From 610c39aa5877b84dc8f0e07808b5faebea635f8a Mon Sep 17 00:00:00 2001 From: Andrey Ryzhov <115156079+notdenied@users.noreply.github.com> Date: Sun, 26 Oct 2025 13:55:15 +0300 Subject: [PATCH] Improve GHSA-p69p-39vf-6x53 --- .../GHSA-p69p-39vf-6x53.json | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/advisories/unreviewed/2025/10/GHSA-p69p-39vf-6x53/GHSA-p69p-39vf-6x53.json b/advisories/unreviewed/2025/10/GHSA-p69p-39vf-6x53/GHSA-p69p-39vf-6x53.json index d5306789445ea..a10caf8409d5e 100644 --- a/advisories/unreviewed/2025/10/GHSA-p69p-39vf-6x53/GHSA-p69p-39vf-6x53.json +++ b/advisories/unreviewed/2025/10/GHSA-p69p-39vf-6x53/GHSA-p69p-39vf-6x53.json @@ -1,24 +1,52 @@ { "schema_version": "1.4.0", "id": "GHSA-p69p-39vf-6x53", - "modified": "2025-10-23T18:31:14Z", + "modified": "2025-10-23T18:32:22Z", "published": "2025-10-23T15:30:34Z", "aliases": [ "CVE-2025-56007" ], + "summary": "CRLF-injection in KeeneticOS before 4.3 at \"/auth\" API endpoint.", "details": "CRLF-injection in KeeneticOS before 4.3 at \"/auth\" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.", "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Pub", + "name": "KeeneticOS" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.3+" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 4.2" + } } ], - "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56007" }, + { + "type": "WEB", + "url": "https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56007.md" + }, { "type": "WEB", "url": "https://keenetic.com"