Publish Advisories

GHSA-wp3j-xq48-xpjw
GHSA-83xx-9f6p-vwfj
GHSA-qg4c-8pj4-qgw2
GHSA-2fv7-mv57-whf5
GHSA-4vx3-8w8x-cp7w
GHSA-5wpc-p9f6-h8mw
GHSA-79jv-p4w2-qgx9
GHSA-7xp6-cgj4-vvc8
GHSA-8rmc-cwjc-p5cg
GHSA-97h6-26vh-vqj6
GHSA-9p5f-59cx-3356
GHSA-q95h-87j6-273x
GHSA-r22g-w3wp-pqgc
GHSA-r7wf-xj64-53f2
GHSA-x2hr-hc3f-wj3x
GHSA-x2rm-j7cc-24ph
GHSA-xc8g-qwx7-gcfr

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2025-10-23T21:31:38Z",
+  "modified": "2025-10-24T00:30:52Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -86,6 +86,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19094"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18240"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18218"

advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83xx-9f6p-vwfj",
-  "modified": "2025-10-22T09:30:18Z",
+  "modified": "2025-10-24T00:30:52Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49796"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18240"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18219"

advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qg4c-8pj4-qgw2",
-  "modified": "2025-10-22T09:30:18Z",
+  "modified": "2025-10-24T00:30:52Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49794"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18240"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18219"

advisories/unreviewed/2025/10/GHSA-2fv7-mv57-whf5/GHSA-2fv7-mv57-whf5.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fv7-mv57-whf5",
+  "modified": "2025-10-24T00:30:53Z",
+  "published": "2025-10-24T00:30:53Z",
+  "aliases": [
+    "CVE-2025-61977"
+  ],
+  "details": "A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61977"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.automationdirect.com/support/software-downloads"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-640"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T22:15:48Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-4vx3-8w8x-cp7w/GHSA-4vx3-8w8x-cp7w.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4vx3-8w8x-cp7w",
+  "modified": "2025-10-24T00:30:53Z",
+  "published": "2025-10-24T00:30:52Z",
+  "aliases": [
+    "CVE-2025-61934"
+  ],
+  "details": "A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61934"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.automationdirect.com/support/software-downloads"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1327"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T22:15:48Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5wpc-p9f6-h8mw/GHSA-5wpc-p9f6-h8mw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5wpc-p9f6-h8mw",
+  "modified": "2025-10-24T00:30:52Z",
+  "published": "2025-10-24T00:30:52Z",
+  "aliases": [
+    "CVE-2025-59273"
+  ],
+  "details": "Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59273"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T22:15:47Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-79jv-p4w2-qgx9/GHSA-79jv-p4w2-qgx9.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-79jv-p4w2-qgx9",
+  "modified": "2025-10-24T00:30:53Z",
+  "published": "2025-10-24T00:30:53Z",
+  "aliases": [
+    "CVE-2025-59776"
+  ],
+  "details": "A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59776"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.automationdirect.com/support/software-downloads"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-23"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T23:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7xp6-cgj4-vvc8/GHSA-7xp6-cgj4-vvc8.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7xp6-cgj4-vvc8",
+  "modified": "2025-10-24T00:30:52Z",
+  "published": "2025-10-24T00:30:52Z",
+  "aliases": [
+    "CVE-2025-58456"
+  ],
+  "details": "A relative path traversal vulnerability was discovered in Productivity Suite software version \n\n4.4.1.19.\n\n The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58456"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.automationdirect.com/support/software-downloads"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-23"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T22:15:41Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8rmc-cwjc-p5cg/GHSA-8rmc-cwjc-p5cg.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8rmc-cwjc-p5cg",
+  "modified": "2025-10-24T00:30:53Z",
+  "published": "2025-10-24T00:30:53Z",
+  "aliases": [
+    "CVE-2025-58429"
+  ],
+  "details": "A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58429"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.automationdirect.com/support/software-downloads"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-23"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T23:15:37Z"
+  }
+}