Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31333 (GCVE-0-2025-31333)
Vulnerability from cvelistv5
Published
2025-04-08 07:15
Modified
2025-04-08 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - External Control of Assumed-Immutable Web Parameter
Summary
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP S4CORE entity |
Version: S4CORE 107 Version: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:14:13.088702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:50:18.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S4CORE entity",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.\u003c/p\u003e"
}
],
"value": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472: External Control of Assumed-Immutable Web Parameter",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T07:15:46.176Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3525971"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Odata meta-data tampering in SAP S4CORE entity",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31333",
"datePublished": "2025-04-08T07:15:46.176Z",
"dateReserved": "2025-03-27T23:02:06.907Z",
"dateUpdated": "2025-04-08T14:50:18.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31333\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2025-04-08T08:15:18.287\",\"lastModified\":\"2025-04-08T18:13:53.347\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.\"},{\"lang\":\"es\",\"value\":\"La propiedad de metadatos OData de SAP S4CORE es vulnerable a la manipulaci\u00f3n de datos, por lo que un atacante podr\u00eda modificar externamente el conjunto de entidades, lo que tendr\u00eda un impacto m\u00ednimo en la integridad de la aplicaci\u00f3n. La confidencialidad y la disponibilidad no se ven afectadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-472\"}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3525971\",\"source\":\"cna@sap.com\"},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31333\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:14:13.088702Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:21:07.769Z\"}}], \"cna\": {\"title\": \"Odata meta-data tampering in SAP S4CORE entity\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP S4CORE entity\", \"versions\": [{\"status\": \"affected\", \"version\": \"S4CORE 107\"}, {\"status\": \"affected\", \"version\": \"108\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3525971\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-472\", \"description\": \"CWE-472: External Control of Assumed-Immutable Web Parameter\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2025-04-08T07:15:46.176Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31333\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T14:50:18.739Z\", \"dateReserved\": \"2025-03-27T23:02:06.907Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2025-04-08T07:15:46.176Z\", \"assignerShortName\": \"sap\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
wid-sec-w-2025-0719
Vulnerability from csaf_certbund
Published
2025-04-07 22:00
Modified
2025-04-24 22:00
Summary
SAP Patchday April 2025: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0719 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0719.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0719 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0719"
},
{
"category": "external",
"summary": "April Patch Day Notes vom 2025-04-07",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
},
{
"category": "external",
"summary": "April Patch Day Notes Update vom 2025-04-24",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2025-31324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31324"
},
{
"category": "external",
"summary": "Security Online vom 2025-04-24",
"url": "https://securityonline.info/cve-2025-31324-cvss-10-zero-day-in-sap-netweaver-exploited-in-the-wild-to-deploy-webshells-and-c2-frameworks/"
}
],
"source_lang": "en-US",
"title": "SAP Patchday April 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-24T22:00:00.000+00:00",
"generator": {
"date": "2025-04-25T09:49:22.319+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0719",
"initial_release_date": "2025-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "2",
"summary": "Update von SAP - CVE-2025-31324 (ausgenutzt), CVE-2025-31327, CVE-2025-31328 erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T042428",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56337",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-0064",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-0064"
},
{
"cve": "CVE-2025-23186",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-23186"
},
{
"cve": "CVE-2025-26653",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-26653"
},
{
"cve": "CVE-2025-26654",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-26654"
},
{
"cve": "CVE-2025-26657",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-26657"
},
{
"cve": "CVE-2025-27428",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-27428"
},
{
"cve": "CVE-2025-27429",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-27429"
},
{
"cve": "CVE-2025-27430",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-27430"
},
{
"cve": "CVE-2025-27435",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-27435"
},
{
"cve": "CVE-2025-27437",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-27437"
},
{
"cve": "CVE-2025-30013",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-30013"
},
{
"cve": "CVE-2025-30014",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-30014"
},
{
"cve": "CVE-2025-30015",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-30015"
},
{
"cve": "CVE-2025-30016",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-30016"
},
{
"cve": "CVE-2025-30017",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-30017"
},
{
"cve": "CVE-2025-31327",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31327"
},
{
"cve": "CVE-2025-31328",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31328"
},
{
"cve": "CVE-2025-31330",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31330"
},
{
"cve": "CVE-2025-31331",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31331"
},
{
"cve": "CVE-2025-31332",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31332"
},
{
"cve": "CVE-2025-31333",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-07T22:00:00.000+00:00",
"title": "CVE-2025-31333"
},
{
"cve": "CVE-2025-31324",
"product_status": {
"known_affected": [
"T042428"
]
},
"release_date": "2025-04-24T22:00:00.000+00:00",
"title": "CVE-2025-31324"
}
]
}
ncsc-2025-0119
Vulnerability from csaf_ncscnl
Published
2025-04-09 09:12
Modified
2025-04-30 13:12
Summary
Kwetsbaarheden verholpen in SAP-producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, en SAP CRM.
Interpretaties
De uitgebrachte paches bevatten een aantal kritieke kwetsbaarheden met de kenmerken CVE-2025-30016, CVE-2025-31330 en CVE-2025-27429.
De kwetsbaarheid met kenmerk CVE-2025-30016 is een kritieke authenticatie-bypass in SAP Financial Consolidation, die ongeauthenticeerde aanvallers toegang geeft tot het Admin-account.
SAP Landscape Transformation heeft een kwetsbaarheid met kenmerk CVE-2025-31330, die het mogelijk maakt voor aanvallers met gebruikersprivileges om willekeurige ABAP-code in te voegen.
De kwetsbaarheid met kenmerk CVE-2025-27429 in SAP S/4HANA (Private Cloud) stelt een aanvaller met gebruikersprivileges in staat om willekeurige ABAP-code in de RFC-functiemodule te injecteren en autorisatiecontroles te omzeilen, waardoor de vertrouwelijkheid, integriteit en beschikbaarheid van het systeem in gevaar komen.
SAP NetWeaver Application Server ABAP heeft een Mixed Dynamic RFC Destination-kwetsbaarheid die kan leiden tot blootstelling van gevoelige inloggegevens. Daarnaast zijn er kwetsbaarheden in SAP Commerce Cloud die de vertrouwelijkheid en integriteit van gegevens in gevaar kunnen brengen. De kwetsbaarheden in SAP ERP BW en SAP BusinessObjects kunnen leiden tot ongeautoriseerde uitvoering van commando's en wijziging van bestanden. De directory traversal-kwetsbaarheden in SAP Capital Yield Tax Management en SAP Solution Manager stellen aanvallers in staat om gevoelige informatie te verkrijgen. De SSRF-kwetsbaarheid in SAP CRM en SAP S/4HANA kan de vertrouwelijkheid van interne netwerkbronnen in gevaar brengen.
**UPDATE 25/04/2025**
SAP heeft een update uitgebracht op de advisory van eerder deze maand. De belangrijkste aanpassing is de toevoeging van **CVE-2025-31324**. Dit is een kritieke kwetsbaarheid waarbij de Metadata Uploader geen correcte autorisatiecontrole toepast. Hierdoor kan een niet-geauthenticeerde aanvaller kwaadaardige uitvoerbare bestanden uploaden naar de server.
**UPDATE 28/04/2025**
Het NCSC ontvangt meldingen dat de kwetsbaarheid met kenmerk CVE-2025-31324 actief wordt misbruikt.
De getroffen Metadata Uploader is onderdeel van Visual Composer. Dit product, bedoeld om zonder het schrijven van programmacode user-interfaces te bouwen, wordt al sinds 2015 niet meer ondersteund. Het gebruik ervan om interfaces te bouwen wordt daarom afgeraden. Ook is het goed gebruik een dergelijk ontwerpsoftware niet publiek toegankelijk te hebben, maar te hosten in een separate ontwikkelomgeving.
In het geval van Visual Composer kan de toegang worden beperkt door de applicatia-alias `developmentserver` uit te schakelen en middels firewall rules de toegang tot de development-server applicatie-url te blokkeren.
**UPDATE 30/04/2025**
In de eerdere update van dit beveiligingsadvies op 28/04/2025 heeft het NCSC gemeld dat de kwetsbaarheid met het kenmerk CVE-2025-31324 actief wordt misbruikt. Een onderdeel van het misbruik is dat kwaadwillenden webshells plaatsen. Na nader onderzoek door het NCSC en op basis van ontvangen meldingen, is ook waargenomen dat deze webshells online te koop wordt aangeboden. Dit vergroot de kans op misbruik aanzienlijk. Het NCSC heeft daarom besloten om dit beveiligingsadvies naar H/H te verhogen.
Oplossingen
SAP heeft patches uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen.
Ook heeft SAP voor de kwetsbaarheid met kenmerk CVE-2025-31324 een noodpatch uitgebracht om deze te verhelpen. Het NCSC adviseert om naast de reguliere updates vooral deze noodpatch ook in te zetten.
**UPDATE 30/04/2025**
Het NCSC adviseert met klem om de beschikbaar gestelde beveiligingsupdates te installeren en uw systeem op aanwezigheid van webshells te controleren. Zie bijgevoegde referenties voor meer informatie.
Kans
high
Schade
high
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-35
Path Traversal: '.../...//'
CWE-277
Insecure Inherited Permissions
CWE-921
Storage of Sensitive Data in a Mechanism without Access Control
CWE-472
External Control of Assumed-Immutable Web Parameter
CWE-319
Cleartext Transmission of Sensitive Information
CWE-862
Missing Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-863
Incorrect Authorization
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-352
Cross-Site Request Forgery (CSRF)
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, en SAP CRM.",
"title": "Feiten"
},
{
"category": "description",
"text": "De uitgebrachte paches bevatten een aantal kritieke kwetsbaarheden met de kenmerken CVE-2025-30016, CVE-2025-31330 en CVE-2025-27429.\n\nDe kwetsbaarheid met kenmerk CVE-2025-30016 is een kritieke authenticatie-bypass in SAP Financial Consolidation, die ongeauthenticeerde aanvallers toegang geeft tot het Admin-account. \n\nSAP Landscape Transformation heeft een kwetsbaarheid met kenmerk CVE-2025-31330, die het mogelijk maakt voor aanvallers met gebruikersprivileges om willekeurige ABAP-code in te voegen.\n\nDe kwetsbaarheid met kenmerk CVE-2025-27429 in SAP S/4HANA (Private Cloud) stelt een aanvaller met gebruikersprivileges in staat om willekeurige ABAP-code in de RFC-functiemodule te injecteren en autorisatiecontroles te omzeilen, waardoor de vertrouwelijkheid, integriteit en beschikbaarheid van het systeem in gevaar komen.\n\n\nSAP NetWeaver Application Server ABAP heeft een Mixed Dynamic RFC Destination-kwetsbaarheid die kan leiden tot blootstelling van gevoelige inloggegevens. Daarnaast zijn er kwetsbaarheden in SAP Commerce Cloud die de vertrouwelijkheid en integriteit van gegevens in gevaar kunnen brengen. De kwetsbaarheden in SAP ERP BW en SAP BusinessObjects kunnen leiden tot ongeautoriseerde uitvoering van commando\u0027s en wijziging van bestanden. De directory traversal-kwetsbaarheden in SAP Capital Yield Tax Management en SAP Solution Manager stellen aanvallers in staat om gevoelige informatie te verkrijgen. De SSRF-kwetsbaarheid in SAP CRM en SAP S/4HANA kan de vertrouwelijkheid van interne netwerkbronnen in gevaar brengen. \n\n\n**UPDATE 25/04/2025**\nSAP heeft een update uitgebracht op de advisory van eerder deze maand. De belangrijkste aanpassing is de toevoeging van **CVE-2025-31324**. Dit is een kritieke kwetsbaarheid waarbij de Metadata Uploader geen correcte autorisatiecontrole toepast. Hierdoor kan een niet-geauthenticeerde aanvaller kwaadaardige uitvoerbare bestanden uploaden naar de server.\n\n**UPDATE 28/04/2025**\nHet NCSC ontvangt meldingen dat de kwetsbaarheid met kenmerk CVE-2025-31324 actief wordt misbruikt.\nDe getroffen Metadata Uploader is onderdeel van Visual Composer. Dit product, bedoeld om zonder het schrijven van programmacode user-interfaces te bouwen, wordt al sinds 2015 niet meer ondersteund. Het gebruik ervan om interfaces te bouwen wordt daarom afgeraden. Ook is het goed gebruik een dergelijk ontwerpsoftware niet publiek toegankelijk te hebben, maar te hosten in een separate ontwikkelomgeving.\nIn het geval van Visual Composer kan de toegang worden beperkt door de applicatia-alias `developmentserver` uit te schakelen en middels firewall rules de toegang tot de development-server applicatie-url te blokkeren.\n\n**UPDATE 30/04/2025**\nIn de eerdere update van dit beveiligingsadvies op 28/04/2025 heeft het NCSC gemeld dat de kwetsbaarheid met het kenmerk CVE-2025-31324 actief wordt misbruikt. Een onderdeel van het misbruik is dat kwaadwillenden webshells plaatsen. Na nader onderzoek door het NCSC en op basis van ontvangen meldingen, is ook waargenomen dat deze webshells online te koop wordt aangeboden. Dit vergroot de kans op misbruik aanzienlijk. Het NCSC heeft daarom besloten om dit beveiligingsadvies naar H/H te verhogen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft patches uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen.\n\nOok heeft SAP voor de kwetsbaarheid met kenmerk CVE-2025-31324 een noodpatch uitgebracht om deze te verhelpen. Het NCSC adviseert om naast de reguliere updates vooral deze noodpatch ook in te zetten.\n\n**UPDATE 30/04/2025**\nHet NCSC adviseert met klem om de beschikbaar gestelde beveiligingsupdates te installeren en uw systeem op aanwezigheid van webshells te controleren. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "high",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "general",
"text": "Insecure Inherited Permissions",
"title": "CWE-277"
},
{
"category": "general",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "general",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
},
{
"category": "external",
"summary": "Reference - cisagov; cveprojectv5; nvd",
"url": "https://me.sap.com/notes/3594142"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/"
}
],
"title": "Kwetsbaarheden verholpen in SAP-producten",
"tracking": {
"current_release_date": "2025-04-30T13:12:27.070565Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0119",
"initial_release_date": "2025-04-09T09:12:05.705017Z",
"revision_history": [
{
"date": "2025-04-09T09:12:05.705017Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2025-04-25T12:10:29.929217Z",
"number": "1.0.1",
"summary": "SAP heeft een update op de advisorie van eerder deze maand"
},
{
"date": "2025-04-28T09:35:57.213875Z",
"number": "1.0.2",
"summary": "Meldingen van misbruik van CVE-2025-31324."
},
{
"date": "2025-04-30T13:12:27.070565Z",
"number": "1.0.3",
"summary": "New revision"
}
],
"status": "final",
"version": "1.0.3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.0",
"product": {
"name": "vers:unknown/10.0",
"product_id": "CSAFPID-426681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:sap_businessobjects_financial_consolidation:10.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.0.0.1933",
"product": {
"name": "vers:unknown/10.0.0.1933",
"product_id": "CSAFPID-367586"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1",
"product": {
"name": "vers:unknown/10.1",
"product_id": "CSAFPID-426682",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:sap_businessobjects_financial_consolidation:10.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-336862"
}
}
],
"category": "product_name",
"name": "BusinessObjects Financial Consolidation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2.00",
"product": {
"name": "vers:unknown/2.00",
"product_id": "CSAFPID-426483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_erp_financials_information_system:2.00:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "ERP Financials Information System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/6.0",
"product": {
"name": "vers:unknown/6.0",
"product_id": "CSAFPID-447161"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.03",
"product": {
"name": "vers:unknown/6.03",
"product_id": "CSAFPID-447167"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.04",
"product": {
"name": "vers:unknown/6.04",
"product_id": "CSAFPID-447158"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.05",
"product": {
"name": "vers:unknown/6.05",
"product_id": "CSAFPID-447155"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.06",
"product": {
"name": "vers:unknown/6.06",
"product_id": "CSAFPID-447160"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.16",
"product": {
"name": "vers:unknown/6.16",
"product_id": "CSAFPID-447163"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.17",
"product": {
"name": "vers:unknown/6.17",
"product_id": "CSAFPID-447165"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.18",
"product": {
"name": "vers:unknown/6.18",
"product_id": "CSAFPID-447156"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.0",
"product": {
"name": "vers:unknown/8.0",
"product_id": "CSAFPID-447164"
}
}
],
"category": "product_name",
"name": "Enterprise Extension Financial Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-710027"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.05",
"product": {
"name": "vers:unknown/6.05",
"product_id": "CSAFPID-426703"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.06",
"product": {
"name": "vers:unknown/6.06",
"product_id": "CSAFPID-426706"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.16",
"product": {
"name": "vers:unknown/6.16",
"product_id": "CSAFPID-426707"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.17",
"product": {
"name": "vers:unknown/6.17",
"product_id": "CSAFPID-426708"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.18",
"product": {
"name": "vers:unknown/6.18",
"product_id": "CSAFPID-426704"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.0",
"product": {
"name": "vers:unknown/8.0",
"product_id": "CSAFPID-426705"
}
}
],
"category": "product_name",
"name": "Enterprise Financial Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.0",
"product": {
"name": "vers:unknown/10.0",
"product_id": "CSAFPID-447141"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1",
"product": {
"name": "vers:unknown/10.1",
"product_id": "CSAFPID-447140"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1010",
"product": {
"name": "vers:unknown/1010",
"product_id": "CSAFPID-847883",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:financial_consolidation:1010:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Financial Consolidation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.1",
"product": {
"name": "vers:unknown/10.1",
"product_id": "CSAFPID-426837"
}
}
],
"category": "product_name",
"name": "Financial Consolidation Cube Designer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1176052"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1333259"
}
}
],
"category": "product_name",
"name": "NetWeaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/7.50",
"product": {
"name": "vers:unknown/7.50",
"product_id": "CSAFPID-2351307"
}
}
],
"category": "product_name",
"name": "NetWeaver (SAP Enterprise Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/700",
"product": {
"name": "vers:unknown/700",
"product_id": "CSAFPID-2538790"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/701",
"product": {
"name": "vers:unknown/701",
"product_id": "CSAFPID-2538791"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/702",
"product": {
"name": "vers:unknown/702",
"product_id": "CSAFPID-2538792"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/731",
"product": {
"name": "vers:unknown/731",
"product_id": "CSAFPID-2538793"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/740",
"product": {
"name": "vers:unknown/740",
"product_id": "CSAFPID-2538794"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/750",
"product": {
"name": "vers:unknown/750",
"product_id": "CSAFPID-2538799"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/751",
"product": {
"name": "vers:unknown/751",
"product_id": "CSAFPID-2538800"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/752",
"product": {
"name": "vers:unknown/752",
"product_id": "CSAFPID-2538801"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/753",
"product": {
"name": "vers:unknown/753",
"product_id": "CSAFPID-2538802"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/754",
"product": {
"name": "vers:unknown/754",
"product_id": "CSAFPID-2538803"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/755",
"product": {
"name": "vers:unknown/755",
"product_id": "CSAFPID-2538804"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/756",
"product": {
"name": "vers:unknown/756",
"product_id": "CSAFPID-2538805"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/757",
"product": {
"name": "vers:unknown/757",
"product_id": "CSAFPID-2538806"
}
}
],
"category": "product_name",
"name": "NetWeaver AS ABAP (BSP Framework)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/700",
"product": {
"name": "vers:unknown/700",
"product_id": "CSAFPID-2538773"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/701",
"product": {
"name": "vers:unknown/701",
"product_id": "CSAFPID-2538774"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/702",
"product": {
"name": "vers:unknown/702",
"product_id": "CSAFPID-2538775"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/731",
"product": {
"name": "vers:unknown/731",
"product_id": "CSAFPID-2538776"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/740",
"product": {
"name": "vers:unknown/740",
"product_id": "CSAFPID-2538777"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/750",
"product": {
"name": "vers:unknown/750",
"product_id": "CSAFPID-2538778"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/751",
"product": {
"name": "vers:unknown/751",
"product_id": "CSAFPID-2538779"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/752",
"product": {
"name": "vers:unknown/752",
"product_id": "CSAFPID-2538780"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/75c",
"product": {
"name": "vers:unknown/75c",
"product_id": "CSAFPID-2538781"
}
}
],
"category": "product_name",
"name": "NetWeaver AS ABAP (Business Server Pages application)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1307450"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1808",
"product": {
"name": "vers:unknown/1808",
"product_id": "CSAFPID-1297130"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1811",
"product": {
"name": "vers:unknown/1811",
"product_id": "CSAFPID-1297107"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1905",
"product": {
"name": "vers:unknown/1905",
"product_id": "CSAFPID-1230533"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2001 zh",
"product": {
"name": "vers:unknown/2001 zh",
"product_id": "CSAFPID-1921506"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2005",
"product": {
"name": "vers:unknown/2005",
"product_id": "CSAFPID-1230555"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011",
"product": {
"name": "vers:unknown/2011",
"product_id": "CSAFPID-1230719"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2105",
"product": {
"name": "vers:unknown/2105",
"product_id": "CSAFPID-1230702"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2205",
"product": {
"name": "vers:unknown/2205",
"product_id": "CSAFPID-1304671"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2211",
"product": {
"name": "vers:unknown/2211",
"product_id": "CSAFPID-1921487"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/6.7",
"product": {
"name": "vers:unknown/6.7",
"product_id": "CSAFPID-1297186"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2205 hy_com",
"product": {
"name": "vers:unknown/2205 hy_com",
"product_id": "CSAFPID-2473272"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2211",
"product": {
"name": "vers:unknown/2211",
"product_id": "CSAFPID-2473273"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1306891"
}
}
],
"category": "product_name",
"name": "Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1306888"
}
}
],
"category": "product_name",
"name": "Landscape Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/7.0",
"product": {
"name": "vers:unknown/7.0",
"product_id": "CSAFPID-2352521"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.10",
"product": {
"name": "vers:unknown/7.10",
"product_id": "CSAFPID-2352520"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.20",
"product": {
"name": "vers:unknown/7.20",
"product_id": "CSAFPID-1304029"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.40",
"product": {
"name": "vers:unknown/7.40",
"product_id": "CSAFPID-2352519"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/720",
"product": {
"name": "vers:unknown/720",
"product_id": "CSAFPID-2539577"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/740",
"product": {
"name": "vers:unknown/740",
"product_id": "CSAFPID-2352518"
}
}
],
"category": "product_name",
"name": "Solution Manager"
}
],
"category": "product_family",
"name": "SAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/com_cloud 2211",
"product": {
"name": "vers:unknown/com_cloud 2211",
"product_id": "CSAFPID-1988023"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/hy_com 2205",
"product": {
"name": "vers:unknown/hy_com 2205",
"product_id": "CSAFPID-1988024"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1175835"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2211",
"product": {
"name": "vers:unknown/2211",
"product_id": "CSAFPID-2632442"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/com_cloud 2211",
"product": {
"name": "vers:unknown/com_cloud 2211",
"product_id": "CSAFPID-2632443"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/com_cloud 2211|hy_com 2205",
"product": {
"name": "vers:unknown/com_cloud 2211|hy_com 2205",
"product_id": "CSAFPID-1425816"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/hy_com 2205",
"product": {
"name": "vers:unknown/hy_com 2205",
"product_id": "CSAFPID-2632444"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1332128"
}
}
],
"category": "product_name",
"name": "Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/1808",
"product": {
"name": "vers:unknown/1808",
"product_id": "CSAFPID-605062"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1811",
"product": {
"name": "vers:unknown/1811",
"product_id": "CSAFPID-605061"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/1905",
"product": {
"name": "vers:unknown/1905",
"product_id": "CSAFPID-605064"
}
}
],
"category": "product_name",
"name": "Commerce Data Hub"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/7.00",
"product": {
"name": "vers:unknown/7.00",
"product_id": "CSAFPID-345584"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.01",
"product": {
"name": "vers:unknown/7.01",
"product_id": "CSAFPID-345586"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.02",
"product": {
"name": "vers:unknown/7.02",
"product_id": "CSAFPID-345588"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.10",
"product": {
"name": "vers:unknown/7.10",
"product_id": "CSAFPID-345621"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.11",
"product": {
"name": "vers:unknown/7.11",
"product_id": "CSAFPID-345620"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.30",
"product": {
"name": "vers:unknown/7.30",
"product_id": "CSAFPID-345590"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.31",
"product": {
"name": "vers:unknown/7.31",
"product_id": "CSAFPID-345585"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.40",
"product": {
"name": "vers:unknown/7.40",
"product_id": "CSAFPID-345591"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.50",
"product": {
"name": "vers:unknown/7.50",
"product_id": "CSAFPID-345592"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.51",
"product": {
"name": "vers:unknown/7.51",
"product_id": "CSAFPID-345589"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.52",
"product": {
"name": "vers:unknown/7.52",
"product_id": "CSAFPID-345587"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.53",
"product": {
"name": "vers:unknown/7.53",
"product_id": "CSAFPID-426833"
}
}
],
"category": "product_name",
"name": "Business Application Software Integrated Solution"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-710118"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_710",
"product": {
"name": "vers:unknown/2011_1_710",
"product_id": "CSAFPID-2632409"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_730",
"product": {
"name": "vers:unknown/2011_1_730",
"product_id": "CSAFPID-2632410"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_731",
"product": {
"name": "vers:unknown/2011_1_731",
"product_id": "CSAFPID-2632411"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/dmis 2011_1_700",
"product": {
"name": "vers:unknown/dmis 2011_1_700",
"product_id": "CSAFPID-2632412"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/dmis_2011_1_700",
"product": {
"name": "vers:unknown/dmis_2011_1_700",
"product_id": "CSAFPID-2633939"
}
}
],
"category": "product_name",
"name": "Landscape Transformation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/7.10",
"product": {
"name": "vers:unknown/7.10",
"product_id": "CSAFPID-426454"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.20",
"product": {
"name": "vers:unknown/7.20",
"product_id": "CSAFPID-426453"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.30",
"product": {
"name": "vers:unknown/7.30",
"product_id": "CSAFPID-426456"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.31",
"product": {
"name": "vers:unknown/7.31",
"product_id": "CSAFPID-426455"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.40",
"product": {
"name": "vers:unknown/7.40",
"product_id": "CSAFPID-426457"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/7.5",
"product": {
"name": "vers:unknown/7.5",
"product_id": "CSAFPID-1295436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_system_landscape_directory:7.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Netweaver System Landscape Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/3.0",
"product": {
"name": "vers:unknown/3.0",
"product_id": "CSAFPID-2118594"
}
}
],
"category": "product_name",
"name": "landscape_management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1176305"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/720",
"product": {
"name": "vers:unknown/720",
"product_id": "CSAFPID-2538090"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis 700",
"product": {
"name": "vers:unknown/sap_basis 700",
"product_id": "CSAFPID-2632425"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis 701",
"product": {
"name": "vers:unknown/sap_basis 701",
"product_id": "CSAFPID-2632426"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis 702",
"product": {
"name": "vers:unknown/sap_basis 702",
"product_id": "CSAFPID-2632427"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis 731",
"product": {
"name": "vers:unknown/sap_basis 731",
"product_id": "CSAFPID-2632428"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/sap_basis 740",
"product": {
"name": "vers:unknown/sap_basis 740",
"product_id": "CSAFPID-2632429"
}
}
],
"category": "product_name",
"name": "Solution Manager"
}
],
"category": "vendor",
"name": "SAP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-2364492",
"product_identification_helper": {
"cpe": "cpe:/a:atoss:staff_efficiency_suite:-"
}
}
}
],
"category": "product_name",
"name": "ATOSS Staff Efficiency Suite"
}
],
"category": "vendor",
"name": "ATOSS"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1330296",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "product_name",
"name": "Amazon Linux 2"
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c10.1.34",
"product": {
"name": "vers:unknown/\u003c10.1.34",
"product_id": "CSAFPID-1459777"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003c11.0.2",
"product": {
"name": "vers:unknown/\u003c11.0.2",
"product_id": "CSAFPID-1459778"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003c9.0.98",
"product": {
"name": "vers:unknown/\u003c9.0.98",
"product_id": "CSAFPID-1459779"
}
}
],
"category": "product_name",
"name": "Tomcat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=10.1.0 milestone1|\u003c=10.1.33",
"product": {
"name": "vers:unknown/\u003e=10.1.0 milestone1|\u003c=10.1.33",
"product_id": "CSAFPID-1861039"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=11.0.0 milestone1|\u003c=11.0.1",
"product": {
"name": "vers:unknown/\u003e=11.0.0 milestone1|\u003c=11.0.1",
"product_id": "CSAFPID-1861040"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=9.0.0 milestone1|\u003c=9.0.97",
"product": {
"name": "vers:unknown/\u003e=9.0.0 milestone1|\u003c=9.0.97",
"product_id": "CSAFPID-1861041"
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "product_family",
"name": "Apache"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.1.0",
"product": {
"name": "vers:unknown/10.1.0",
"product_id": "CSAFPID-2140760"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.1",
"product": {
"name": "vers:unknown/10.1.1",
"product_id": "CSAFPID-2140804"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.10",
"product": {
"name": "vers:unknown/10.1.10",
"product_id": "CSAFPID-2140795"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.11",
"product": {
"name": "vers:unknown/10.1.11",
"product_id": "CSAFPID-2140773"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.12",
"product": {
"name": "vers:unknown/10.1.12",
"product_id": "CSAFPID-2140818"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.13",
"product": {
"name": "vers:unknown/10.1.13",
"product_id": "CSAFPID-2140755"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.14",
"product": {
"name": "vers:unknown/10.1.14",
"product_id": "CSAFPID-2140803"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.15",
"product": {
"name": "vers:unknown/10.1.15",
"product_id": "CSAFPID-2140852"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.16",
"product": {
"name": "vers:unknown/10.1.16",
"product_id": "CSAFPID-2140842"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.17",
"product": {
"name": "vers:unknown/10.1.17",
"product_id": "CSAFPID-2140814"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.18",
"product": {
"name": "vers:unknown/10.1.18",
"product_id": "CSAFPID-2140749"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.19",
"product": {
"name": "vers:unknown/10.1.19",
"product_id": "CSAFPID-2140796"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.2",
"product": {
"name": "vers:unknown/10.1.2",
"product_id": "CSAFPID-2140856"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.20",
"product": {
"name": "vers:unknown/10.1.20",
"product_id": "CSAFPID-2140834"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.21",
"product": {
"name": "vers:unknown/10.1.21",
"product_id": "CSAFPID-2140851"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.22",
"product": {
"name": "vers:unknown/10.1.22",
"product_id": "CSAFPID-2140742"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.1.23",
"product": {
"name": "vers:unknown/10.1.23",
"product_id": "CSAFPID-2140825"
}
}
],
"category": "product_name",
"name": "tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/103",
"product": {
"name": "vers:unknown/103",
"product_id": "CSAFPID-2631681"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/104",
"product": {
"name": "vers:unknown/104",
"product_id": "CSAFPID-2631682"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/105",
"product": {
"name": "vers:unknown/105",
"product_id": "CSAFPID-2631683"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/106",
"product": {
"name": "vers:unknown/106",
"product_id": "CSAFPID-2631684"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/107",
"product": {
"name": "vers:unknown/107",
"product_id": "CSAFPID-2631685"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/108",
"product": {
"name": "vers:unknown/108",
"product_id": "CSAFPID-2631686"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/s4core102",
"product": {
"name": "vers:unknown/s4core102",
"product_id": "CSAFPID-2631680"
}
}
],
"category": "product_name",
"name": "SAP S/4HANA (Private Cloud)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_710",
"product": {
"name": "vers:unknown/2011_1_710",
"product_id": "CSAFPID-2631732"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_730",
"product": {
"name": "vers:unknown/2011_1_730",
"product_id": "CSAFPID-2631733"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2011_1_731",
"product": {
"name": "vers:unknown/2011_1_731",
"product_id": "CSAFPID-2631734"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/dmis2011_1_700",
"product": {
"name": "vers:unknown/dmis2011_1_700",
"product_id": "CSAFPID-2631731"
}
}
],
"category": "product_name",
"name": "SAP Landscape Transformation (Analysis Platform)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/lm-sld 7.5",
"product": {
"name": "vers:unknown/lm-sld 7.5",
"product_id": "CSAFPID-1295163"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (System Landscape Directory)"
}
],
"category": "vendor",
"name": "SAP_SE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-735564"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/3.0",
"product": {
"name": "vers:unknown/3.0",
"product_id": "CSAFPID-446586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:landscape_management:3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/3.00",
"product": {
"name": "vers:unknown/3.00",
"product_id": "CSAFPID-1111431"
}
}
],
"category": "product_name",
"name": "landscape_management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/1.0",
"product": {
"name": "vers:unknown/1.0",
"product_id": "CSAFPID-710125"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-710119"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/3.0",
"product": {
"name": "vers:unknown/3.0",
"product_id": "CSAFPID-710115"
}
}
],
"category": "product_name",
"name": "landscape_transformation_replication_server"
}
],
"category": "vendor",
"name": "sap"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-0064",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-0064"
},
{
"cve": "CVE-2025-23186",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23186",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23186.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-23186"
},
{
"cve": "CVE-2025-26653",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26653",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-26653"
},
{
"cve": "CVE-2025-26654",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26654",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26654.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-26654"
},
{
"cve": "CVE-2025-26657",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26657",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26657.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-26657"
},
{
"cve": "CVE-2025-27428",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-27428"
},
{
"cve": "CVE-2025-27429",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27429",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27429.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-27429"
},
{
"cve": "CVE-2025-27430",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27430",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27430.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-27430"
},
{
"cve": "CVE-2025-27435",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27435",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27435.json"
}
],
"title": "CVE-2025-27435"
},
{
"cve": "CVE-2025-27437",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27437",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27437.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-27437"
},
{
"cve": "CVE-2025-30013",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30013",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30013.json"
}
],
"title": "CVE-2025-30013"
},
{
"cve": "CVE-2025-30014",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30014",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-30014"
},
{
"cve": "CVE-2025-30015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30015",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30015.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-30015"
},
{
"cve": "CVE-2025-30016",
"cwe": {
"id": "CWE-921",
"name": "Storage of Sensitive Data in a Mechanism without Access Control"
},
"notes": [
{
"category": "other",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30016",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30016.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-30016"
},
{
"cve": "CVE-2025-30017",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30017",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30017.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-30017"
},
{
"cve": "CVE-2025-31324",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "other",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31324",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31324.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31324"
},
{
"cve": "CVE-2025-31327",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31327",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31327.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31327"
},
{
"cve": "CVE-2025-31328",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31328",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31328.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31328"
},
{
"cve": "CVE-2025-31330",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31330",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31330.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31330"
},
{
"cve": "CVE-2025-31331",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31331",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31331.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31331"
},
{
"cve": "CVE-2025-31332",
"cwe": {
"id": "CWE-277",
"name": "Insecure Inherited Permissions"
},
"notes": [
{
"category": "other",
"text": "Insecure Inherited Permissions",
"title": "CWE-277"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31332",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31332.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31332"
},
{
"cve": "CVE-2025-31333",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"notes": [
{
"category": "other",
"text": "External Control of Assumed-Immutable Web Parameter",
"title": "CWE-472"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31333",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-31333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-426681",
"CSAFPID-367586",
"CSAFPID-426682",
"CSAFPID-426483",
"CSAFPID-447161",
"CSAFPID-447167",
"CSAFPID-447158",
"CSAFPID-447155",
"CSAFPID-447160",
"CSAFPID-447163",
"CSAFPID-447165",
"CSAFPID-447156",
"CSAFPID-447164",
"CSAFPID-710027",
"CSAFPID-426703",
"CSAFPID-426706",
"CSAFPID-426707",
"CSAFPID-426708",
"CSAFPID-426704",
"CSAFPID-426705",
"CSAFPID-447141",
"CSAFPID-447140",
"CSAFPID-847883",
"CSAFPID-426837",
"CSAFPID-1176052",
"CSAFPID-1333259",
"CSAFPID-2351307",
"CSAFPID-2538790",
"CSAFPID-2538791",
"CSAFPID-2538792",
"CSAFPID-2538793",
"CSAFPID-2538794",
"CSAFPID-2538799",
"CSAFPID-2538800",
"CSAFPID-2538801",
"CSAFPID-2538802",
"CSAFPID-2538803",
"CSAFPID-2538804",
"CSAFPID-2538805",
"CSAFPID-2538806",
"CSAFPID-2538773",
"CSAFPID-2538774",
"CSAFPID-2538775",
"CSAFPID-2538776",
"CSAFPID-2538777",
"CSAFPID-2538778",
"CSAFPID-2538779",
"CSAFPID-2538780",
"CSAFPID-2538781",
"CSAFPID-1307450",
"CSAFPID-1297130",
"CSAFPID-1297107",
"CSAFPID-1230533",
"CSAFPID-1921506",
"CSAFPID-1230555",
"CSAFPID-1230719",
"CSAFPID-1230702",
"CSAFPID-1304671",
"CSAFPID-1921487",
"CSAFPID-1297186",
"CSAFPID-1988023",
"CSAFPID-1988024",
"CSAFPID-1175835",
"CSAFPID-2473272",
"CSAFPID-2632442",
"CSAFPID-2473273",
"CSAFPID-2632443",
"CSAFPID-1425816",
"CSAFPID-2632444",
"CSAFPID-1306891",
"CSAFPID-1332128",
"CSAFPID-605062",
"CSAFPID-605061",
"CSAFPID-605064",
"CSAFPID-345584",
"CSAFPID-345586",
"CSAFPID-2364492",
"CSAFPID-1330296",
"CSAFPID-1459777",
"CSAFPID-1459778",
"CSAFPID-1459779",
"CSAFPID-1861039",
"CSAFPID-1861040",
"CSAFPID-1861041",
"CSAFPID-2140760",
"CSAFPID-2140804",
"CSAFPID-2140795",
"CSAFPID-2140773",
"CSAFPID-2140818",
"CSAFPID-2140755",
"CSAFPID-2140803",
"CSAFPID-2140852",
"CSAFPID-2140842",
"CSAFPID-2140814",
"CSAFPID-2140749",
"CSAFPID-2140796",
"CSAFPID-2140856",
"CSAFPID-2140834",
"CSAFPID-2140851",
"CSAFPID-2140742",
"CSAFPID-2140825",
"CSAFPID-2631681",
"CSAFPID-2631682",
"CSAFPID-2631683",
"CSAFPID-2631684",
"CSAFPID-2631685",
"CSAFPID-2631686",
"CSAFPID-2631680",
"CSAFPID-1306888",
"CSAFPID-710118",
"CSAFPID-2632409",
"CSAFPID-2632410",
"CSAFPID-2632411",
"CSAFPID-2632412",
"CSAFPID-2633939",
"CSAFPID-426454",
"CSAFPID-426453",
"CSAFPID-426456",
"CSAFPID-426455",
"CSAFPID-426457",
"CSAFPID-1295436",
"CSAFPID-2118594",
"CSAFPID-2631732",
"CSAFPID-2631733",
"CSAFPID-2631734",
"CSAFPID-2631731",
"CSAFPID-1295163",
"CSAFPID-735564",
"CSAFPID-446586",
"CSAFPID-1111431",
"CSAFPID-710125",
"CSAFPID-710119",
"CSAFPID-710115",
"CSAFPID-336862",
"CSAFPID-345588",
"CSAFPID-345621",
"CSAFPID-345620",
"CSAFPID-345590",
"CSAFPID-345585",
"CSAFPID-345591",
"CSAFPID-345592",
"CSAFPID-345589",
"CSAFPID-345587",
"CSAFPID-426833",
"CSAFPID-1176305",
"CSAFPID-2352521",
"CSAFPID-2352520",
"CSAFPID-1304029",
"CSAFPID-2352519",
"CSAFPID-2538090",
"CSAFPID-2539577",
"CSAFPID-2352518",
"CSAFPID-2632425",
"CSAFPID-2632426",
"CSAFPID-2632427",
"CSAFPID-2632428",
"CSAFPID-2632429"
]
}
],
"title": "CVE-2025-31333"
}
]
}
ghsa-hw3g-3mvq-wr6f
Vulnerability from github
Published
2025-04-08 09:31
Modified
2025-04-08 09:31
Severity ?
VLAI Severity ?
Details
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.
{
"affected": [],
"aliases": [
"CVE-2025-31333"
],
"database_specific": {
"cwe_ids": [
"CWE-472"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T08:15:18Z",
"severity": "MODERATE"
},
"details": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.",
"id": "GHSA-hw3g-3mvq-wr6f",
"modified": "2025-04-08T09:31:11Z",
"published": "2025-04-08T09:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31333"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3525971"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
fkie_cve-2025-31333
Vulnerability from fkie_nvd
Published
2025-04-08 08:15
Modified
2025-04-08 18:13
Severity ?
Summary
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted."
},
{
"lang": "es",
"value": "La propiedad de metadatos OData de SAP S4CORE es vulnerable a la manipulaci\u00f3n de datos, por lo que un atacante podr\u00eda modificar externamente el conjunto de entidades, lo que tendr\u00eda un impacto m\u00ednimo en la integridad de la aplicaci\u00f3n. La confidencialidad y la disponibilidad no se ven afectadas."
}
],
"id": "CVE-2025-31333",
"lastModified": "2025-04-08T18:13:53.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Primary"
}
]
},
"published": "2025-04-08T08:15:18.287",
"references": [
{
"source": "cna@sap.com",
"url": "https://me.sap.com/notes/3525971"
},
{
"source": "cna@sap.com",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-472"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…