0071"
},
{
"cve": "CVE-2025-0062",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-0062"
},
{
"cve": "CVE-2025-27433",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27433",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27433.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-27433"
},
{
"cve": "CVE-2025-23188",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23188",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23188.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-23188"
},
{
"cve": "CVE-2025-26660",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26660",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26660"
},
{
"cve": "CVE-2025-26656",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26656",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26656.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26656"
},
{
"cve": "CVE-2024-41736",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41736",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41736.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2024-41736"
},
{
"cve": "CVE-2025-23185",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23185",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23185.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-23185"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2025-27430",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27430",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27430.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-27430"
},
{
"cve": "CVE-2025-26655",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26655",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26655.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-26655"
},
{
"cve": "CVE-2025-27432",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27432",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27432.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1298148",
"CSAFPID-2455751",
"CSAFPID-2455822",
"CSAFPID-2455823",
"CSAFPID-2455824",
"CSAFPID-2455825",
"CSAFPID-2455826",
"CSAFPID-2455827",
"CSAFPID-2455828",
"CSAFPID-2455829",
"CSAFPID-2455830",
"CSAFPID-2455831",
"CSAFPID-2455832",
"CSAFPID-2455833",
"CSAFPID-2455834",
"CSAFPID-2455835",
"CSAFPID-2455836",
"CSAFPID-1987654",
"CSAFPID-2455809",
"CSAFPID-2455810",
"CSAFPID-2455779",
"CSAFPID-2455756",
"CSAFPID-2455757",
"CSAFPID-2455758",
"CSAFPID-2455759",
"CSAFPID-2455761",
"CSAFPID-2455760",
"CSAFPID-2455754",
"CSAFPID-2455755",
"CSAFPID-2455797",
"CSAFPID-2455796",
"CSAFPID-2455763",
"CSAFPID-2455762",
"CSAFPID-2455770",
"CSAFPID-2455771",
"CSAFPID-2455772",
"CSAFPID-2455773",
"CSAFPID-2455774",
"CSAFPID-2455775",
"CSAFPID-2455776",
"CSAFPID-2455777",
"CSAFPID-2455769",
"CSAFPID-2455817",
"CSAFPID-2455818",
"CSAFPID-2455819",
"CSAFPID-2455820",
"CSAFPID-2455821",
"CSAFPID-2455816",
"CSAFPID-2455806",
"CSAFPID-2455807",
"CSAFPID-2455808",
"CSAFPID-2455805",
"CSAFPID-2455765",
"CSAFPID-2455766",
"CSAFPID-2455764",
"CSAFPID-1425566",
"CSAFPID-1425565",
"CSAFPID-2455753",
"CSAFPID-2455784",
"CSAFPID-2455780",
"CSAFPID-2455781",
"CSAFPID-2455782",
"CSAFPID-2455785",
"CSAFPID-2455786",
"CSAFPID-2455787",
"CSAFPID-2455788",
"CSAFPID-2455789",
"CSAFPID-2455790",
"CSAFPID-2455791",
"CSAFPID-2455792",
"CSAFPID-2455793",
"CSAFPID-2455794",
"CSAFPID-2455795",
"CSAFPID-2455783",
"CSAFPID-2455843",
"CSAFPID-2455844",
"CSAFPID-2455845",
"CSAFPID-2455846",
"CSAFPID-2455847",
"CSAFPID-2455848",
"CSAFPID-2455838",
"CSAFPID-2455839",
"CSAFPID-2455840",
"CSAFPID-2455841",
"CSAFPID-2455851",
"CSAFPID-2455852",
"CSAFPID-2455853",
"CSAFPID-2455854",
"CSAFPID-2455856",
"CSAFPID-2455857",
"CSAFPID-2455858",
"CSAFPID-2455859",
"CSAFPID-2455860",
"CSAFPID-2455861",
"CSAFPID-2455850",
"CSAFPID-2455849",
"CSAFPID-2455837",
"CSAFPID-2455842",
"CSAFPID-2455855",
"CSAFPID-2455865",
"CSAFPID-2455866",
"CSAFPID-2455867",
"CSAFPID-2455868",
"CSAFPID-2455869",
"CSAFPID-2455870",
"CSAFPID-2455863",
"CSAFPID-2455864",
"CSAFPID-2455862",
"CSAFPID-2455799",
"CSAFPID-2455800",
"CSAFPID-2455801",
"CSAFPID-2455802",
"CSAFPID-2455803",
"CSAFPID-2455804",
"CSAFPID-2455798",
"CSAFPID-1761541",
"CSAFPID-1761542",
"CSAFPID-1761543",
"CSAFPID-1761544"
]
}
],
"title": "CVE-2025-27432"
}
]
}
fkie_cve-2025-26660
Vulnerability from fkie_nvd
Published
2025-03-11 01:15
Modified
2025-03-11 01:15
Severity ?
Summary
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."
},
{
"lang": "es",
"value": "Las aplicaciones SAP Fiori que utilizan la librer\u00eda de publicaci\u00f3n no configuran correctamente los par\u00e1metros de seguridad durante el proceso de configuraci\u00f3n, por lo que los dejan en los valores predeterminados o definidos de forma inadecuada. Esta vulnerabilidad permite que un atacante con pocos privilegios eluda los controles de acceso dentro de la aplicaci\u00f3n, lo que le permite modificar potencialmente los datos. La confidencialidad y la disponibilidad no se ven afectadas."
}
],
"id": "CVE-2025-26660",
"lastModified": "2025-03-11T01:15:35.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T01:15:35.837",
"references": [
{
"source": "cna@sap.com",
"url": "https://me.sap.com/notes/3557655"
},
{
"source": "cna@sap.com",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
wid-sec-w-2025-0521
Vulnerability from csaf_certbund
Published
2025-03-10 23:00
Modified
2025-03-10 23:00
Summary
SAP Patchday März 2025: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann diese Schwachstellen ausnutzen, um erhöhte Privilegien zu erlangen, beliebigen Code auszuführen, Cross-Site-Scripting-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Privilegien zu erlangen, beliebigen Code auszuf\u00fchren, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0521 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0521.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0521 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0521"
},
{
"category": "external",
"summary": "SAP Security Patch Day - March 2025 vom 2025-03-10",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday M\u00e4rz 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-10T23:00:00.000+00:00",
"generator": {
"date": "2025-03-11T11:40:17.201+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0521",
"initial_release_date": "2025-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T041721",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38286",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-39592",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-39592"
},
{
"cve": "CVE-2024-41736",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-41736"
},
{
"cve": "CVE-2024-52316",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2025-0062",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-0062"
},
{
"cve": "CVE-2025-0071",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-0071"
},
{
"cve": "CVE-2025-23185",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23185"
},
{
"cve": "CVE-2025-23188",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23188"
},
{
"cve": "CVE-2025-23194",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23194"
},
{
"cve": "CVE-2025-24876",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-24876"
},
{
"cve": "CVE-2025-25242",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25242"
},
{
"cve": "CVE-2025-25244",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25244"
},
{
"cve": "CVE-2025-25245",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25245"
},
{
"cve": "CVE-2025-26655",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26655"
},
{
"cve": "CVE-2025-26656",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26656"
},
{
"cve": "CVE-2025-26658",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26658"
},
{
"cve": "CVE-2025-26659",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26659"
},
{
"cve": "CVE-2025-26660",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26660"
},
{
"cve": "CVE-2025-26661",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26661"
},
{
"cve": "CVE-2025-27430",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27430"
},
{
"cve": "CVE-2025-27431",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27431"
},
{
"cve": "CVE-2025-27432",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27432"
},
{
"cve": "CVE-2025-27433",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27433"
},
{
"cve": "CVE-2025-27434",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27434"
},
{
"cve": "CVE-2025-27436",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27436"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…