{"vulnerability": "CVE-2025-4260", "sightings": [{"uuid": "fb93fb43-9baf-4d8a-8241-c2910bea46f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42602", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3hsar2h", "content": "", "creation_timestamp": "2025-04-23T13:15:12.400377Z"}, {"uuid": "bfb43b01-ac66-4e5e-b0d8-6ee01bfa112b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42601", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3pvzb2h", "content": "", "creation_timestamp": "2025-04-23T13:15:13.686763Z"}, {"uuid": "de1d9756-4907-4607-aea1-95a5027e3a38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42604", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3xc6y2j", "content": "", "creation_timestamp": "2025-04-23T13:15:14.898739Z"}, {"uuid": "0af36ffb-197c-41bd-9f3e-7dd1d1a619eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42600", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm43vjg2t", "content": "", "creation_timestamp": "2025-04-23T13:15:15.506471Z"}, {"uuid": "0a30e122-615b-4cd8-94ad-c29f3245d259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42605", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm47sxu2g", "content": "", "creation_timestamp": "2025-04-23T13:15:16.120206Z"}, {"uuid": "5df6c3ea-690f-46e6-bb85-6374af9543a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42603", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm4dd6z2u", "content": "", "creation_timestamp": "2025-04-23T13:15:16.716470Z"}, {"uuid": "d5564ea1-d17a-4b14-90b9-ee7bc77fe73c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4260", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lofprj5jm42p", "content": "", "creation_timestamp": "2025-05-05T06:16:05.365464Z"}, {"uuid": "17e31475-bbd4-4417-bbcc-d9f7b26ca3f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42600", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42600\n\ud83d\udd25 CVSS Score: 8.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts.\n\ud83d\udccf Published: 2025-04-23T10:25:16.725Z\n\ud83d\udccf Modified: 2025-04-23T10:51:55.534Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:43.000000Z"}, {"uuid": "ffb5151d-9b34-4f24-842d-b0c818f82611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42601", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13019", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42601\n\ud83d\udd25 CVSS Score: 8.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism.\n\ud83d\udccf Published: 2025-04-23T10:32:30.140Z\n\ud83d\udccf Modified: 2025-04-23T10:52:24.051Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:42.000000Z"}, {"uuid": "bd6bba4d-d263-4257-b9a2-95570fd96817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42602", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13024", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42602\n\ud83d\udd25 CVSS Score: 8.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.\n\ud83d\udccf Published: 2025-04-23T10:36:07.815Z\n\ud83d\udccf Modified: 2025-04-23T10:36:07.815Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:49.000000Z"}, {"uuid": "d52f26b6-42e3-4db3-a386-da37aa803742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13023", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42603\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account.\n\ud83d\udccf Published: 2025-04-23T10:38:49.256Z\n\ud83d\udccf Modified: 2025-04-23T10:38:49.256Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:48.000000Z"}, {"uuid": "e061af9b-f752-4947-ab2c-19f9caf239e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42604", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13022", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42604\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information.\n\ud83d\udccf Published: 2025-04-23T10:43:56.953Z\n\ud83d\udccf Modified: 2025-04-23T10:43:56.953Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:44.000000Z"}, {"uuid": "61800bda-7d57-4fbc-a37d-542e0b565230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42605", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13021", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-42605\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts.\n\ud83d\udccf Published: 2025-04-23T10:51:00.255Z\n\ud83d\udccf Modified: 2025-04-23T10:51:00.255Z\n\ud83d\udd17 References:\n1. https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", "creation_timestamp": "2025-04-23T11:20:44.000000Z"}, {"uuid": "ebabc056-f9b8-4390-8092-04830db6168f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4260", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14830", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4260\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\\web\\handler\\admin\\system\\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-05T02:31:04.576Z\n\ud83d\udccf Modified: 2025-05-05T02:31:04.576Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.307364\n2. https://vuldb.com/?ctiid.307364\n3. https://vuldb.com/?submit.562902\n4. https://github.com/Serein123y/vulnerability/blob/main/vul.md", "creation_timestamp": "2025-05-05T03:19:59.000000Z"}, {"uuid": "e03a8636-96f3-4db6-ab74-8fa6c51ffbbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42602", "type": "seen", "source": "https://t.me/cvedetector/23587", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42602 - Meon KYC Token Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-42602 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:58.000000Z"}, {"uuid": "f4ca50dc-851b-4de9-8815-011cd0e50be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42601", "type": "seen", "source": "https://t.me/cvedetector/23586", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42601 - Meon KYC Captcha Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-42601 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:54.000000Z"}, {"uuid": "eacde636-d4c9-474e-8e5e-6b61bc388188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42600", "type": "seen", "source": "https://t.me/cvedetector/23585", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42600 - Meon KYC Brute Force OTP Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-42600 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:54.000000Z"}, {"uuid": "b51d90af-e19d-4b1e-8b67-c27143b7f32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42605", "type": "seen", "source": "https://t.me/cvedetector/23584", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42605 - Meon Bidding Solutions Remote Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-42605 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts.  \n  \nSuccessful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:53.000000Z"}, {"uuid": "7f78b69b-f27f-4067-ab98-99269ad0b972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42604", "type": "seen", "source": "https://t.me/cvedetector/23583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42604 - Meon KYC Debug Mode Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-42604 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:52.000000Z"}, {"uuid": "1bcd2126-0af5-410e-936d-b32bc418b1b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-42603", "type": "seen", "source": "https://t.me/cvedetector/23582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-42603 - Meon KYC Plain Text Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-42603 \nPublished : April 23, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users.  \n  \nSuccessful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T14:28:51.000000Z"}, {"uuid": "0aeb96a7-d042-436e-82d6-422d43a81661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4260", "type": "seen", "source": "https://t.me/cvedetector/24432", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4260 - Zhangyanbo2007 Youkefu Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4260 \nPublished : May 5, 2025, 3:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\\web\\handler\\admin\\system\\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T07:30:48.000000Z"}]}