Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2023/10/GHSA-4xc5-w23c-5pxx/GHSA-4xc5-w23c-5pxx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4xc5-w23c-5pxx",
-  "modified": "2023-11-03T18:30:23Z",
+  "modified": "2025-09-04T21:31:33Z",
   "published": "2023-10-30T18:30:24Z",
   "aliases": [
     "CVE-2021-39810"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://source.android.com/docs/security/bulletin/android-14"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-09-01"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/07/GHSA-3g8x-wqfp-q876/GHSA-3g8x-wqfp-q876.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3g8x-wqfp-q876",
-  "modified": "2024-12-30T21:30:46Z",
+  "modified": "2025-09-04T21:31:34Z",
   "published": "2024-07-09T12:30:58Z",
   "aliases": [
     "CVE-2024-3596"
@@ -19,6 +19,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3596"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
+    },
     {
       "type": "WEB",
       "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius"

advisories/unreviewed/2025/07/GHSA-8c4w-j52q-j4jq/GHSA-8c4w-j52q-j4jq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8c4w-j52q-j4jq",
-  "modified": "2025-09-02T21:30:57Z",
+  "modified": "2025-09-04T21:31:35Z",
   "published": "2025-07-10T15:31:28Z",
   "aliases": [
     "CVE-2025-7425"
@@ -31,10 +31,22 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:14858"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:14853"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:14819"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:14818"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:14396"

advisories/unreviewed/2025/08/GHSA-w4qh-6c5f-f896/GHSA-w4qh-6c5f-f896.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w4qh-6c5f-f896",
-  "modified": "2025-08-29T12:31:11Z",
+  "modified": "2025-09-04T21:31:36Z",
   "published": "2025-08-20T18:30:22Z",
   "aliases": [
     "CVE-2025-9236"

advisories/unreviewed/2025/09/GHSA-2652-fvfq-x6xr/GHSA-2652-fvfq-x6xr.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2652-fvfq-x6xr",
-  "modified": "2025-09-04T12:30:44Z",
+  "modified": "2025-09-04T21:31:37Z",
   "published": "2025-09-04T12:30:44Z",
   "aliases": [
     "CVE-2025-41049"
   ],
   "details": "A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-2cf2-h6p9-fh47/GHSA-2cf2-h6p9-fh47.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cf2-h6p9-fh47",
+  "modified": "2025-09-04T21:31:38Z",
+  "published": "2025-09-04T21:31:38Z",
+  "aliases": [
+    "CVE-2025-48553"
+  ],
+  "details": "In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48553"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/frameworks/base/+/660c7075dc00d23a47f8b2018d62c66b8e27c450"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-09-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-04T19:15:42Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-2g56-8jc9-jg87/GHSA-2g56-8jc9-jg87.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2g56-8jc9-jg87",
+  "modified": "2025-09-04T21:31:37Z",
+  "published": "2025-09-04T21:31:37Z",
+  "aliases": [
+    "CVE-2025-26454"
+  ],
+  "details": "In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26454"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/03cadb65c0b6a91a480041aa9129e9dbf995279b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d33d045407c5bd0000442667d9ef5c9fc3f590e5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-09-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-04T19:15:35Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-2h4r-wqvw-g722/GHSA-2h4r-wqvw-g722.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2h4r-wqvw-g722",
+  "modified": "2025-09-04T21:31:37Z",
+  "published": "2025-09-04T21:31:37Z",
+  "aliases": [
+    "CVE-2025-22425"
+  ],
+  "details": "In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22425"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/frameworks/base/+/8575592802b9527fe0f7cf19e9cb7159c9aa5121"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/frameworks/base/+/942884abf148426e948774b4857052da77ef77b3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-05-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-04T18:15:39Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-2m5x-4wp5-g3mp/GHSA-2m5x-4wp5-g3mp.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2m5x-4wp5-g3mp",
+  "modified": "2025-09-04T21:31:38Z",
+  "published": "2025-09-04T21:31:37Z",
+  "aliases": [
+    "CVE-2025-32333"
+  ],
+  "details": "In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/591ea09a63e577a9ed666006e70430cc4f245078"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-09-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-04T19:15:36Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-2qmf-q38x-5h24/GHSA-2qmf-q38x-5h24.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2qmf-q38x-5h24",
+  "modified": "2025-09-04T21:31:38Z",
+  "published": "2025-09-04T21:31:38Z",
+  "aliases": [
+    "CVE-2025-48538"
+  ],
+  "details": "In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://android.googlesource.com/platform/frameworks/base/+/bd7578b738a09734a2d23656e5569643ad37fffe"
+    },
+    {
+      "type": "WEB",
+      "url": "https://source.android.com/security/bulletin/2025-09-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-04T19:15:40Z"
+  }
+}