{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4866","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-16T19:11:47.453Z","datePublished":"2025-05-18T08:00:09.819Z","dateUpdated":"2025-05-19T18:27:42.200Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-18T08:00:09.819Z"},"title":"weibocom rill-flow Management Console code injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"weibocom","product":"rill-flow","versions":[{"version":"0.1.18","status":"affected"}],"modules":["Management Console"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in weibocom rill-flow 0.1.18 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Management Console. Dank der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-05-16T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-16T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-16T21:16:53.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"startr4ck (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.309408","name":"VDB-309408 | weibocom rill-flow Management Console code injection","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.309408","name":"VDB-309408 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.575478","name":"Submit #575478 | weibocom rill-flow rill-flow-0.1.18 Code Injection","tags":["third-party-advisory"]},{"url":"https://github.com/weibocom/rill-flow/issues/102","tags":["issue-tracking"]},{"url":"https://github.com/weibocom/rill-flow/issues/102#issue-2933822293","tags":["exploit","issue-tracking"]}]},"adp":[{"references":[{"url":"https://github.com/weibocom/rill-flow/issues/102","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-19T18:27:22.199092Z","id":"CVE-2025-4866","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-19T18:27:42.200Z"}}]}}