{"vulnerability": "cve-2025-5229", "sightings": [{"uuid": "7b846183-dee1-4c7d-9298-35ae65e2cb27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5229", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4xrhbk6lz2", "content": "", "creation_timestamp": "2025-05-27T05:35:36.914513Z"}, {"uuid": "4f836b39-0dda-4936-a65b-74d76f451de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5229", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq573lzbft2e", "content": "", "creation_timestamp": "2025-05-27T07:46:29.513994Z"}, {"uuid": "26220d02-e04e-42c8-93d8-4609805091a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5229", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17596", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5229\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/view-patient.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-27T03:31:04.508Z\n\ud83d\udccf Modified: 2025-05-27T03:31:04.508Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.310328\n2. https://vuldb.com/?ctiid.310328\n3. https://vuldb.com/?submit.583490\n4. https://github.com/sarryi/cve/issues/1\n5. https://www.campcodes.com/", "creation_timestamp": "2025-05-27T03:47:52.000000Z"}, {"uuid": "1bd95fb3-a0b7-4f17-9ece-af80a7bba04f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52294", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20079", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52294\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance.\n\ud83d\udccf Published: 2025-07-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-07-01T19:55:20.327Z\n\ud83d\udd17 References:\n1. https://pastebin.com/3K4kt713", "creation_timestamp": "2025-07-01T20:09:39.000000Z"}, {"uuid": "d3e419d3-0856-4f2e-985f-288248cc4099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-52293", "type": "seen", "source": "https://infosec.exchange/users/sigdevel/statuses/116710484148913883", "content": "Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser\nProcessing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`, causing a Denial of Service.\nSummary:The `gf_hevc_read_sps_bs_internal()` function in `media_tools/av_parsers.c` does not safely handle crafted HEVC SPS data while parsing video configuration from a malicious MP4 file. During import and split processing, malformed SPS data reaches the HEVC parser and causes an invalid memory read.\nAddressSanitizer reports a `SEGV` caused by a `READ` memory access at `media_tools/av_parsers.c:9309`. The crash occurs while MP4Box processes the crafted file through the isomedia input and NAL replacement/configuration path.\nCWE:CWE classification was not specified in the local MITRE data. This issue is best described as a memory safety violation in HEVC SPS parsing, with an observed out-of-bounds/invalid read leading to SIGSEGV.\nAffected Component:```media_tools/av_parsers.c:9309Function: gf_hevc_read_sps_bs_internal()```\nAffected Product:MP4Box (GPAC Multimedia Open Source Project)\nAffected Version:MP4Box versions 2.4 and earlier (GPAC build at commit: 8a0d5b43c242fe4befb88530e4c9afef37114161)\nAttack Conditions:An attacker supplies a crafted MP4 file containing malformed HEVC SPS NAL units. The issue can be reproduced locally with:\n```./MP4Box -add 3_poc.mp4 -new /dev/null -split-size 5000000```No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.\nImpact:The immediate observed impact is Denial of Service due to process termination. The local CVE request classifies the issue as a buffer overflow / memory safety violation. The observed ASAN trace shows an invalid read; no evidence of arbitrary code execution was observed.\nFix / mitigation status:The issue was fixed in GPAC commit:\n```d091c7e92ef0b6497b808e243501f500135f69c4```\nUsers should update to a GPAC build containing this commit or later. The parser should validate HEVC SPS bitstream boundaries and reject malformed SPS/NAL data before reading fields from the bitstream.\nReferences:\n- Issue: https://github.com/gpac/gpac/issues/3146- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/3/3_poc.mp4- Fix: https://github.com/gpac/gpac/commit/d091c7e92ef0b6497b808e243501f500135f69c4\nCredit@sigdevel\n#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media", "creation_timestamp": "2026-06-07T19:38:15.114003Z"}]}