Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

CVE-2026-32772 (GCVE-0-2026-32772)

Vulnerability from cvelistv5 – Published: 2026-03-13 21:01 – Updated: 2026-03-16 17:02
VLAI
Summary
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Vendor Product Version
GNU inetutils Affected: 0 , ≤ 2.7 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32772",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T17:02:13.267475Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T17:02:16.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "inetutils",
          "vendor": "GNU",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-13T21:10:46.673Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-32772",
    "datePublished": "2026-03-13T21:01:17.782Z",
    "dateReserved": "2026-03-13T21:01:17.399Z",
    "dateUpdated": "2026-03-16T17:02:16.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25253 (GCVE-0-2026-25253)

Vulnerability from cvelistv5 – Published: 2026-02-01 22:34 – Updated: 2026-02-03 15:32
VLAI
Summary
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Vendor Product Version
OpenClaw OpenClaw Affected: 0 , < 2026.1.29 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25253",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T14:36:53.948712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T15:32:57.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/clawdbot",
          "product": "OpenClaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.1.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T19:16:55.732Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"
        },
        {
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"
        },
        {
          "url": "https://openclaw.ai/blog"
        },
        {
          "url": "https://ethiack.com/news/blog/one-click-rce-moltbot"
        },
        {
          "url": "https://x.com/0xacb/status/2016913750557651228"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-25253",
    "datePublished": "2026-02-01T22:34:17.590Z",
    "dateReserved": "2026-02-01T22:34:17.326Z",
    "dateUpdated": "2026-02-03T15:32:57.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24708 (GCVE-0-2026-24708)

Vulnerability from cvelistv5 – Published: 2026-02-18 00:00 – Updated: 2026-07-15 01:17
VLAI
Summary
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
  • CWE-73 - External Control of File Name or Path
Assigner
Impacted products
Vendor Product Version
OpenStack Nova Affected: 0 , < 30.2.2 (semver)
Affected: 31.0.0 , < 31.2.1 (semver)
Affected: 32.0.0 , < 32.1.1 (semver)
Create a notification for this product.
Red Hat Red Hat OpenStack Services on OpenShift 18.0 Unaffected: 1:27.5.2-18.0.20260312122217.c1c6d67.el9ost , < * (rpm)
    cpe:/a:redhat:openstack:18.0::el9
Create a notification for this product.
Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
Create a notification for this product.
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Create a notification for this product.
Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
Create a notification for this product.
Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-19T19:07:53.345297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-19T19:08:07.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-21T04:31:45.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:18.0::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "openstack-nova",
            "product": "Red Hat OpenStack Services on OpenShift 18.0",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1:27.5.2-18.0.20260312122217.c1c6d67.el9ost",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:13"
            ],
            "defaultStatus": "affected",
            "packageName": "rhosp13/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 13 (Queens)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "affected",
            "packageName": "openstack-nova",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhosp12/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "affected",
            "packageName": "rhosp-rhel8/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhosp-rhel9/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:17.1"
            ],
            "defaultStatus": "affected",
            "packageName": "openstack-nova",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:17.1"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhosp12/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:17.1"
            ],
            "defaultStatus": "affected",
            "packageName": "rhosp-rhel8/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:17.1"
            ],
            "defaultStatus": "affected",
            "packageName": "rhosp-rhel9/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhoso/openstack-nova-compute-rhel9",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhosp12/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "affected",
            "packageName": "rhosp-rhel9/openstack-nova-compute",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-17T15:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw in OpenStack Nova\u2019s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw disk and trigger destructive behavior during instance operations such as resize."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-73",
                "description": "External Control of File Name or Path",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:17:09.818Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-24708"
          },
          {
            "name": "RHBZ#2430312",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24708.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7884"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:7884: Red Hat OpenStack Services on OpenShift 18.0"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-16T06:29:23.249Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-17T15:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nova",
          "vendor": "OpenStack",
          "versions": [
            {
              "lessThan": "30.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "31.2.1",
              "status": "affected",
              "version": "31.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "32.1.1",
              "status": "affected",
              "version": "32.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "30.2.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "31.2.1",
                  "versionStartIncluding": "31.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "32.1.1",
                  "versionStartIncluding": "32.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova\u0027s Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T17:03:53.469Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.launchpad.net/nova/+bug/2137507"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-24708",
    "datePublished": "2026-02-18T00:00:00.000Z",
    "dateReserved": "2026-01-24T00:00:00.000Z",
    "dateUpdated": "2026-07-15T01:17:09.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12068 (GCVE-0-2026-12068)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:19 – Updated: 2026-06-15 16:01
VLAI
Title
Avira Password Manager credential disclosure via cross-origin autofill in Firefox
Summary
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Contexts
Assigner
GEN
Impacted products
Credits
Riccardo, an independent security researcher at TU Wien
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T16:01:07.717925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T16:01:19.318Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Firefox",
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Password Manager",
          "vendor": "Gen Digital",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Riccardo, an independent security researcher at TU Wien"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\u003cp\u003eThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.\u003c/p\u003e"
            }
          ],
          "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-116",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-116 Excavation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Contexts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:19:18.986Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. \u003cstrong\u003eNo software update is currently planned.\u003c/strong\u003e"
            }
          ],
          "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. No software update is currently planned."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira Password Manager credential disclosure via cross-origin autofill in Firefox",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2026-12068",
    "datePublished": "2026-06-12T22:19:18.986Z",
    "dateReserved": "2026-06-12T09:09:57.930Z",
    "dateUpdated": "2026-06-15T16:01:19.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-67895 (GCVE-0-2025-67895)

Vulnerability from cvelistv5 – Published: 2025-12-17 11:47 – Updated: 2025-12-17 19:55
VLAI
Title
Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2
Summary
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do. If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2. If you used Edge Provider in Airflow 3, you are not affected.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Credits
Lee
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-17T12:08:02.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/16/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-67895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T19:55:27.687183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T19:55:36.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow-providers-edge3",
          "product": "Apache Airflow Providers Edge3",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lee"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEdge3 Worker RPC RCE on Airflow 2.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\u003c/p\u003e\u003cp\u003eIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (\u0026gt;=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\u003c/p\u003e\u003cp\u003eIf you used Edge Provider in Airflow 3, you are not affected.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (\u003e=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669: Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-17T11:47:42.502Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/59143"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-67895",
    "datePublished": "2025-12-17T11:47:42.502Z",
    "dateReserved": "2025-12-13T16:52:31.830Z",
    "dateUpdated": "2025-12-17T19:55:36.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62775 (GCVE-0-2025-62775)

Vulnerability from cvelistv5 – Published: 2025-10-22 00:00 – Updated: 2025-10-22 15:47
VLAI
Summary
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Vendor Product Version
Mercku M6a Affected: 0 , ≤ 2.1.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62775",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T15:47:13.356289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T15:47:34.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "M6a",
          "vendor": "Mercku",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T03:02:49.987Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://seclists.org/fulldisclosure/2025/Oct/10"
        },
        {
          "url": "https://blog.nullvoid.me/posts/mercku-exploits/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-62775",
    "datePublished": "2025-10-22T00:00:00.000Z",
    "dateReserved": "2025-10-22T00:00:00.000Z",
    "dateUpdated": "2025-10-22T15:47:34.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-62646 (GCVE-0-2025-62646)

Vulnerability from cvelistv5 – Published: 2025-10-17 00:00 – Updated: 2025-10-29 15:06 Exclusively Hosted Service
VLAI
Summary
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Vendor Product Version
Restaurant Brands International assistant platform Affected: 0 , ≤ 2025-09-06 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62646",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-29T15:06:05.645720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-29T15:06:11.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "assistant platform",
          "vendor": "Restaurant Brands International",
          "versions": [
            {
              "lessThanOrEqual": "2025-09-06",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-18T00:41:54.506Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html"
        },
        {
          "url": "https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers"
        },
        {
          "url": "https://web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive-thrus"
        },
        {
          "url": "https://bobdahacker.com/blog/rbi-hacked-drive-thrus/"
        },
        {
          "url": "https://archive.today/fMYQp"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-62646",
    "datePublished": "2025-10-17T00:00:00.000Z",
    "dateReserved": "2025-10-17T00:00:00.000Z",
    "dateUpdated": "2025-10-29T15:06:11.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62292 (GCVE-0-2025-62292)

Vulnerability from cvelistv5 – Published: 2025-10-10 00:00 – Updated: 2025-10-10 14:21
VLAI
Summary
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
Impacted products
Vendor Product Version
SonarSource SonarQube Affected: 10.2 Community , < 25.6 Community (custom)
Affected: 10.2 Commercial , < 2025.3 Commercial (custom)
Affected: 2025.1 LTA , < 2025.1.3 LTA (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T14:21:23.732209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T14:21:31.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SonarQube",
          "vendor": "SonarSource",
          "versions": [
            {
              "lessThan": "25.6 Community",
              "status": "affected",
              "version": "10.2 Community",
              "versionType": "custom"
            },
            {
              "lessThan": "2025.3 Commercial",
              "status": "affected",
              "version": "10.2 Commercial",
              "versionType": "custom"
            },
            {
              "lessThan": "2025.1.3 LTA",
              "status": "affected",
              "version": "2025.1 LTA",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "25.6 Community",
                  "versionStartIncluding": "10.2 Community",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2025.3 Commercial",
                  "versionStartIncluding": "10.2 Commercial",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2025.1.3 LTA",
                  "versionStartIncluding": "2025.1 LTA",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T06:17:39.454Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sonarsource.atlassian.net/browse/SONAR-24830"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-62292",
    "datePublished": "2025-10-10T00:00:00.000Z",
    "dateReserved": "2025-10-10T00:00:00.000Z",
    "dateUpdated": "2025-10-10T14:21:31.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-59692 (GCVE-0-2025-59692)

Vulnerability from cvelistv5 – Published: 2025-09-18 00:00 – Updated: 2025-09-19 13:08
VLAI
Summary
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
Impacted products
Vendor Product Version
PureVPN PureVPN Affected: CLI 2.0.1 (custom)
Affected: GUI 2.10.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59692",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T13:08:24.214138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T13:08:31.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PureVPN",
          "vendor": "PureVPN",
          "versions": [
            {
              "status": "affected",
              "version": "CLI 2.0.1",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "GUI 2.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "CLI 2.0.1",
                  "versionStartIncluding": "CLI 2.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "GUI 2.10.0",
                  "versionStartIncluding": "GUI 2.10.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system\u0027s existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T23:01:42.176Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://anagogistis.com/posts/purevpn-ipv6-leak/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59692",
    "datePublished": "2025-09-18T00:00:00.000Z",
    "dateReserved": "2025-09-18T00:00:00.000Z",
    "dateUpdated": "2025-09-19T13:08:31.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-59691 (GCVE-0-2025-59691)

Vulnerability from cvelistv5 – Published: 2025-09-18 00:00 – Updated: 2025-09-19 13:08
VLAI
Summary
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
Impacted products
Vendor Product Version
PureVPN PureVPN Affected: CLI 2.0.1 (custom)
Affected: GUI 2.10.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59691",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T13:08:42.717940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T13:08:52.061Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PureVPN",
          "vendor": "PureVPN",
          "versions": [
            {
              "status": "affected",
              "version": "CLI 2.0.1",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "GUI 2.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "CLI 2.0.1",
                  "versionStartIncluding": "CLI 2.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "GUI 2.10.0",
                  "versionStartIncluding": "GUI 2.10.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T22:58:26.187Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://anagogistis.com/posts/purevpn-ipv6-leak/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59691",
    "datePublished": "2025-09-18T00:00:00.000Z",
    "dateReserved": "2025-09-18T00:00:00.000Z",
    "dateUpdated": "2025-09-19T13:08:52.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.