Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 7d5ca631ca02 · 2025-12-01T06:32:10.000Z
GHSA-2vgr-2fqq-2wwf GHSA-53v5-9752-qq92 GHSA-fgmj-6h3v-4q56 GHSA-fxj6-w3mv-7pg7 GHSA-m5mq-qmxj-jm78 GHSA-qp56-qj59-hjf8
diff --git a/advisories/unreviewed/2025/12/GHSA-2vgr-2fqq-2wwf/GHSA-2vgr-2fqq-2wwf.json b/advisories/unreviewed/2025/12/GHSA-2vgr-2fqq-2wwf/GHSA-2vgr-2fqq-2wwf.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vgr-2fqq-2wwf",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13807"
+  ],
+  "details": "A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13807"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-information-disclosure-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-information-disclosure-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333817"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333817"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692066"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T05:16:02Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-53v5-9752-qq92/GHSA-53v5-9752-qq92.json b/advisories/unreviewed/2025/12/GHSA-53v5-9752-qq92/GHSA-53v5-9752-qq92.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-53v5-9752-qq92",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13806"
+  ],
+  "details": "A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13806"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692061"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T05:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-fgmj-6h3v-4q56/GHSA-fgmj-6h3v-4q56.json b/advisories/unreviewed/2025/12/GHSA-fgmj-6h3v-4q56/GHSA-fgmj-6h3v-4q56.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fgmj-6h3v-4q56",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13805"
+  ],
+  "details": "A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13805"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.md#vulnerability-details-and-poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333815"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333815"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692053"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T04:16:05Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-fxj6-w3mv-7pg7/GHSA-fxj6-w3mv-7pg7.json b/advisories/unreviewed/2025/12/GHSA-fxj6-w3mv-7pg7/GHSA-fxj6-w3mv-7pg7.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fxj6-w3mv-7pg7",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13808"
+  ],
+  "details": "A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13808"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333818"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333818"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692068"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T05:16:04Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-m5mq-qmxj-jm78/GHSA-m5mq-qmxj-jm78.json b/advisories/unreviewed/2025/12/GHSA-m5mq-qmxj-jm78/GHSA-m5mq-qmxj-jm78.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m5mq-qmxj-jm78",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13809"
+  ],
+  "details": "A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333819"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333819"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692069"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T06:15:58Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-qp56-qj59-hjf8/GHSA-qp56-qj59-hjf8.json b/advisories/unreviewed/2025/12/GHSA-qp56-qj59-hjf8/GHSA-qp56-qj59-hjf8.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qp56-qj59-hjf8",
+  "modified": "2025-12-01T06:30:25Z",
+  "published": "2025-12-01T06:30:25Z",
+  "aliases": [
+    "CVE-2025-13804"
+  ],
+  "details": "A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13804"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-InfoLeak-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-InfoLeak-1/report.md#vulnerability-details-and-poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333814"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333814"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692050"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T04:16:05Z"
+  }
+}
