From 21bcf00a8287d7f2a7bb82b37c8275ff284b8143 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 10 Apr 2025 12:33:05 +0000
Subject: [PATCH] Publish Advisories

GHSA-2c34-w9r8-qhww
GHSA-8hch-967f-8mf2
GHSA-cgg6-f226-mjxc
GHSA-hhf6-hx47-q457
GHSA-j3fq-6cwx-wgx7
GHSA-jrg3-gh37-h96x
GHSA-rxr3-qrg9-4xg5
GHSA-x97h-g784-4pw8
---
 .../GHSA-2c34-w9r8-qhww.json                  | 40 +++++++++++++++++++
 .../GHSA-8hch-967f-8mf2.json                  | 36 +++++++++++++++++
 .../GHSA-cgg6-f226-mjxc.json                  | 36 +++++++++++++++++
 .../GHSA-hhf6-hx47-q457.json                  | 40 +++++++++++++++++++
 .../GHSA-j3fq-6cwx-wgx7.json                  | 36 +++++++++++++++++
 .../GHSA-jrg3-gh37-h96x.json                  | 36 +++++++++++++++++
 .../GHSA-rxr3-qrg9-4xg5.json                  | 29 ++++++++++++++
 .../GHSA-x97h-g784-4pw8.json                  | 29 ++++++++++++++
 8 files changed, 282 insertions(+)
 create mode 100644 advisories/unreviewed/2025/04/GHSA-2c34-w9r8-qhww/GHSA-2c34-w9r8-qhww.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-8hch-967f-8mf2/GHSA-8hch-967f-8mf2.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-cgg6-f226-mjxc/GHSA-cgg6-f226-mjxc.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-hhf6-hx47-q457/GHSA-hhf6-hx47-q457.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-j3fq-6cwx-wgx7/GHSA-j3fq-6cwx-wgx7.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-jrg3-gh37-h96x/GHSA-jrg3-gh37-h96x.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-rxr3-qrg9-4xg5/GHSA-rxr3-qrg9-4xg5.json
 create mode 100644 advisories/unreviewed/2025/04/GHSA-x97h-g784-4pw8/GHSA-x97h-g784-4pw8.json

diff --git a/advisories/unreviewed/2025/04/GHSA-2c34-w9r8-qhww/GHSA-2c34-w9r8-qhww.json b/advisories/unreviewed/2025/04/GHSA-2c34-w9r8-qhww/GHSA-2c34-w9r8-qhww.json
new file mode 100644
index 00000000000..afd87ba2190
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-2c34-w9r8-qhww/GHSA-2c34-w9r8-qhww.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c34-w9r8-qhww",
+  "modified": "2025-04-10T12:31:26Z",
+  "published": "2025-04-10T12:31:26Z",
+  "aliases": [
+    "CVE-2025-22374"
+  ],
+  "details": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22374"
+    },
+    {
+      "type": "WEB",
+      "url": "https://csirt.divd.nl/CVE-2025-22374"
+    },
+    {
+      "type": "WEB",
+      "url": "https://csirt.divd.nl/DIVD-2024-00043"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T11:15:44Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-8hch-967f-8mf2/GHSA-8hch-967f-8mf2.json b/advisories/unreviewed/2025/04/GHSA-8hch-967f-8mf2/GHSA-8hch-967f-8mf2.json
new file mode 100644
index 00000000000..7dbe98d6893
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-8hch-967f-8mf2/GHSA-8hch-967f-8mf2.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8hch-967f-8mf2",
+  "modified": "2025-04-10T12:31:26Z",
+  "published": "2025-04-10T12:31:26Z",
+  "aliases": [
+    "CVE-2025-27350"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27350"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/vice-versa/vulnerability/wordpress-vice-versa-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T11:15:45Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-cgg6-f226-mjxc/GHSA-cgg6-f226-mjxc.json b/advisories/unreviewed/2025/04/GHSA-cgg6-f226-mjxc/GHSA-cgg6-f226-mjxc.json
new file mode 100644
index 00000000000..d6ef878b374
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-cgg6-f226-mjxc/GHSA-cgg6-f226-mjxc.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cgg6-f226-mjxc",
+  "modified": "2025-04-10T12:31:27Z",
+  "published": "2025-04-10T12:31:27Z",
+  "aliases": [
+    "CVE-2025-31411"
+  ],
+  "details": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-12-arbitrary-file-read-deletion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T11:15:45Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-hhf6-hx47-q457/GHSA-hhf6-hx47-q457.json b/advisories/unreviewed/2025/04/GHSA-hhf6-hx47-q457/GHSA-hhf6-hx47-q457.json
new file mode 100644
index 00000000000..bee177b57df
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-hhf6-hx47-q457/GHSA-hhf6-hx47-q457.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hhf6-hx47-q457",
+  "modified": "2025-04-10T12:31:26Z",
+  "published": "2025-04-10T12:31:26Z",
+  "aliases": [
+    "CVE-2025-22375"
+  ],
+  "details": "An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22375"
+    },
+    {
+      "type": "WEB",
+      "url": "https://csirt.divd.nl/CVE-2025-22375"
+    },
+    {
+      "type": "WEB",
+      "url": "https://csirt.divd.nl/DIVD-2024-00043"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T11:15:45Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-j3fq-6cwx-wgx7/GHSA-j3fq-6cwx-wgx7.json b/advisories/unreviewed/2025/04/GHSA-j3fq-6cwx-wgx7/GHSA-j3fq-6cwx-wgx7.json
new file mode 100644
index 00000000000..05a8e6f3aef
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-j3fq-6cwx-wgx7/GHSA-j3fq-6cwx-wgx7.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j3fq-6cwx-wgx7",
+  "modified": "2025-04-10T12:31:27Z",
+  "published": "2025-04-10T12:31:27Z",
+  "aliases": [
+    "CVE-2025-1073"
+  ],
+  "details": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1073"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lsin.panasonic.com/release-notes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1299"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T12:15:15Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-jrg3-gh37-h96x/GHSA-jrg3-gh37-h96x.json b/advisories/unreviewed/2025/04/GHSA-jrg3-gh37-h96x/GHSA-jrg3-gh37-h96x.json
new file mode 100644
index 00000000000..9e15a0f4090
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-jrg3-gh37-h96x/GHSA-jrg3-gh37-h96x.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jrg3-gh37-h96x",
+  "modified": "2025-04-10T12:31:26Z",
+  "published": "2025-04-10T12:31:26Z",
+  "aliases": [
+    "CVE-2025-23386"
+  ],
+  "details": "A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23386"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23386"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T10:15:14Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-rxr3-qrg9-4xg5/GHSA-rxr3-qrg9-4xg5.json b/advisories/unreviewed/2025/04/GHSA-rxr3-qrg9-4xg5/GHSA-rxr3-qrg9-4xg5.json
new file mode 100644
index 00000000000..33478c89564
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-rxr3-qrg9-4xg5/GHSA-rxr3-qrg9-4xg5.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rxr3-qrg9-4xg5",
+  "modified": "2025-04-10T12:31:27Z",
+  "published": "2025-04-10T12:31:27Z",
+  "aliases": [
+    "CVE-2025-32755"
+  ],
+  "details": "In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32755"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T12:15:16Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2025/04/GHSA-x97h-g784-4pw8/GHSA-x97h-g784-4pw8.json b/advisories/unreviewed/2025/04/GHSA-x97h-g784-4pw8/GHSA-x97h-g784-4pw8.json
new file mode 100644
index 00000000000..d7ab3c82501
--- /dev/null
+++ b/advisories/unreviewed/2025/04/GHSA-x97h-g784-4pw8/GHSA-x97h-g784-4pw8.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x97h-g784-4pw8",
+  "modified": "2025-04-10T12:31:27Z",
+  "published": "2025-04-10T12:31:27Z",
+  "aliases": [
+    "CVE-2025-32754"
+  ],
+  "details": "In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32754"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-10T12:15:16Z"
+  }
+}
\ No newline at end of file