{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "SAP heeft kwetsbaarheden verholpen in diverse SAP producten als HANA, Business Objects en Netweaver.", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden omvatten een gebrek aan autorisatiecontroles, waardoor aanvallers functies zonder beperkingen kunnen uitvoeren. Dit kan leiden tot ongeautoriseerde acties binnen de applicatie, wat de integriteit en vertrouwelijkheid in gevaar kan brengen. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor geauthenticeerde gebruikers om hun privileges te escaleren, wat kan resulteren in een significante compromittering van de applicatie. De aanwezigheid van Cross-Site Scripting (XSS) kwetsbaarheden stelt aanvallers in staat om kwaadaardige scripts op te slaan, wat de vertrouwelijkheid van gevoelige sessie-informatie in gevaar kan brengen. De noodzaak voor verbeterde beveiligingsmaatregelen en strikte toegangcontroles is duidelijk.", "title": "Interpretaties" }, { "category": "description", "text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Free of Memory not on the Heap", "title": "CWE-590" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "Origin Validation Error", "title": "CWE-346" }, { "category": "general", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" }, { "category": "general", "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "title": "CWE-22" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Source - sap", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html" } ], "title": "Kwetsbaarheden verholpen in SAP Producten", "tracking": { "current_release_date": "2025-06-10T10:15:56.898255Z", "generator": { "date": "2025-06-05T14:45:00Z", "engine": { "name": "V.A.", "version": "1.1" } }, "id": "NCSC-2025-0186", "initial_release_date": "2025-06-10T10:15:56.898255Z", "revision_history": [ { "date": "2025-06-10T10:15:56.898255Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/758", "product": { "name": "vers:unknown/758", "product_id": "CSAFPID-2905222" } } ], "category": "product_name", "name": "NetWeaver" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.89", "product": { "name": "vers:unknown/7.89", "product_id": "CSAFPID-874040", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.89:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/7.93", "product": { "name": "vers:unknown/7.93", "product_id": "CSAFPID-2905130" } }, { "category": "product_version_range", "name": "vers:unknown/9.14", "product": { "name": "vers:unknown/9.14", "product_id": "CSAFPID-2905131" } }, { "category": "product_version_range", "name": "vers:unknown/9.15", "product": { "name": "vers:unknown/9.15", "product_id": "CSAFPID-2905132" } } ], "category": "product_name", "name": "NetWeaver Application Server for ABAP" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/grcpinwv1100_700", "product": { "name": "vers:unknown/grcpinwv1100_700", "product_id": "CSAFPID-2904199" } }, { "category": "product_version_range", "name": "vers:unknown/v1100_731", "product": { "name": "vers:unknown/v1100_731", "product_id": "CSAFPID-2904200" } } ], "category": "product_name", "name": "SAP GRC (AC Plugin)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_bw 750", "product": { "name": "vers:unknown/sap_bw 750", "product_id": "CSAFPID-2905154" } }, { "category": "product_version_range", "name": "vers:unknown/pi_basis 2006_1_700", "product": { "name": "vers:unknown/pi_basis 2006_1_700", "product_id": "CSAFPID-2905153" } }, { "category": "product_version_range", "name": "vers:unknown/915", "product": { "name": "vers:unknown/915", "product_id": "CSAFPID-2905152" } }, { "category": "product_version_range", "name": "vers:unknown/914", "product": { "name": "vers:unknown/914", "product_id": "CSAFPID-2905151" } }, { "category": "product_version_range", "name": "vers:unknown/758", "product": { "name": "vers:unknown/758", "product_id": "CSAFPID-2905150" } }, { "category": "product_version_range", "name": "vers:unknown/757", "product": { "name": "vers:unknown/757", "product_id": "CSAFPID-2905149" } }, { "category": "product_version_range", "name": "vers:unknown/756", "product": { "name": "vers:unknown/756", "product_id": "CSAFPID-2905148" } }, { "category": "product_version_range", "name": "vers:unknown/755", "product": { "name": "vers:unknown/755", "product_id": "CSAFPID-2905147" } }, { "category": "product_version_range", "name": "vers:unknown/754", "product": { "name": "vers:unknown/754", "product_id": "CSAFPID-2905146" } }, { "category": "product_version_range", "name": "vers:unknown/753", "product": { "name": "vers:unknown/753", "product_id": "CSAFPID-2905145" } }, { "category": "product_version_range", "name": "vers:unknown/752", "product": { "name": "vers:unknown/752", "product_id": "CSAFPID-2905144" } }, { "category": "product_version_range", "name": "vers:unknown/751", "product": { "name": "vers:unknown/751", "product_id": "CSAFPID-2905143" } }, { "category": "product_version_range", "name": "vers:unknown/740", "product": { "name": "vers:unknown/740", "product_id": "CSAFPID-2905142" } }, { "category": "product_version_range", "name": "vers:unknown/731", "product": { "name": "vers:unknown/731", "product_id": "CSAFPID-2905141" } }, { "category": "product_version_range", "name": "vers:unknown/702", "product": { "name": "vers:unknown/702", "product_id": "CSAFPID-2905140" } }, { "category": "product_version_range", "name": "vers:unknown/701", "product": { "name": "vers:unknown/701", "product_id": "CSAFPID-2905139" } } ], "category": "product_name", "name": "Business Warehouse and Plug-In Basis" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2027", "product": { "name": "vers:unknown/2027", "product_id": "CSAFPID-2905156" } }, { "category": "product_version_range", "name": "vers:unknown/2025", "product": { "name": "vers:unknown/2025", "product_id": "CSAFPID-2905155" } }, { "category": "product_version_range", "name": "vers:unknown/enterprise 430", "product": { "name": "vers:unknown/enterprise 430", "product_id": "CSAFPID-2905157" } } ], "category": "product_name", "name": "BusinessObjects Business Intelligence" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/7.50", "product": { "name": "vers:unknown/7.50", "product_id": "CSAFPID-2905221" } } ], "category": "product_name", "name": "NetWeaver Visual Composer" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/710.750", "product": { "name": "vers:unknown/710.750", "product_id": "CSAFPID-2905135" } } ], "category": "product_name", "name": "MDM Server" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/758", "product": { "name": "vers:unknown/758", "product_id": "CSAFPID-2904238" } } ], "category": "product_name", "name": "SAP S/4HANA (Enterprise Event Enablement)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/sap_basis758", "product": { "name": "vers:unknown/sap_basis758", "product_id": "CSAFPID-2904192" } } ], "category": "product_name", "name": "SAP NetWeaver (ABAP Keyword Documentation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/107", "product": { "name": "vers:unknown/107", "product_id": "CSAFPID-2904218" } }, { "category": "product_version_range", "name": "vers:unknown/108", "product": { "name": "vers:unknown/108", "product_id": "CSAFPID-2904219" } }, { "category": "product_version_range", "name": "vers:unknown/s4core106", "product": { "name": "vers:unknown/s4core106", "product_id": "CSAFPID-2904217" } } ], "category": "product_name", "name": "SAP S/4HANA (Manage Central Purchase Contract application)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/b1_on_hana 10.0", "product": { "name": "vers:unknown/b1_on_hana 10.0", "product_id": "CSAFPID-2905133" } }, { "category": "product_version_range", "name": "vers:unknown/sap-m-bo 10.0", "product": { "name": "vers:unknown/sap-m-bo 10.0", "product_id": "CSAFPID-2905134" } } ], "category": "product_name", "name": "Business One Integration Framework" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/105", "product": { "name": "vers:unknown/105", "product_id": "CSAFPID-2904221" } }, { "category": "product_version_range", "name": "vers:unknown/106", "product": { "name": "vers:unknown/106", "product_id": "CSAFPID-2904222" } }, { "category": "product_version_range", "name": "vers:unknown/107", "product": { "name": "vers:unknown/107", "product_id": "CSAFPID-2904223" } }, { "category": "product_version_range", "name": "vers:unknown/108", "product": { "name": "vers:unknown/108", "product_id": "CSAFPID-2904224" } }, { "category": "product_version_range", "name": "vers:unknown/s4core104", "product": { "name": "vers:unknown/s4core104", "product_id": "CSAFPID-2904220" } } ], "category": "product_name", "name": "SAP S/4HANA (Manage Processing Rules - For Bank Statement)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/2025", "product": { "name": "vers:unknown/2025", "product_id": "CSAFPID-2905206" } }, { "category": "product_version_range", "name": "vers:unknown/2027", "product": { "name": "vers:unknown/2027", "product_id": "CSAFPID-2905207" } }, { "category": "product_version_range", "name": "vers:unknown/enterprise 430", "product": { "name": "vers:unknown/enterprise 430", "product_id": "CSAFPID-2905208" } } ], "category": "product_name", "name": "Business Objects Business Intelligence Platform" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/754", "product": { "name": "vers:unknown/754", "product_id": "CSAFPID-2904230" } }, { "category": "product_version_range", "name": "vers:unknown/755", "product": { "name": "vers:unknown/755", "product_id": "CSAFPID-2904231" } }, { "category": "product_version_range", "name": "vers:unknown/756", "product": { "name": "vers:unknown/756", "product_id": "CSAFPID-2904232" } }, { "category": "product_version_range", "name": "vers:unknown/757", "product": { "name": "vers:unknown/757", "product_id": "CSAFPID-2904233" } }, { "category": "product_version_range", "name": "vers:unknown/758", "product": { "name": "vers:unknown/758", "product_id": "CSAFPID-2904234" } } ], "category": "product_name", "name": "SAPUI5 applications" } ], "category": "vendor", "name": "SAP" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-42984", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42984 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42984.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42984" }, { "cve": "CVE-2025-42998", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "other", "text": "Origin Validation Error", "title": "CWE-346" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42998 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42998.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42998" }, { "cve": "CVE-2025-42987", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42987 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42987.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42987" }, { "cve": "CVE-2025-42989", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42989 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42989.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42989" }, { "cve": "CVE-2025-42982", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42982 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42982.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42982" }, { "cve": "CVE-2025-42983", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42983 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42983.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "baseScore": 8.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42983" }, { "cve": "CVE-2025-23192", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-23192 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23192.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "baseScore": 8.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-23192" }, { "cve": "CVE-2025-42977", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "other", "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "title": "CWE-22" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42977 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42977.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "baseScore": 7.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42977" }, { "cve": "CVE-2025-42994", "cwe": { "id": "CWE-590", "name": "Free of Memory not on the Heap" }, "notes": [ { "category": "other", "text": "Free of Memory not on the Heap", "title": "CWE-590" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42994 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42994.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42994" }, { "cve": "CVE-2025-42993", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42993 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42993.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42993" }, { "cve": "CVE-2025-31325", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-31325 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31325.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-31325" }, { "cve": "CVE-2025-42991", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42991 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42991.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42991" }, { "cve": "CVE-2025-42988", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42988 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42988.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42988" }, { "cve": "CVE-2025-42990", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] }, "references": [ { "category": "self", "summary": "CVE-2025-42990 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42990.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "baseScore": 3.0, "baseSeverity": "LOW" }, "products": [ "CSAFPID-2905222", "CSAFPID-874040", "CSAFPID-2905130", "CSAFPID-2905131", "CSAFPID-2905132", "CSAFPID-2904199", "CSAFPID-2904200", "CSAFPID-2905154", "CSAFPID-2905153", "CSAFPID-2905152", "CSAFPID-2905151", "CSAFPID-2905150", "CSAFPID-2905149", "CSAFPID-2905148", "CSAFPID-2905147", "CSAFPID-2905146", "CSAFPID-2905145", "CSAFPID-2905144", "CSAFPID-2905143", "CSAFPID-2905142", "CSAFPID-2905141", "CSAFPID-2905140", "CSAFPID-2905139", "CSAFPID-2905156", "CSAFPID-2905155", "CSAFPID-2905157", "CSAFPID-2905221", "CSAFPID-2905135", "CSAFPID-2904238", "CSAFPID-2904192", "CSAFPID-2904218", "CSAFPID-2904219", "CSAFPID-2904217", "CSAFPID-2905133", "CSAFPID-2905134", "CSAFPID-2904221", "CSAFPID-2904222", "CSAFPID-2904223", "CSAFPID-2904224", "CSAFPID-2904220", "CSAFPID-2905206", "CSAFPID-2905207", "CSAFPID-2905208", "CSAFPID-2904230", "CSAFPID-2904231", "CSAFPID-2904232", "CSAFPID-2904233", "CSAFPID-2904234" ] } ], "title": "CVE-2025-42990" } ] }