{"vulnerability": "CVE-2025-2536", "sightings": [{"uuid": "e5a21625-376c-4150-88bb-15c349f2dce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkc5tfxs7224", "content": "", "creation_timestamp": "2025-03-13T22:36:10.473694Z"}, {"uuid": "4e09d19e-0942-4717-bea7-de871f76a442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114123350572256091", "content": "", "creation_timestamp": "2025-03-07T21:49:00.509385Z"}, {"uuid": "69c7b429-4281-4454-b5ab-b9bdf7f92277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljt7py5gfq2y", "content": "", "creation_timestamp": "2025-03-08T00:00:06.361957Z"}, {"uuid": "8978561e-840f-4736-87bc-79c08d11e435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114116743799665732", "content": "", "creation_timestamp": "2025-03-06T17:48:43.512968Z"}, {"uuid": "1b076b3a-7bd9-4e71-9f2d-98f0cbbe05bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljqpb3xgca24", "content": "", "creation_timestamp": "2025-03-07T00:00:07.906545Z"}, {"uuid": "83821798-b956-46df-af51-9cc5ea0dc623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-25364", "type": "seen", "source": "https://infosec.exchange/users/threatcodex/statuses/114217935883108579", "content": "", "creation_timestamp": "2025-03-24T14:43:11.710030Z"}, {"uuid": "05a7d033-ae93-416d-892a-5dbb852e095e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:42.000000Z"}, {"uuid": "61b50a05-18b0-4d84-b300-580403a93275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkr2mygvvg2n", "content": "", "creation_timestamp": "2025-03-19T20:48:51.528790Z"}, {"uuid": "2d3dc36b-109d-4ff4-abb5-d289ee91cf12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3ln4arcbktd2z", "content": "", "creation_timestamp": "2025-04-18T18:28:17.084922Z"}, {"uuid": "cbd545ce-965b-4b2b-85e2-1255af64d96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3ln4hb7anxx2q", "content": "", "creation_timestamp": "2025-04-18T20:24:32.596870Z"}, {"uuid": "9ff63c1a-d296-4394-ade4-ce5f86e6d81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-25364", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lncwvajcmt26", "content": "", "creation_timestamp": "2025-04-21T10:20:09.440949Z"}, {"uuid": "38f33a9d-cb5b-498d-9e43-dff14831c413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:23.000000Z"}, {"uuid": "946fff54-47f4-4ec8-a1ec-ee53877276ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljo5nlello2h", "content": "", "creation_timestamp": "2025-03-05T23:39:40.671681Z"}, {"uuid": "e5c14d78-817f-41a8-822e-ef8ac76bbc0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114364291565132421", "content": "", "creation_timestamp": "2025-04-19T11:03:22.578372Z"}, {"uuid": "3bfb6884-f291-4ee9-a400-0f961411e27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:45.000000Z"}, {"uuid": "79e4e817-7753-4cb6-8f79-bc808116205f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25369", "type": "seen", "source": "https://t.me/GithubRedTeam/15676", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-25369\nURL\uff1ahttps://github.com/DRAGOWN/CVE-2025-26263\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-02-26T17:43:25.000000Z"}, {"uuid": "cba472bf-ff2e-453b-9aa4-9efb48c80fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:23.000000Z"}, {"uuid": "41b51a92-c00a-47db-851a-ea2453685fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3maoiuluz6w27", "content": "", "creation_timestamp": "2025-12-23T19:39:54.355968Z"}, {"uuid": "e5e9e4a0-90c3-4503-b30d-1104ad2394b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3maonzqlbkz2e", "content": "", "creation_timestamp": "2025-12-23T21:12:14.601875Z"}, {"uuid": "871407b4-aa7a-4a8e-9acf-8d088249d570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25364", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/458", "content": "Top Security News for Today\n\nSuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy  \nhttps://www.reddit.com/r/netsec/comments/1k21cf9/supercard_x_exposing_a_chinesespeaker_maas_for/\n\nAES & ChaCha \u2014 A Case for Simplicity in Cryptography  \nhttps://www.reddit.com/r/netsec/comments/1k1y676/aes_chacha_a_case_for_simplicity_in_cryptography/\n\nCVE-2025-25364: Speedify VPN MacOS privilege Escalation  \nhttps://www.reddit.com/r/netsec/comments/1k2bpp5/cve202525364_speedify_vpn_macos_privilege/\n\nFriday Squid Blogging: Live Colossal Squid Filmed  \nhttps://www.schneier.com/blog/archives/2025/04/friday-squid-blogging-live-colossal-squid-filmed.html\n\nA Dark Reading Panel - \"The Promise and Perils of AI: Navigating Emerging Cyber Threats\"  \nhttps://bishopfox.com/blog/dark-reading-panel-promise-perils-ai-navigating-emerging-cyber-threats-blog\n\nDecentralised collaborative action: cryptoeconomics in space  \nhttps://arxiv.org/abs/2504.12465\n\nFollow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2025-04-19T09:30:26.000000Z"}, {"uuid": "6bc33036-749f-4e7e-83dc-ba71086ae269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6613", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25362\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.\n\ud83d\udccf Published: 2025-03-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-05T20:12:58.165Z\n\ud83d\udd17 References:\n1. https://github.com/explosion/spacy-llm/issues/492", "creation_timestamp": "2025-03-05T20:36:50.000000Z"}, {"uuid": "b55a2bb3-dde2-45fb-88a7-f60c52f0694b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25369", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/15630", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-25369\nURL\uff1ahttps://github.com/lkasjkasj/CVE-2025-25369\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-02-26T12:23:35.000000Z"}, {"uuid": "ab9c27f4-c568-43c3-9e7c-fc776c4a5f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6883", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25361\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.\n\ud83d\udccf Published: 2025-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T19:48:51.354Z\n\ud83d\udd17 References:\n1. https://github.com/c0rdXy/POC/blob/master/CVE/PublicCMS/XSS_02/XSS_02.md", "creation_timestamp": "2025-03-07T20:40:30.000000Z"}, {"uuid": "5ab35900-2eac-4a0f-820b-7c05d38b88ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2536", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2536\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's layout-taglib/__liferay__/index.js allows remote attackers to inject arbitrary web script or HTML via toastData parameter\n\ud83d\udccf Published: 2025-03-19T19:00:42.808Z\n\ud83d\udccf Modified: 2025-03-19T19:00:42.808Z\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536", "creation_timestamp": "2025-03-19T19:18:20.000000Z"}, {"uuid": "17f99728-4f9d-4410-b06f-4593cffc7992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11003", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25362\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.\n\ud83d\udccf Published: 2025-03-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T20:35:57.417Z\n\ud83d\udd17 References:\n1. https://github.com/explosion/spacy-llm/issues/492\n2. https://www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/", "creation_timestamp": "2025-04-08T20:46:47.000000Z"}, {"uuid": "c1b37e9a-c361-45a5-837f-2bc6021a4342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25369", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/15681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-25369\nURL\uff1ahttps://github.com/DRAGOWN/CVE-2025-26264\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-02-26T18:12:45.000000Z"}, {"uuid": "6cf3ea04-9065-4a29-a045-0eb5dd0d1695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "https://t.me/cvedetector/19740", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25361 - PublicCMS Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25361 \nPublished : March 6, 2025, 7:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T22:12:27.000000Z"}, {"uuid": "f3af9e22-1267-4a05-8128-208635e4a181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25363", "type": "seen", "source": "https://t.me/cvedetector/20253", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25363 - JEMH Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-25363 \nPublished : March 13, 2025, 6:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T21:28:44.000000Z"}, {"uuid": "d23bfbe5-8de1-4f93-8e7f-e20e8ddccc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25362", "type": "seen", "source": "https://t.me/cvedetector/19666", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25362 - Spacy-LLM SSTI Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-25362 \nPublished : March 5, 2025, 9:15 p.m. | 2\u00a0hours, 22\u00a0minutes ago \nDescription : A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T01:18:24.000000Z"}, {"uuid": "66379be2-8f53-46ab-beee-d1cfed73c581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25361", "type": "seen", "source": "Telegram/7IuFFCL9Ovx5DaPeELjn4IUeEmdMvGD6YyPU4TwE88jOs6Yy", "content": "", "creation_timestamp": "2025-03-08T04:35:53.000000Z"}, {"uuid": "2076d6d8-18fc-43c4-ad27-22cb2e91e469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25369", "type": "published-proof-of-concept", "source": "Telegram/eal9Ra0ypGkEhYFNQI-UasMXMNQG9dqnJsA3nKGQdMfgq1c", "content": "", "creation_timestamp": "2025-02-26T16:00:08.000000Z"}]}