Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31331 (GCVE-0-2025-31331)
Vulnerability from cvelistv5
Published
2025-04-08 07:15
Modified
2025-04-08 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP_SE | SAP NetWeaver |
Version: SAP_ABA 700 Version: 701 Version: 702 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 75C Version: 75D Version: 75E Version: 75F Version: 75G Version: 75H Version: 75I |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-31331", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-08T13:15:47.307694Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-08T13:15:55.752Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP NetWeaver", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "SAP_ABA 700" }, { "status": "affected", "version": "701" }, { "status": "affected", "version": "702" }, { "status": "affected", "version": "731" }, { "status": "affected", "version": "740" }, { "status": "affected", "version": "750" }, { "status": "affected", "version": "751" }, { "status": "affected", "version": "752" }, { "status": "affected", "version": "75C" }, { "status": "affected", "version": "75D" }, { "status": "affected", "version": "75E" }, { "status": "affected", "version": "75F" }, { "status": "affected", "version": "75G" }, { "status": "affected", "version": "75H" }, { "status": "affected", "version": "75I" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eSAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.\u003c/p\u003e" } ], "value": "SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "eng", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-08T07:15:23.750Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://me.sap.com/notes/3577131" }, { "url": "https://url.sap/sapsecuritypatchday" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authorization Bypass vulnerability in SAP NetWeaver", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2025-31331", "datePublished": "2025-04-08T07:15:23.750Z", "dateReserved": "2025-03-27T23:02:06.907Z", "dateUpdated": "2025-04-08T13:15:55.752Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-31331\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2025-04-08T08:15:17.977\",\"lastModified\":\"2025-04-08T18:13:53.347\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.\"},{\"lang\":\"es\",\"value\":\"SAP NetWeaver permite a un atacante eludir las comprobaciones de autorizaci\u00f3n, lo que le permite ver fragmentos de c\u00f3digo ABAP que normalmente requerir\u00edan validaci\u00f3n adicional. Una vez conectado al sistema ABAP, el atacante puede ejecutar una transacci\u00f3n espec\u00edfica que expone c\u00f3digo confidencial del sistema sin la debida autorizaci\u00f3n. Esta vulnerabilidad compromete la confidencialidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3577131\",\"source\":\"cna@sap.com\"},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:15:47.307694Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:15:50.951Z\"}}], \"cna\": {\"title\": \"Authorization Bypass vulnerability in SAP NetWeaver\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP NetWeaver\", \"versions\": [{\"status\": \"affected\", \"version\": \"SAP_ABA 700\"}, {\"status\": \"affected\", \"version\": \"701\"}, {\"status\": \"affected\", \"version\": \"702\"}, {\"status\": \"affected\", \"version\": \"731\"}, {\"status\": \"affected\", \"version\": \"740\"}, {\"status\": \"affected\", \"version\": \"750\"}, {\"status\": \"affected\", \"version\": \"751\"}, {\"status\": \"affected\", \"version\": \"752\"}, {\"status\": \"affected\", \"version\": \"75C\"}, {\"status\": \"affected\", \"version\": \"75D\"}, {\"status\": \"affected\", \"version\": \"75E\"}, {\"status\": \"affected\", \"version\": \"75F\"}, {\"status\": \"affected\", \"version\": \"75G\"}, {\"status\": \"affected\", \"version\": \"75H\"}, {\"status\": \"affected\", \"version\": \"75I\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3577131\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2025-04-08T07:15:23.750Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2025-31331\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T13:15:55.752Z\", \"dateReserved\": \"2025-03-27T23:02:06.907Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2025-04-08T07:15:23.750Z\", \"assignerShortName\": \"sap\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
ncsc-2025-0119
Vulnerability from csaf_ncscnl
Published
2025-04-09 09:12
Modified
2025-04-30 13:12
Summary
Kwetsbaarheden verholpen in SAP-producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, en SAP CRM.
Interpretaties
De uitgebrachte paches bevatten een aantal kritieke kwetsbaarheden met de kenmerken CVE-2025-30016, CVE-2025-31330 en CVE-2025-27429.
De kwetsbaarheid met kenmerk CVE-2025-30016 is een kritieke authenticatie-bypass in SAP Financial Consolidation, die ongeauthenticeerde aanvallers toegang geeft tot het Admin-account.
SAP Landscape Transformation heeft een kwetsbaarheid met kenmerk CVE-2025-31330, die het mogelijk maakt voor aanvallers met gebruikersprivileges om willekeurige ABAP-code in te voegen.
De kwetsbaarheid met kenmerk CVE-2025-27429 in SAP S/4HANA (Private Cloud) stelt een aanvaller met gebruikersprivileges in staat om willekeurige ABAP-code in de RFC-functiemodule te injecteren en autorisatiecontroles te omzeilen, waardoor de vertrouwelijkheid, integriteit en beschikbaarheid van het systeem in gevaar komen.
SAP NetWeaver Application Server ABAP heeft een Mixed Dynamic RFC Destination-kwetsbaarheid die kan leiden tot blootstelling van gevoelige inloggegevens. Daarnaast zijn er kwetsbaarheden in SAP Commerce Cloud die de vertrouwelijkheid en integriteit van gegevens in gevaar kunnen brengen. De kwetsbaarheden in SAP ERP BW en SAP BusinessObjects kunnen leiden tot ongeautoriseerde uitvoering van commando's en wijziging van bestanden. De directory traversal-kwetsbaarheden in SAP Capital Yield Tax Management en SAP Solution Manager stellen aanvallers in staat om gevoelige informatie te verkrijgen. De SSRF-kwetsbaarheid in SAP CRM en SAP S/4HANA kan de vertrouwelijkheid van interne netwerkbronnen in gevaar brengen.
**UPDATE 25/04/2025**
SAP heeft een update uitgebracht op de advisory van eerder deze maand. De belangrijkste aanpassing is de toevoeging van **CVE-2025-31324**. Dit is een kritieke kwetsbaarheid waarbij de Metadata Uploader geen correcte autorisatiecontrole toepast. Hierdoor kan een niet-geauthenticeerde aanvaller kwaadaardige uitvoerbare bestanden uploaden naar de server.
**UPDATE 28/04/2025**
Het NCSC ontvangt meldingen dat de kwetsbaarheid met kenmerk CVE-2025-31324 actief wordt misbruikt.
De getroffen Metadata Uploader is onderdeel van Visual Composer. Dit product, bedoeld om zonder het schrijven van programmacode user-interfaces te bouwen, wordt al sinds 2015 niet meer ondersteund. Het gebruik ervan om interfaces te bouwen wordt daarom afgeraden. Ook is het goed gebruik een dergelijk ontwerpsoftware niet publiek toegankelijk te hebben, maar te hosten in een separate ontwikkelomgeving.
In het geval van Visual Composer kan de toegang worden beperkt door de applicatia-alias `developmentserver` uit te schakelen en middels firewall rules de toegang tot de development-server applicatie-url te blokkeren.
**UPDATE 30/04/2025**
In de eerdere update van dit beveiligingsadvies op 28/04/2025 heeft het NCSC gemeld dat de kwetsbaarheid met het kenmerk CVE-2025-31324 actief wordt misbruikt. Een onderdeel van het misbruik is dat kwaadwillenden webshells plaatsen. Na nader onderzoek door het NCSC en op basis van ontvangen meldingen, is ook waargenomen dat deze webshells online te koop wordt aangeboden. Dit vergroot de kans op misbruik aanzienlijk. Het NCSC heeft daarom besloten om dit beveiligingsadvies naar H/H te verhogen.
Oplossingen
SAP heeft patches uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen.
Ook heeft SAP voor de kwetsbaarheid met kenmerk CVE-2025-31324 een noodpatch uitgebracht om deze te verhelpen. Het NCSC adviseert om naast de reguliere updates vooral deze noodpatch ook in te zetten.
**UPDATE 30/04/2025**
Het NCSC adviseert met klem om de beschikbaar gestelde beveiligingsupdates te installeren en uw systeem op aanwezigheid van webshells te controleren. Zie bijgevoegde referenties voor meer informatie.
Kans
high
Schade
high
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-35
Path Traversal: '.../...//'
CWE-277
Insecure Inherited Permissions
CWE-921
Storage of Sensitive Data in a Mechanism without Access Control
CWE-472
External Control of Assumed-Immutable Web Parameter
CWE-319
Cleartext Transmission of Sensitive Information
CWE-862
Missing Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-863
Incorrect Authorization
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-352
Cross-Site Request Forgery (CSRF)
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, en SAP CRM.", "title": "Feiten" }, { "category": "description", "text": "De uitgebrachte paches bevatten een aantal kritieke kwetsbaarheden met de kenmerken CVE-2025-30016, CVE-2025-31330 en CVE-2025-27429.\n\nDe kwetsbaarheid met kenmerk CVE-2025-30016 is een kritieke authenticatie-bypass in SAP Financial Consolidation, die ongeauthenticeerde aanvallers toegang geeft tot het Admin-account. \n\nSAP Landscape Transformation heeft een kwetsbaarheid met kenmerk CVE-2025-31330, die het mogelijk maakt voor aanvallers met gebruikersprivileges om willekeurige ABAP-code in te voegen.\n\nDe kwetsbaarheid met kenmerk CVE-2025-27429 in SAP S/4HANA (Private Cloud) stelt een aanvaller met gebruikersprivileges in staat om willekeurige ABAP-code in de RFC-functiemodule te injecteren en autorisatiecontroles te omzeilen, waardoor de vertrouwelijkheid, integriteit en beschikbaarheid van het systeem in gevaar komen.\n\n\nSAP NetWeaver Application Server ABAP heeft een Mixed Dynamic RFC Destination-kwetsbaarheid die kan leiden tot blootstelling van gevoelige inloggegevens. Daarnaast zijn er kwetsbaarheden in SAP Commerce Cloud die de vertrouwelijkheid en integriteit van gegevens in gevaar kunnen brengen. De kwetsbaarheden in SAP ERP BW en SAP BusinessObjects kunnen leiden tot ongeautoriseerde uitvoering van commando\u0027s en wijziging van bestanden. De directory traversal-kwetsbaarheden in SAP Capital Yield Tax Management en SAP Solution Manager stellen aanvallers in staat om gevoelige informatie te verkrijgen. De SSRF-kwetsbaarheid in SAP CRM en SAP S/4HANA kan de vertrouwelijkheid van interne netwerkbronnen in gevaar brengen. \n\n\n**UPDATE 25/04/2025**\nSAP heeft een update uitgebracht op de advisory van eerder deze maand. De belangrijkste aanpassing is de toevoeging van **CVE-2025-31324**. Dit is een kritieke kwetsbaarheid waarbij de Metadata Uploader geen correcte autorisatiecontrole toepast. Hierdoor kan een niet-geauthenticeerde aanvaller kwaadaardige uitvoerbare bestanden uploaden naar de server.\n\n**UPDATE 28/04/2025**\nHet NCSC ontvangt meldingen dat de kwetsbaarheid met kenmerk CVE-2025-31324 actief wordt misbruikt.\nDe getroffen Metadata Uploader is onderdeel van Visual Composer. Dit product, bedoeld om zonder het schrijven van programmacode user-interfaces te bouwen, wordt al sinds 2015 niet meer ondersteund. Het gebruik ervan om interfaces te bouwen wordt daarom afgeraden. Ook is het goed gebruik een dergelijk ontwerpsoftware niet publiek toegankelijk te hebben, maar te hosten in een separate ontwikkelomgeving.\nIn het geval van Visual Composer kan de toegang worden beperkt door de applicatia-alias `developmentserver` uit te schakelen en middels firewall rules de toegang tot de development-server applicatie-url te blokkeren.\n\n**UPDATE 30/04/2025**\nIn de eerdere update van dit beveiligingsadvies op 28/04/2025 heeft het NCSC gemeld dat de kwetsbaarheid met het kenmerk CVE-2025-31324 actief wordt misbruikt. Een onderdeel van het misbruik is dat kwaadwillenden webshells plaatsen. Na nader onderzoek door het NCSC en op basis van ontvangen meldingen, is ook waargenomen dat deze webshells online te koop wordt aangeboden. Dit vergroot de kans op misbruik aanzienlijk. Het NCSC heeft daarom besloten om dit beveiligingsadvies naar H/H te verhogen.", "title": "Interpretaties" }, { "category": "description", "text": "SAP heeft patches uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen.\n\nOok heeft SAP voor de kwetsbaarheid met kenmerk CVE-2025-31324 een noodpatch uitgebracht om deze te verhelpen. Het NCSC adviseert om naast de reguliere updates vooral deze noodpatch ook in te zetten.\n\n**UPDATE 30/04/2025**\nHet NCSC adviseert met klem om de beschikbaar gestelde beveiligingsupdates te installeren en uw systeem op aanwezigheid van webshells te controleren. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "high", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "Path Traversal: \u0027.../...//\u0027", "title": "CWE-35" }, { "category": "general", "text": "Insecure Inherited Permissions", "title": "CWE-277" }, { "category": "general", "text": "Storage of Sensitive Data in a Mechanism without Access Control", "title": "CWE-921" }, { "category": "general", "text": "External Control of Assumed-Immutable Web Parameter", "title": "CWE-472" }, { "category": "general", "text": "Cleartext Transmission of Sensitive Information", "title": "CWE-319" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" }, { "category": "general", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" }, { "category": "general", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "Cross-Site Request Forgery (CSRF)", "title": "CWE-352" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - certbundde", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html" }, { "category": "external", "summary": "Reference - cisagov; cveprojectv5; nvd", "url": "https://me.sap.com/notes/3594142" }, { "category": "external", "summary": "Reference - ncscclear", "url": "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/" }, { "category": "external", "summary": "Reference - ncscclear", "url": "https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/" } ], "title": "Kwetsbaarheden verholpen in SAP-producten", "tracking": { "current_release_date": "2025-04-30T13:12:27.070565Z", "generator": { "date": "2025-02-25T15:15:00Z", "engine": { "name": "V.A.", "version": "1.0" } }, "id": "NCSC-2025-0119", "initial_release_date": "2025-04-09T09:12:05.705017Z", "revision_history": [ { "date": "2025-04-09T09:12:05.705017Z", "number": "1.0.0", "summary": "Initiele versie" }, { "date": "2025-04-25T12:10:29.929217Z", "number": "1.0.1", "summary": "SAP heeft een update op de advisorie van eerder deze maand" }, { "date": "2025-04-28T09:35:57.213875Z", "number": "1.0.2", "summary": "Meldingen van misbruik van CVE-2025-31324." }, { "date": "2025-04-30T13:12:27.070565Z", "number": "1.0.3", "summary": "New revision" } ], "status": "final", "version": "1.0.3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.0", "product": { "name": "vers:unknown/10.0", "product_id": "CSAFPID-426681", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:sap_businessobjects_financial_consolidation:10.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/10.0.0.1933", "product": { "name": "vers:unknown/10.0.0.1933", "product_id": "CSAFPID-367586" } }, { "category": "product_version_range", "name": "vers:unknown/10.1", "product": { "name": "vers:unknown/10.1", "product_id": "CSAFPID-426682", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:sap_businessobjects_financial_consolidation:10.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-336862" } } ], "category": "product_name", "name": "BusinessObjects Financial Consolidation" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2.00", "product": { "name": "vers:unknown/2.00", "product_id": "CSAFPID-426483", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_erp_financials_information_system:2.00:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "ERP Financials Information System" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/6.0", "product": { "name": "vers:unknown/6.0", "product_id": "CSAFPID-447161" } }, { "category": "product_version_range", "name": "vers:unknown/6.03", "product": { "name": "vers:unknown/6.03", "product_id": "CSAFPID-447167" } }, { "category": "product_version_range", "name": "vers:unknown/6.04", "product": { "name": "vers:unknown/6.04", "product_id": "CSAFPID-447158" } }, { "category": "product_version_range", "name": "vers:unknown/6.05", "product": { "name": "vers:unknown/6.05", "product_id": "CSAFPID-447155" } }, { "category": "product_version_range", "name": "vers:unknown/6.06", "product": { "name": "vers:unknown/6.06", "product_id": "CSAFPID-447160" } }, { "category": "product_version_range", "name": "vers:unknown/6.16", "product": { "name": "vers:unknown/6.16", "product_id": "CSAFPID-447163" } }, { "category": "product_version_range", "name": "vers:unknown/6.17", "product": { "name": "vers:unknown/6.17", "product_id": "CSAFPID-447165" } }, { "category": "product_version_range", "name": "vers:unknown/6.18", "product": { "name": "vers:unknown/6.18", "product_id": "CSAFPID-447156" } }, { "category": "product_version_range", "name": "vers:unknown/8.0", "product": { "name": "vers:unknown/8.0", "product_id": "CSAFPID-447164" } } ], "category": "product_name", "name": "Enterprise Extension Financial Services" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-710027" } }, { "category": "product_version_range", "name": "vers:unknown/6.05", "product": { "name": "vers:unknown/6.05", "product_id": "CSAFPID-426703" } }, { "category": "product_version_range", "name": "vers:unknown/6.06", "product": { "name": "vers:unknown/6.06", "product_id": "CSAFPID-426706" } }, { "category": "product_version_range", "name": "vers:unknown/6.16", "product": { "name": "vers:unknown/6.16", "product_id": "CSAFPID-426707" } }, { "category": "product_version_range", "name": "vers:unknown/6.17", "product": { "name": "vers:unknown/6.17", "product_id": "CSAFPID-426708" } }, { "category": "product_version_range", "name": "vers:unknown/6.18", "product": { "name": "vers:unknown/6.18", "product_id": "CSAFPID-426704" } }, { "category": "product_version_range", "name": "vers:unknown/8.0", "product": { "name": "vers:unknown/8.0", "product_id": "CSAFPID-426705" } } ], "category": "product_name", "name": "Enterprise Financial Services" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.0", "product": { "name": "vers:unknown/10.0", "product_id": "CSAFPID-447141" } }, { "category": "product_version_range", "name": "vers:unknown/10.1", "product": { "name": "vers:unknown/10.1", "product_id": "CSAFPID-447140" } }, { "category": "product_version_range", "name": "vers:unknown/1010", "product": { "name": "vers:unknown/1010", "product_id": "CSAFPID-847883", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:financial_consolidation:1010:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Financial Consolidation" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.1", "product": { "name": "vers:unknown/10.1", "product_id": "CSAFPID-426837" } } ], "category": "product_name", "name": "Financial Consolidation Cube Designer" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1176052" } }, { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-1333259" } } ], "category": "product_name", "name": "NetWeaver" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.50", "product": { "name": "vers:unknown/7.50", "product_id": "CSAFPID-2351307" } } ], "category": "product_name", "name": "NetWeaver (SAP Enterprise Portal)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/700", "product": { "name": "vers:unknown/700", "product_id": "CSAFPID-2538790" } }, { "category": "product_version_range", "name": "vers:unknown/701", "product": { "name": "vers:unknown/701", "product_id": "CSAFPID-2538791" } }, { "category": "product_version_range", "name": "vers:unknown/702", "product": { "name": "vers:unknown/702", "product_id": "CSAFPID-2538792" } }, { "category": "product_version_range", "name": "vers:unknown/731", "product": { "name": "vers:unknown/731", "product_id": "CSAFPID-2538793" } }, { "category": "product_version_range", "name": "vers:unknown/740", "product": { "name": "vers:unknown/740", "product_id": "CSAFPID-2538794" } }, { "category": "product_version_range", "name": "vers:unknown/750", "product": { "name": "vers:unknown/750", "product_id": "CSAFPID-2538799" } }, { "category": "product_version_range", "name": "vers:unknown/751", "product": { "name": "vers:unknown/751", "product_id": "CSAFPID-2538800" } }, { "category": "product_version_range", "name": "vers:unknown/752", "product": { "name": "vers:unknown/752", "product_id": "CSAFPID-2538801" } }, { "category": "product_version_range", "name": "vers:unknown/753", "product": { "name": "vers:unknown/753", "product_id": "CSAFPID-2538802" } }, { "category": "product_version_range", "name": "vers:unknown/754", "product": { "name": "vers:unknown/754", "product_id": "CSAFPID-2538803" } }, { "category": "product_version_range", "name": "vers:unknown/755", "product": { "name": "vers:unknown/755", "product_id": "CSAFPID-2538804" } }, { "category": "product_version_range", "name": "vers:unknown/756", "product": { "name": "vers:unknown/756", "product_id": "CSAFPID-2538805" } }, { "category": "product_version_range", "name": "vers:unknown/757", "product": { "name": "vers:unknown/757", "product_id": "CSAFPID-2538806" } } ], "category": "product_name", "name": "NetWeaver AS ABAP (BSP Framework)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/700", "product": { "name": "vers:unknown/700", "product_id": "CSAFPID-2538773" } }, { "category": "product_version_range", "name": "vers:unknown/701", "product": { "name": "vers:unknown/701", "product_id": "CSAFPID-2538774" } }, { "category": "product_version_range", "name": "vers:unknown/702", "product": { "name": "vers:unknown/702", "product_id": "CSAFPID-2538775" } }, { "category": "product_version_range", "name": "vers:unknown/731", "product": { "name": "vers:unknown/731", "product_id": "CSAFPID-2538776" } }, { "category": "product_version_range", "name": "vers:unknown/740", "product": { "name": "vers:unknown/740", "product_id": "CSAFPID-2538777" } }, { "category": "product_version_range", "name": "vers:unknown/750", "product": { "name": "vers:unknown/750", "product_id": "CSAFPID-2538778" } }, { "category": "product_version_range", "name": "vers:unknown/751", "product": { "name": "vers:unknown/751", "product_id": "CSAFPID-2538779" } }, { "category": "product_version_range", "name": "vers:unknown/752", "product": { "name": "vers:unknown/752", "product_id": "CSAFPID-2538780" } }, { "category": "product_version_range", "name": "vers:unknown/75c", "product": { "name": "vers:unknown/75c", "product_id": "CSAFPID-2538781" } } ], "category": "product_name", "name": "NetWeaver AS ABAP (Business Server Pages application)" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1307450" } }, { "category": "product_version_range", "name": "vers:unknown/1808", "product": { "name": "vers:unknown/1808", "product_id": "CSAFPID-1297130" } }, { "category": "product_version_range", "name": "vers:unknown/1811", "product": { "name": "vers:unknown/1811", "product_id": "CSAFPID-1297107" } }, { "category": "product_version_range", "name": "vers:unknown/1905", "product": { "name": "vers:unknown/1905", "product_id": "CSAFPID-1230533" } }, { "category": "product_version_range", "name": "vers:unknown/2001 zh", "product": { "name": "vers:unknown/2001 zh", "product_id": "CSAFPID-1921506" } }, { "category": "product_version_range", "name": "vers:unknown/2005", "product": { "name": "vers:unknown/2005", "product_id": "CSAFPID-1230555" } }, { "category": "product_version_range", "name": "vers:unknown/2011", "product": { "name": "vers:unknown/2011", "product_id": "CSAFPID-1230719" } }, { "category": "product_version_range", "name": "vers:unknown/2105", "product": { "name": "vers:unknown/2105", "product_id": "CSAFPID-1230702" } }, { "category": "product_version_range", "name": "vers:unknown/2205", "product": { "name": "vers:unknown/2205", "product_id": "CSAFPID-1304671" } }, { "category": "product_version_range", "name": "vers:unknown/2211", "product": { "name": "vers:unknown/2211", "product_id": "CSAFPID-1921487" } }, { "category": "product_version_range", "name": "vers:unknown/6.7", "product": { "name": "vers:unknown/6.7", "product_id": "CSAFPID-1297186" } } ], "category": "product_name", "name": "Commerce" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2205 hy_com", "product": { "name": "vers:unknown/2205 hy_com", "product_id": "CSAFPID-2473272" } }, { "category": "product_version_range", "name": "vers:unknown/2211", "product": { "name": "vers:unknown/2211", "product_id": "CSAFPID-2473273" } }, { "category": "product_version_range", "name": "vers:unknown/none", "product": { "name": "vers:unknown/none", "product_id": "CSAFPID-1306891" } } ], "category": "product_name", "name": "Commerce Cloud" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1306888" } } ], "category": "product_name", "name": "Landscape Management" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.0", "product": { "name": "vers:unknown/7.0", "product_id": "CSAFPID-2352521" } }, { "category": "product_version_range", "name": "vers:unknown/7.10", "product": { "name": "vers:unknown/7.10", "product_id": "CSAFPID-2352520" } }, { "category": "product_version_range", "name": "vers:unknown/7.20", "product": { "name": "vers:unknown/7.20", "product_id": "CSAFPID-1304029" } }, { "category": "product_version_range", "name": "vers:unknown/7.40", "product": { "name": "vers:unknown/7.40", "product_id": "CSAFPID-2352519" } }, { "category": "product_version_range", "name": "vers:unknown/720", "product": { "name": "vers:unknown/720", "product_id": "CSAFPID-2539577" } }, { "category": "product_version_range", "name": "vers:unknown/740", "product": { "name": "vers:unknown/740", "product_id": "CSAFPID-2352518" } } ], "category": "product_name", "name": "Solution Manager" } ], "category": "product_family", "name": "SAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/com_cloud 2211", "product": { "name": "vers:unknown/com_cloud 2211", "product_id": "CSAFPID-1988023" } }, { "category": "product_version_range", "name": "vers:unknown/hy_com 2205", "product": { "name": "vers:unknown/hy_com 2205", "product_id": "CSAFPID-1988024" } } ], "category": "product_name", "name": "Commerce" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1175835" } }, { "category": "product_version_range", "name": "vers:unknown/2211", "product": { "name": "vers:unknown/2211", "product_id": "CSAFPID-2632442" } }, { "category": "product_version_range", "name": "vers:unknown/com_cloud 2211", "product": { "name": "vers:unknown/com_cloud 2211", "product_id": "CSAFPID-2632443" } }, { "category": "product_version_range", "name": "vers:unknown/com_cloud 2211|hy_com 2205", "product": { "name": "vers:unknown/com_cloud 2211|hy_com 2205", "product_id": "CSAFPID-1425816" } }, { "category": "product_version_range", "name": "vers:unknown/hy_com 2205", "product": { "name": "vers:unknown/hy_com 2205", "product_id": "CSAFPID-2632444" } }, { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-1332128" } } ], "category": "product_name", "name": "Commerce Cloud" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/1808", "product": { "name": "vers:unknown/1808", "product_id": "CSAFPID-605062" } }, { "category": "product_version_range", "name": "vers:unknown/1811", "product": { "name": "vers:unknown/1811", "product_id": "CSAFPID-605061" } }, { "category": "product_version_range", "name": "vers:unknown/1905", "product": { "name": "vers:unknown/1905", "product_id": "CSAFPID-605064" } } ], "category": "product_name", "name": "Commerce Data Hub" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.00", "product": { "name": "vers:unknown/7.00", "product_id": "CSAFPID-345584" } }, { "category": "product_version_range", "name": "vers:unknown/7.01", "product": { "name": "vers:unknown/7.01", "product_id": "CSAFPID-345586" } }, { "category": "product_version_range", "name": "vers:unknown/7.02", "product": { "name": "vers:unknown/7.02", "product_id": "CSAFPID-345588" } }, { "category": "product_version_range", "name": "vers:unknown/7.10", "product": { "name": "vers:unknown/7.10", "product_id": "CSAFPID-345621" } }, { "category": "product_version_range", "name": "vers:unknown/7.11", "product": { "name": "vers:unknown/7.11", "product_id": "CSAFPID-345620" } }, { "category": "product_version_range", "name": "vers:unknown/7.30", "product": { "name": "vers:unknown/7.30", "product_id": "CSAFPID-345590" } }, { "category": "product_version_range", "name": "vers:unknown/7.31", "product": { "name": "vers:unknown/7.31", "product_id": "CSAFPID-345585" } }, { "category": "product_version_range", "name": "vers:unknown/7.40", "product": { "name": "vers:unknown/7.40", "product_id": "CSAFPID-345591" } }, { "category": "product_version_range", "name": "vers:unknown/7.50", "product": { "name": "vers:unknown/7.50", "product_id": "CSAFPID-345592" } }, { "category": "product_version_range", "name": "vers:unknown/7.51", "product": { "name": "vers:unknown/7.51", "product_id": "CSAFPID-345589" } }, { "category": "product_version_range", "name": "vers:unknown/7.52", "product": { "name": "vers:unknown/7.52", "product_id": "CSAFPID-345587" } }, { "category": "product_version_range", "name": "vers:unknown/7.53", "product": { "name": "vers:unknown/7.53", "product_id": "CSAFPID-426833" } } ], "category": "product_name", "name": "Business Application Software Integrated Solution" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2.0", "product": { "name": "vers:unknown/2.0", "product_id": "CSAFPID-710118" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_710", "product": { "name": "vers:unknown/2011_1_710", "product_id": "CSAFPID-2632409" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_730", "product": { "name": "vers:unknown/2011_1_730", "product_id": "CSAFPID-2632410" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_731", "product": { "name": "vers:unknown/2011_1_731", "product_id": "CSAFPID-2632411" } }, { "category": "product_version_range", "name": "vers:unknown/dmis 2011_1_700", "product": { "name": "vers:unknown/dmis 2011_1_700", "product_id": "CSAFPID-2632412" } }, { "category": "product_version_range", "name": "vers:unknown/dmis_2011_1_700", "product": { "name": "vers:unknown/dmis_2011_1_700", "product_id": "CSAFPID-2633939" } } ], "category": "product_name", "name": "Landscape Transformation" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.10", "product": { "name": "vers:unknown/7.10", "product_id": "CSAFPID-426454" } }, { "category": "product_version_range", "name": "vers:unknown/7.20", "product": { "name": "vers:unknown/7.20", "product_id": "CSAFPID-426453" } }, { "category": "product_version_range", "name": "vers:unknown/7.30", "product": { "name": "vers:unknown/7.30", "product_id": "CSAFPID-426456" } }, { "category": "product_version_range", "name": "vers:unknown/7.31", "product": { "name": "vers:unknown/7.31", "product_id": "CSAFPID-426455" } }, { "category": "product_version_range", "name": "vers:unknown/7.40", "product": { "name": "vers:unknown/7.40", "product_id": "CSAFPID-426457" } }, { "category": "product_version_range", "name": "vers:unknown/7.5", "product": { "name": "vers:unknown/7.5", "product_id": "CSAFPID-1295436", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:netweaver_system_landscape_directory:7.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Netweaver System Landscape Directory" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/3.0", "product": { "name": "vers:unknown/3.0", "product_id": "CSAFPID-2118594" } } ], "category": "product_name", "name": "landscape_management" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1176305" } }, { "category": "product_version_range", "name": "vers:unknown/720", "product": { "name": "vers:unknown/720", "product_id": "CSAFPID-2538090" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 700", "product": { "name": "vers:unknown/sap_basis 700", "product_id": "CSAFPID-2632425" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 701", "product": { "name": "vers:unknown/sap_basis 701", "product_id": "CSAFPID-2632426" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 702", "product": { "name": "vers:unknown/sap_basis 702", "product_id": "CSAFPID-2632427" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 731", "product": { "name": "vers:unknown/sap_basis 731", "product_id": "CSAFPID-2632428" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 740", "product": { "name": "vers:unknown/sap_basis 740", "product_id": "CSAFPID-2632429" } } ], "category": "product_name", "name": "Solution Manager" } ], "category": "vendor", "name": "SAP" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-2364492", "product_identification_helper": { "cpe": "cpe:/a:atoss:staff_efficiency_suite:-" } } } ], "category": "product_name", "name": "ATOSS Staff Efficiency Suite" } ], "category": "vendor", "name": "ATOSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-1330296", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "product_name", "name": "Amazon Linux 2" } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003c10.1.34", "product": { "name": "vers:unknown/\u003c10.1.34", "product_id": "CSAFPID-1459777" } }, { "category": "product_version_range", "name": "vers:unknown/\u003c11.0.2", "product": { "name": "vers:unknown/\u003c11.0.2", "product_id": "CSAFPID-1459778" } }, { "category": "product_version_range", "name": "vers:unknown/\u003c9.0.98", "product": { "name": "vers:unknown/\u003c9.0.98", "product_id": "CSAFPID-1459779" } } ], "category": "product_name", "name": "Tomcat" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/\u003e=10.1.0 milestone1|\u003c=10.1.33", "product": { "name": "vers:unknown/\u003e=10.1.0 milestone1|\u003c=10.1.33", "product_id": "CSAFPID-1861039" } }, { "category": "product_version_range", "name": "vers:unknown/\u003e=11.0.0 milestone1|\u003c=11.0.1", "product": { "name": "vers:unknown/\u003e=11.0.0 milestone1|\u003c=11.0.1", "product_id": "CSAFPID-1861040" } }, { "category": "product_version_range", "name": "vers:unknown/\u003e=9.0.0 milestone1|\u003c=9.0.97", "product": { "name": "vers:unknown/\u003e=9.0.0 milestone1|\u003c=9.0.97", "product_id": "CSAFPID-1861041" } } ], "category": "product_name", "name": "Tomcat" } ], "category": "product_family", "name": "Apache" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.1.0", "product": { "name": "vers:unknown/10.1.0", "product_id": "CSAFPID-2140760" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.1", "product": { "name": "vers:unknown/10.1.1", "product_id": "CSAFPID-2140804" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.10", "product": { "name": "vers:unknown/10.1.10", "product_id": "CSAFPID-2140795" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.11", "product": { "name": "vers:unknown/10.1.11", "product_id": "CSAFPID-2140773" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.12", "product": { "name": "vers:unknown/10.1.12", "product_id": "CSAFPID-2140818" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.13", "product": { "name": "vers:unknown/10.1.13", "product_id": "CSAFPID-2140755" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.14", "product": { "name": "vers:unknown/10.1.14", "product_id": "CSAFPID-2140803" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.15", "product": { "name": "vers:unknown/10.1.15", "product_id": "CSAFPID-2140852" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.16", "product": { "name": "vers:unknown/10.1.16", "product_id": "CSAFPID-2140842" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.17", "product": { "name": "vers:unknown/10.1.17", "product_id": "CSAFPID-2140814" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.18", "product": { "name": "vers:unknown/10.1.18", "product_id": "CSAFPID-2140749" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.19", "product": { "name": "vers:unknown/10.1.19", "product_id": "CSAFPID-2140796" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.2", "product": { "name": "vers:unknown/10.1.2", "product_id": "CSAFPID-2140856" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.20", "product": { "name": "vers:unknown/10.1.20", "product_id": "CSAFPID-2140834" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.21", "product": { "name": "vers:unknown/10.1.21", "product_id": "CSAFPID-2140851" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.22", "product": { "name": "vers:unknown/10.1.22", "product_id": "CSAFPID-2140742" } }, { "category": "product_version_range", "name": "vers:unknown/10.1.23", "product": { "name": "vers:unknown/10.1.23", "product_id": "CSAFPID-2140825" } } ], "category": "product_name", "name": "tomcat" } ], "category": "vendor", "name": "Apache" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/103", "product": { "name": "vers:unknown/103", "product_id": "CSAFPID-2631681" } }, { "category": "product_version_range", "name": "vers:unknown/104", "product": { "name": "vers:unknown/104", "product_id": "CSAFPID-2631682" } }, { "category": "product_version_range", "name": "vers:unknown/105", "product": { "name": "vers:unknown/105", "product_id": "CSAFPID-2631683" } }, { "category": "product_version_range", "name": "vers:unknown/106", "product": { "name": "vers:unknown/106", "product_id": "CSAFPID-2631684" } }, { "category": "product_version_range", "name": "vers:unknown/107", "product": { "name": "vers:unknown/107", "product_id": "CSAFPID-2631685" } }, { "category": "product_version_range", "name": "vers:unknown/108", "product": { "name": "vers:unknown/108", "product_id": "CSAFPID-2631686" } }, { "category": "product_version_range", "name": "vers:unknown/s4core102", "product": { "name": "vers:unknown/s4core102", "product_id": "CSAFPID-2631680" } } ], "category": "product_name", "name": "SAP S/4HANA (Private Cloud)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2011_1_710", "product": { "name": "vers:unknown/2011_1_710", "product_id": "CSAFPID-2631732" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_730", "product": { "name": "vers:unknown/2011_1_730", "product_id": "CSAFPID-2631733" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_731", "product": { "name": "vers:unknown/2011_1_731", "product_id": "CSAFPID-2631734" } }, { "category": "product_version_range", "name": "vers:unknown/dmis2011_1_700", "product": { "name": "vers:unknown/dmis2011_1_700", "product_id": "CSAFPID-2631731" } } ], "category": "product_name", "name": "SAP Landscape Transformation (Analysis Platform)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/lm-sld 7.5", "product": { "name": "vers:unknown/lm-sld 7.5", "product_id": "CSAFPID-1295163" } } ], "category": "product_name", "name": "SAP NetWeaver AS Java (System Landscape Directory)" } ], "category": "vendor", "name": "SAP_SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-735564" } }, { "category": "product_version_range", "name": "vers:unknown/3.0", "product": { "name": "vers:unknown/3.0", "product_id": "CSAFPID-446586", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:landscape_management:3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/3.00", "product": { "name": "vers:unknown/3.00", "product_id": "CSAFPID-1111431" } } ], "category": "product_name", "name": "landscape_management" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/1.0", "product": { "name": "vers:unknown/1.0", "product_id": "CSAFPID-710125" } }, { "category": "product_version_range", "name": "vers:unknown/2.0", "product": { "name": "vers:unknown/2.0", "product_id": "CSAFPID-710119" } }, { "category": "product_version_range", "name": "vers:unknown/3.0", "product": { "name": "vers:unknown/3.0", "product_id": "CSAFPID-710115" } } ], "category": "product_name", "name": "landscape_transformation_replication_server" } ], "category": "vendor", "name": "sap" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-56337", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2024-56337", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2024-56337" }, { "cve": "CVE-2025-0064", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "other", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-0064", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0064.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-0064" }, { "cve": "CVE-2025-23186", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-23186", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23186.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-23186" }, { "cve": "CVE-2025-26653", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-26653", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26653.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-26653" }, { "cve": "CVE-2025-26654", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "notes": [ { "category": "other", "text": "Cleartext Transmission of Sensitive Information", "title": "CWE-319" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-26654", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26654.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-26654" }, { "cve": "CVE-2025-26657", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-26657", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26657.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-26657" }, { "cve": "CVE-2025-27428", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27428", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27428.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-27428" }, { "cve": "CVE-2025-27429", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27429", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27429.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-27429" }, { "cve": "CVE-2025-27430", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27430", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27430.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-27430" }, { "cve": "CVE-2025-27435", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27435", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27435.json" } ], "title": "CVE-2025-27435" }, { "cve": "CVE-2025-27437", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27437", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27437.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-27437" }, { "cve": "CVE-2025-30013", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30013", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30013.json" } ], "title": "CVE-2025-30013" }, { "cve": "CVE-2025-30014", "cwe": { "id": "CWE-35", "name": "Path Traversal: \u0027.../...//\u0027" }, "notes": [ { "category": "other", "text": "Path Traversal: \u0027.../...//\u0027", "title": "CWE-35" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30014", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30014.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-30014" }, { "cve": "CVE-2025-30015", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30015", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30015.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-30015" }, { "cve": "CVE-2025-30016", "cwe": { "id": "CWE-921", "name": "Storage of Sensitive Data in a Mechanism without Access Control" }, "notes": [ { "category": "other", "text": "Storage of Sensitive Data in a Mechanism without Access Control", "title": "CWE-921" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30016", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30016.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-30016" }, { "cve": "CVE-2025-30017", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-30017", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30017.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-30017" }, { "cve": "CVE-2025-31324", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31324", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31324.json" } ], "scores": [ { "cvss_v3": { "baseScore": 10.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31324" }, { "cve": "CVE-2025-31327", "cwe": { "id": "CWE-472", "name": "External Control of Assumed-Immutable Web Parameter" }, "notes": [ { "category": "other", "text": "External Control of Assumed-Immutable Web Parameter", "title": "CWE-472" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31327", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31327.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31327" }, { "cve": "CVE-2025-31328", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "notes": [ { "category": "other", "text": "Cross-Site Request Forgery (CSRF)", "title": "CWE-352" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31328", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31328.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31328" }, { "cve": "CVE-2025-31330", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31330", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31330.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31330" }, { "cve": "CVE-2025-31331", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31331", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31331.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31331" }, { "cve": "CVE-2025-31332", "cwe": { "id": "CWE-277", "name": "Insecure Inherited Permissions" }, "notes": [ { "category": "other", "text": "Insecure Inherited Permissions", "title": "CWE-277" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31332", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31332.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31332" }, { "cve": "CVE-2025-31333", "cwe": { "id": "CWE-472", "name": "External Control of Assumed-Immutable Web Parameter" }, "notes": [ { "category": "other", "text": "External Control of Assumed-Immutable Web Parameter", "title": "CWE-472" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31333", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31333.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-426681", "CSAFPID-367586", "CSAFPID-426682", "CSAFPID-426483", "CSAFPID-447161", "CSAFPID-447167", "CSAFPID-447158", "CSAFPID-447155", "CSAFPID-447160", "CSAFPID-447163", "CSAFPID-447165", "CSAFPID-447156", "CSAFPID-447164", "CSAFPID-710027", "CSAFPID-426703", "CSAFPID-426706", "CSAFPID-426707", "CSAFPID-426708", "CSAFPID-426704", "CSAFPID-426705", "CSAFPID-447141", "CSAFPID-447140", "CSAFPID-847883", "CSAFPID-426837", "CSAFPID-1176052", "CSAFPID-1333259", "CSAFPID-2351307", "CSAFPID-2538790", "CSAFPID-2538791", "CSAFPID-2538792", "CSAFPID-2538793", "CSAFPID-2538794", "CSAFPID-2538799", "CSAFPID-2538800", "CSAFPID-2538801", "CSAFPID-2538802", "CSAFPID-2538803", "CSAFPID-2538804", "CSAFPID-2538805", "CSAFPID-2538806", "CSAFPID-2538773", "CSAFPID-2538774", "CSAFPID-2538775", "CSAFPID-2538776", "CSAFPID-2538777", "CSAFPID-2538778", "CSAFPID-2538779", "CSAFPID-2538780", "CSAFPID-2538781", "CSAFPID-1307450", "CSAFPID-1297130", "CSAFPID-1297107", "CSAFPID-1230533", "CSAFPID-1921506", "CSAFPID-1230555", "CSAFPID-1230719", "CSAFPID-1230702", "CSAFPID-1304671", "CSAFPID-1921487", "CSAFPID-1297186", "CSAFPID-1988023", "CSAFPID-1988024", "CSAFPID-1175835", "CSAFPID-2473272", "CSAFPID-2632442", "CSAFPID-2473273", "CSAFPID-2632443", "CSAFPID-1425816", "CSAFPID-2632444", "CSAFPID-1306891", "CSAFPID-1332128", "CSAFPID-605062", "CSAFPID-605061", "CSAFPID-605064", "CSAFPID-345584", "CSAFPID-345586", "CSAFPID-2364492", "CSAFPID-1330296", "CSAFPID-1459777", "CSAFPID-1459778", "CSAFPID-1459779", "CSAFPID-1861039", "CSAFPID-1861040", "CSAFPID-1861041", "CSAFPID-2140760", "CSAFPID-2140804", "CSAFPID-2140795", "CSAFPID-2140773", "CSAFPID-2140818", "CSAFPID-2140755", "CSAFPID-2140803", "CSAFPID-2140852", "CSAFPID-2140842", "CSAFPID-2140814", "CSAFPID-2140749", "CSAFPID-2140796", "CSAFPID-2140856", "CSAFPID-2140834", "CSAFPID-2140851", "CSAFPID-2140742", "CSAFPID-2140825", "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-1306888", "CSAFPID-710118", "CSAFPID-2632409", "CSAFPID-2632410", "CSAFPID-2632411", "CSAFPID-2632412", "CSAFPID-2633939", "CSAFPID-426454", "CSAFPID-426453", "CSAFPID-426456", "CSAFPID-426455", "CSAFPID-426457", "CSAFPID-1295436", "CSAFPID-2118594", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-2631731", "CSAFPID-1295163", "CSAFPID-735564", "CSAFPID-446586", "CSAFPID-1111431", "CSAFPID-710125", "CSAFPID-710119", "CSAFPID-710115", "CSAFPID-336862", "CSAFPID-345588", "CSAFPID-345621", "CSAFPID-345620", "CSAFPID-345590", "CSAFPID-345585", "CSAFPID-345591", "CSAFPID-345592", "CSAFPID-345589", "CSAFPID-345587", "CSAFPID-426833", "CSAFPID-1176305", "CSAFPID-2352521", "CSAFPID-2352520", "CSAFPID-1304029", "CSAFPID-2352519", "CSAFPID-2538090", "CSAFPID-2539577", "CSAFPID-2352518", "CSAFPID-2632425", "CSAFPID-2632426", "CSAFPID-2632427", "CSAFPID-2632428", "CSAFPID-2632429" ] } ], "title": "CVE-2025-31333" } ] }
ncsc-2025-0245
Vulnerability from csaf_ncscnl
Published
2025-08-12 11:10
Modified
2025-08-12 11:10
Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver Application Server ABAP, SAP S/4HANA, SAP Landscape Transformation en AP Cloud Connector.
Interpretaties
De kwetsbaarheden omvatten onder andere het omzeilen van autorisatiecontroles, Cross-Site Scripting (XSS) en een Directory Traversal kwetsbaarheid. De aanwezigheid van Cross-Site Scripting (XSS) en CRLF-injectie kwetsbaarheden stelt aanvallers in staat om sessies te manipuleren en gevoelige informatie te compromitteren.
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1022
Use of Web Link to Untrusted Target with window.opener Access
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-266
Incorrect Privilege Assignment
CWE-532
Insertion of Sensitive Information into Log File
CWE-250
Execution with Unnecessary Privileges
CWE-125
Out-of-bounds Read
CWE-306
Missing Authentication for Critical Function
CWE-862
Missing Authorization
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-863
Incorrect Authorization
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver Application Server ABAP, SAP S/4HANA, SAP Landscape Transformation en AP Cloud Connector.", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden omvatten onder andere het omzeilen van autorisatiecontroles, Cross-Site Scripting (XSS) en een Directory Traversal kwetsbaarheid. De aanwezigheid van Cross-Site Scripting (XSS) en CRLF-injectie kwetsbaarheden stelt aanvallers in staat om sessies te manipuleren en gevoelige informatie te compromitteren.", "title": "Interpretaties" }, { "category": "description", "text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Use of Web Link to Untrusted Target with window.opener Access", "title": "CWE-1022" }, { "category": "general", "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "title": "CWE-497" }, { "category": "general", "text": "Incorrect Privilege Assignment", "title": "CWE-266" }, { "category": "general", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "general", "text": "Execution with Unnecessary Privileges", "title": "CWE-250" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)", "title": "CWE-113" }, { "category": "general", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "general", "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "title": "CWE-22" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html" } ], "title": "Kwetsbaarheden verholpen in SAP producten", "tracking": { "current_release_date": "2025-08-12T11:10:21.111816Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.2" } }, "id": "NCSC-2025-0245", "initial_release_date": "2025-08-12T11:10:21.111816Z", "revision_history": [ { "date": "2025-08-12T11:10:21.111816Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/103", "product": { "name": "vers:unknown/103", "product_id": "CSAFPID-2631681" } }, { "category": "product_version_range", "name": "vers:unknown/104", "product": { "name": "vers:unknown/104", "product_id": "CSAFPID-2631682" } }, { "category": "product_version_range", "name": "vers:unknown/105", "product": { "name": "vers:unknown/105", "product_id": "CSAFPID-2631683" } }, { "category": "product_version_range", "name": "vers:unknown/106", "product": { "name": "vers:unknown/106", "product_id": "CSAFPID-2631684" } }, { "category": "product_version_range", "name": "vers:unknown/107", "product": { "name": "vers:unknown/107", "product_id": "CSAFPID-2631685" } }, { "category": "product_version_range", "name": "vers:unknown/108", "product": { "name": "vers:unknown/108", "product_id": "CSAFPID-2631686" } }, { "category": "product_version_range", "name": "vers:unknown/s4core102", "product": { "name": "vers:unknown/s4core102", "product_id": "CSAFPID-2631680" } } ], "category": "product_name", "name": "SAP S/4HANA (Private Cloud)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2011_1_710", "product": { "name": "vers:unknown/2011_1_710", "product_id": "CSAFPID-2631732" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_730", "product": { "name": "vers:unknown/2011_1_730", "product_id": "CSAFPID-2631733" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_731", "product": { "name": "vers:unknown/2011_1_731", "product_id": "CSAFPID-2631734" } }, { "category": "product_version_range", "name": "vers:unknown/2011_1_752", "product": { "name": "vers:unknown/2011_1_752", "product_id": "CSAFPID-3045063" } }, { "category": "product_version_range", "name": "vers:unknown/2020", "product": { "name": "vers:unknown/2020", "product_id": "CSAFPID-3045064" } }, { "category": "product_version_range", "name": "vers:unknown/dmis2011_1_700", "product": { "name": "vers:unknown/dmis2011_1_700", "product_id": "CSAFPID-2631731" } } ], "category": "product_name", "name": "SAP Landscape Transformation (Analysis Platform)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/b1_on_hana10.0", "product": { "name": "vers:unknown/b1_on_hana10.0", "product_id": "CSAFPID-3045061" } }, { "category": "product_version_range", "name": "vers:unknown/sap-m-bo10.0", "product": { "name": "vers:unknown/sap-m-bo10.0", "product_id": "CSAFPID-3045062" } } ], "category": "product_name", "name": "SAP Business One (SLD)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/748", "product": { "name": "vers:unknown/748", "product_id": "CSAFPID-3045052" } }, { "category": "product_version_range", "name": "vers:unknown/747", "product": { "name": "vers:unknown/747", "product_id": "CSAFPID-3045051" } }, { "category": "product_version_range", "name": "vers:unknown/746", "product": { "name": "vers:unknown/746", "product_id": "CSAFPID-3045050" } }, { "category": "product_version_range", "name": "vers:unknown/736", "product": { "name": "vers:unknown/736", "product_id": "CSAFPID-3045049" } }, { "category": "product_version_range", "name": "vers:unknown/634", "product": { "name": "vers:unknown/634", "product_id": "CSAFPID-3045048" } }, { "category": "product_version_range", "name": "vers:unknown/605", "product": { "name": "vers:unknown/605", "product_id": "CSAFPID-3045047" } }, { "category": "product_version_range", "name": "vers:unknown/604", "product": { "name": "vers:unknown/604", "product_id": "CSAFPID-3045046" } }, { "category": "product_version_range", "name": "vers:unknown/603", "product": { "name": "vers:unknown/603", "product_id": "CSAFPID-3045045" } }, { "category": "product_version_range", "name": "vers:unknown/602", "product": { "name": "vers:unknown/602", "product_id": "CSAFPID-3045044" } }, { "category": "product_version_range", "name": "vers:unknown/108", "product": { "name": "vers:unknown/108", "product_id": "CSAFPID-3045042" } }, { "category": "product_version_range", "name": "vers:unknown/107", "product": { "name": "vers:unknown/107", "product_id": "CSAFPID-3045041" } }, { "category": "product_version_range", "name": "vers:unknown/106", "product": { "name": "vers:unknown/106", "product_id": "CSAFPID-3045040" } }, { "category": "product_version_range", "name": "vers:unknown/105", "product": { "name": "vers:unknown/105", "product_id": "CSAFPID-3045039" } } ], "category": "product_name", "name": "SAP NetWeaver Application Server ABAP (BIC Document)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sem-bw 600", "product": { "name": "vers:unknown/sem-bw 600", "product_id": "CSAFPID-3045451" } }, { "category": "product_version_range", "name": "vers:unknown/s4coreop 104", "product": { "name": "vers:unknown/s4coreop 104", "product_id": "CSAFPID-3045450" } }, { "category": "product_version_range", "name": "vers:unknown/krnl64uc 7.53", "product": { "name": "vers:unknown/krnl64uc 7.53", "product_id": "CSAFPID-3045454" } }, { "category": "product_version_range", "name": "vers:unknown/kernel 7.53", "product": { "name": "vers:unknown/kernel 7.53", "product_id": "CSAFPID-3045453" } } ], "category": "product_name", "name": "NetWeaver Application Server ABAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_appl606", "product": { "name": "vers:unknown/sap_appl606", "product_id": "CSAFPID-3045079" } }, { "category": "product_version_range", "name": "vers:unknown/sap_fin617", "product": { "name": "vers:unknown/sap_fin617", "product_id": "CSAFPID-3045080" } } ], "category": "product_name", "name": "SAP S/4HANA (Bank Communication Management)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.54", "product": { "name": "vers:unknown/7.54", "product_id": "CSAFPID-1295192" } }, { "category": "product_version_range", "name": "vers:unknown/7.77", "product": { "name": "vers:unknown/7.77", "product_id": "CSAFPID-1295193" } }, { "category": "product_version_range", "name": "vers:unknown/7.89", "product": { "name": "vers:unknown/7.89", "product_id": "CSAFPID-1295194" } }, { "category": "product_version_range", "name": "vers:unknown/7.93", "product": { "name": "vers:unknown/7.93", "product_id": "CSAFPID-1295195" } }, { "category": "product_version_range", "name": "vers:unknown/kernel7.53", "product": { "name": "vers:unknown/kernel7.53", "product_id": "CSAFPID-3045092" } }, { "category": "product_version_range", "name": "vers:unknown/krnl64uc7.53", "product": { "name": "vers:unknown/krnl64uc7.53", "product_id": "CSAFPID-3045091" } } ], "category": "product_name", "name": "SAP NetWeaver Application Server ABAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_basis700", "product": { "name": "vers:unknown/sap_basis700", "product_id": "CSAFPID-2961677" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis701", "product": { "name": "vers:unknown/sap_basis701", "product_id": "CSAFPID-2961602" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis702", "product": { "name": "vers:unknown/sap_basis702", "product_id": "CSAFPID-2961604" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis731", "product": { "name": "vers:unknown/sap_basis731", "product_id": "CSAFPID-2961605" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis740", "product": { "name": "vers:unknown/sap_basis740", "product_id": "CSAFPID-2961606" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis750", "product": { "name": "vers:unknown/sap_basis750", "product_id": "CSAFPID-2961607" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis751", "product": { "name": "vers:unknown/sap_basis751", "product_id": "CSAFPID-2961608" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis752", "product": { "name": "vers:unknown/sap_basis752", "product_id": "CSAFPID-2961609" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis753", "product": { "name": "vers:unknown/sap_basis753", "product_id": "CSAFPID-2961610" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis754", "product": { "name": "vers:unknown/sap_basis754", "product_id": "CSAFPID-2961611" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis755", "product": { "name": "vers:unknown/sap_basis755", "product_id": "CSAFPID-2961612" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis756", "product": { "name": "vers:unknown/sap_basis756", "product_id": "CSAFPID-2961613" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis757", "product": { "name": "vers:unknown/sap_basis757", "product_id": "CSAFPID-2961614" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis758", "product": { "name": "vers:unknown/sap_basis758", "product_id": "CSAFPID-2961615" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis816", "product": { "name": "vers:unknown/sap_basis816", "product_id": "CSAFPID-2961616" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis916", "product": { "name": "vers:unknown/sap_basis916", "product_id": "CSAFPID-3045095" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis914", "product": { "name": "vers:unknown/sap_basis914", "product_id": "CSAFPID-3045094" } } ], "category": "product_name", "name": "SAP NetWeaver Application Server for ABAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_basis 700", "product": { "name": "vers:unknown/sap_basis 700", "product_id": "CSAFPID-3045405" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 701", "product": { "name": "vers:unknown/sap_basis 701", "product_id": "CSAFPID-3045406" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 702", "product": { "name": "vers:unknown/sap_basis 702", "product_id": "CSAFPID-3045407" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 731", "product": { "name": "vers:unknown/sap_basis 731", "product_id": "CSAFPID-3045408" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 740", "product": { "name": "vers:unknown/sap_basis 740", "product_id": "CSAFPID-3045409" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 750", "product": { "name": "vers:unknown/sap_basis 750", "product_id": "CSAFPID-3045410" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 751", "product": { "name": "vers:unknown/sap_basis 751", "product_id": "CSAFPID-3045411" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 752", "product": { "name": "vers:unknown/sap_basis 752", "product_id": "CSAFPID-3045412" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 753", "product": { "name": "vers:unknown/sap_basis 753", "product_id": "CSAFPID-3045413" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 754", "product": { "name": "vers:unknown/sap_basis 754", "product_id": "CSAFPID-3045414" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 755", "product": { "name": "vers:unknown/sap_basis 755", "product_id": "CSAFPID-3045415" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 756", "product": { "name": "vers:unknown/sap_basis 756", "product_id": "CSAFPID-3045416" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 757", "product": { "name": "vers:unknown/sap_basis 757", "product_id": "CSAFPID-3045417" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 758", "product": { "name": "vers:unknown/sap_basis 758", "product_id": "CSAFPID-3045418" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 816", "product": { "name": "vers:unknown/sap_basis 816", "product_id": "CSAFPID-3045419" } } ], "category": "product_name", "name": "NetWeaver Application Server for ABAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/ep-runtime7.50", "product": { "name": "vers:unknown/ep-runtime7.50", "product_id": "CSAFPID-2455778" } } ], "category": "product_name", "name": "SAP NetWeaver Enterprise Portal (OBN component)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_basis 758", "product": { "name": "vers:unknown/sap_basis 758", "product_id": "CSAFPID-3045328" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 816", "product": { "name": "vers:unknown/sap_basis 816", "product_id": "CSAFPID-3045329" } }, { "category": "product_version_range", "name": "vers:unknown/sap_basis 916", "product": { "name": "vers:unknown/sap_basis 916", "product_id": "CSAFPID-3045330" } } ], "category": "product_name", "name": "ABAP Platform" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/bc-fes-gui8.00", "product": { "name": "vers:unknown/bc-fes-gui8.00", "product_id": "CSAFPID-1987640" } } ], "category": "product_name", "name": "SAP GUI for Windows" } ], "category": "vendor", "name": "SAP" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-0059", "cwe": { "id": "CWE-497", "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "title": "CWE-497" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-0059 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0059.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-0059" }, { "cve": "CVE-2025-23194", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "other", "text": "Missing Authentication for Critical Function", "title": "CWE-306" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-23194 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23194.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-23194" }, { "cve": "CVE-2025-27429", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-27429 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27429.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-27429" }, { "cve": "CVE-2025-31331", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31331 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31331.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-31331" }, { "cve": "CVE-2025-42934", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)", "title": "CWE-113" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42934 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42934.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42934" }, { "cve": "CVE-2025-42935", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "notes": [ { "category": "other", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42935 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42935.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42935" }, { "cve": "CVE-2025-42936", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "notes": [ { "category": "other", "text": "Incorrect Privilege Assignment", "title": "CWE-266" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42936 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42936.json" } ], "title": "CVE-2025-42936" }, { "cve": "CVE-2025-42941", "cwe": { "id": "CWE-1022", "name": "Use of Web Link to Untrusted Target with window.opener Access" }, "notes": [ { "category": "other", "text": "Use of Web Link to Untrusted Target with window.opener Access", "title": "CWE-1022" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42941 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42941.json" } ], "title": "CVE-2025-42941" }, { "cve": "CVE-2025-42942", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42942 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42942.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42942" }, { "cve": "CVE-2025-42943", "cwe": { "id": "CWE-250", "name": "Execution with Unnecessary Privileges" }, "notes": [ { "category": "other", "text": "Execution with Unnecessary Privileges", "title": "CWE-250" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42943 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42943.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42943" }, { "cve": "CVE-2025-42946", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "other", "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "title": "CWE-22" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42946 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42946.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42946" }, { "cve": "CVE-2025-42948", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42948 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42948.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42948" }, { "cve": "CVE-2025-42949", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42949 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42949.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42949" }, { "cve": "CVE-2025-42950", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42950 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42950.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42950" }, { "cve": "CVE-2025-42951", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42951 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42951.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42951" }, { "cve": "CVE-2025-42955", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42955 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42955.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42955" }, { "cve": "CVE-2025-42957", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42957 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42957.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42957" }, { "cve": "CVE-2025-42975", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42975 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42975.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42975" }, { "cve": "CVE-2025-42976", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42976 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42976.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42976" }, { "cve": "CVE-2025-42945", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)", "title": "CWE-94" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42945 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42945.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-2631681", "CSAFPID-2631682", "CSAFPID-2631683", "CSAFPID-2631684", "CSAFPID-2631685", "CSAFPID-2631686", "CSAFPID-2631680", "CSAFPID-2631732", "CSAFPID-2631733", "CSAFPID-2631734", "CSAFPID-3045063", "CSAFPID-3045064", "CSAFPID-2631731", "CSAFPID-3045061", "CSAFPID-3045062", "CSAFPID-3045052", "CSAFPID-3045051", "CSAFPID-3045050", "CSAFPID-3045049", "CSAFPID-3045048", "CSAFPID-3045047", "CSAFPID-3045046", "CSAFPID-3045045", "CSAFPID-3045044", "CSAFPID-3045042", "CSAFPID-3045041", "CSAFPID-3045040", "CSAFPID-3045039", "CSAFPID-3045451", "CSAFPID-3045450", "CSAFPID-3045079", "CSAFPID-3045080", "CSAFPID-3045454", "CSAFPID-3045453", "CSAFPID-1295192", "CSAFPID-1295193", "CSAFPID-1295194", "CSAFPID-1295195", "CSAFPID-3045092", "CSAFPID-3045091", "CSAFPID-2961677", "CSAFPID-2961602", "CSAFPID-2961604", "CSAFPID-2961605", "CSAFPID-2961606", "CSAFPID-2961607", "CSAFPID-2961608", "CSAFPID-2961609", "CSAFPID-2961610", "CSAFPID-2961611", "CSAFPID-2961612", "CSAFPID-2961613", "CSAFPID-2961614", "CSAFPID-2961615", "CSAFPID-2961616", "CSAFPID-3045095", "CSAFPID-3045094", "CSAFPID-3045405", "CSAFPID-3045406", "CSAFPID-3045407", "CSAFPID-3045408", "CSAFPID-3045409", "CSAFPID-3045410", "CSAFPID-3045411", "CSAFPID-3045412", "CSAFPID-3045413", "CSAFPID-3045414", "CSAFPID-3045415", "CSAFPID-3045416", "CSAFPID-3045417", "CSAFPID-3045418", "CSAFPID-3045419", "CSAFPID-2455778", "CSAFPID-3045328", "CSAFPID-3045329", "CSAFPID-3045330", "CSAFPID-1987640" ] } ], "title": "CVE-2025-42945" } ] }
wid-sec-w-2025-0719
Vulnerability from csaf_certbund
Published
2025-04-07 22:00
Modified
2025-04-24 22:00
Summary
SAP Patchday April 2025: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "kritisch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2025-0719 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0719.json" }, { "category": "self", "summary": "WID-SEC-2025-0719 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0719" }, { "category": "external", "summary": "April Patch Day Notes vom 2025-04-07", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html" }, { "category": "external", "summary": "April Patch Day Notes Update vom 2025-04-24", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html" }, { "category": "external", "summary": "National Vulnerability Database CVE-2025-31324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31324" }, { "category": "external", "summary": "Security Online vom 2025-04-24", "url": "https://securityonline.info/cve-2025-31324-cvss-10-zero-day-in-sap-netweaver-exploited-in-the-wild-to-deploy-webshells-and-c2-frameworks/" } ], "source_lang": "en-US", "title": "SAP Patchday April 2025: Mehrere Schwachstellen", "tracking": { "current_release_date": "2025-04-24T22:00:00.000+00:00", "generator": { "date": "2025-04-25T09:49:22.319+00:00", "engine": { "name": "BSI-WID", "version": "1.3.12" } }, "id": "WID-SEC-W-2025-0719", "initial_release_date": "2025-04-07T22:00:00.000+00:00", "revision_history": [ { "date": "2025-04-07T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2025-04-24T22:00:00.000+00:00", "number": "2", "summary": "Update von SAP - CVE-2025-31324 (ausgenutzt), CVE-2025-31327, CVE-2025-31328 erg\u00e4nzt" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "SAP Software", "product": { "name": "SAP Software", "product_id": "T042428", "product_identification_helper": { "cpe": "cpe:/a:sap:sap:-" } } } ], "category": "vendor", "name": "SAP" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-56337", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2024-56337" }, { "cve": "CVE-2025-0064", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-0064" }, { "cve": "CVE-2025-23186", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-23186" }, { "cve": "CVE-2025-26653", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-26653" }, { "cve": "CVE-2025-26654", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-26654" }, { "cve": "CVE-2025-26657", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-26657" }, { "cve": "CVE-2025-27428", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-27428" }, { "cve": "CVE-2025-27429", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-27429" }, { "cve": "CVE-2025-27430", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-27430" }, { "cve": "CVE-2025-27435", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-27435" }, { "cve": "CVE-2025-27437", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-27437" }, { "cve": "CVE-2025-30013", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-30013" }, { "cve": "CVE-2025-30014", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-30014" }, { "cve": "CVE-2025-30015", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-30015" }, { "cve": "CVE-2025-30016", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-30016" }, { "cve": "CVE-2025-30017", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-30017" }, { "cve": "CVE-2025-31327", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31327" }, { "cve": "CVE-2025-31328", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31328" }, { "cve": "CVE-2025-31330", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31330" }, { "cve": "CVE-2025-31331", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31331" }, { "cve": "CVE-2025-31332", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31332" }, { "cve": "CVE-2025-31333", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-07T22:00:00.000+00:00", "title": "CVE-2025-31333" }, { "cve": "CVE-2025-31324", "product_status": { "known_affected": [ "T042428" ] }, "release_date": "2025-04-24T22:00:00.000+00:00", "title": "CVE-2025-31324" } ] }
fkie_cve-2025-31331
Vulnerability from fkie_nvd
Published
2025-04-08 08:15
Modified
2025-04-08 18:13
Severity ?
Summary
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality." }, { "lang": "es", "value": "SAP NetWeaver permite a un atacante eludir las comprobaciones de autorizaci\u00f3n, lo que le permite ver fragmentos de c\u00f3digo ABAP que normalmente requerir\u00edan validaci\u00f3n adicional. Una vez conectado al sistema ABAP, el atacante puede ejecutar una transacci\u00f3n espec\u00edfica que expone c\u00f3digo confidencial del sistema sin la debida autorizaci\u00f3n. Esta vulnerabilidad compromete la confidencialidad." } ], "id": "CVE-2025-31331", "lastModified": "2025-04-08T18:13:53.347", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Primary" } ] }, "published": "2025-04-08T08:15:17.977", "references": [ { "source": "cna@sap.com", "url": "https://me.sap.com/notes/3577131" }, { "source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "cna@sap.com", "type": "Primary" } ] }
ghsa-jc4p-p49m-8p2p
Vulnerability from github
Published
2025-04-08 09:31
Modified
2025-04-08 09:31
Severity ?
VLAI Severity ?
Details
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
{ "affected": [], "aliases": [ "CVE-2025-31331" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-04-08T08:15:17Z", "severity": "MODERATE" }, "details": "SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.", "id": "GHSA-jc4p-p49m-8p2p", "modified": "2025-04-08T09:31:11Z", "published": "2025-04-08T09:31:11Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31331" }, { "type": "WEB", "url": "https://me.sap.com/notes/3577131" }, { "type": "WEB", "url": "https://url.sap/sapsecuritypatchday" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…