[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2025-7783/node-form-data

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 19 19:14:50 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5354797e by Salvatore Bonaccorso at 2025-07-19T20:14:34+02:00
Add CVE-2025-7783/node-form-data

- - - - -
0af07ab2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Process some NFUs

- - - - -
70f4ffa2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Add CVE-2025-53901/rust-wasmtime

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,9 @@ CVE-2025-7785 (A vulnerability classified as problematic was found in thinkgem J
 CVE-2025-7784 (A flaw was found in the Keycloak identity and access management system ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data allows  ...)
-	TODO: check
+	- node-form-data <unfixed>
+	NOTE: https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
+	NOTE: Fixed by: https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0 (v4.0.4)
 CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms, Element ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7696 (The Integration for Pipedrive and Contact Form 7, WPForms, Elementor,  ...)
@@ -98,19 +100,20 @@ CVE-2025-54077 (WeGIA is an open source web manager with a focus on the Portugue
 CVE-2025-54076 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-54075 (MDC is a tool to take regular Markdown and write documents interacting ...)
-	TODO: check
+	NOT-FOR-US: MDC
 CVE-2025-54073 (mcp-package-docs is an MCP (Model Context Protocol) server that provid ...)
 	NOT-FOR-US: mcp-package-docs
 CVE-2025-54059 (melange allows users to build apk packages using declarative pipelines ...)
-	TODO: check
+	NOT-FOR-US: Melange
 CVE-2025-53945 (apko allows users to build and publish OCI container images built from ...)
-	TODO: check
+	NOT-FOR-US: apko
 CVE-2025-53901 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0. ...)
-	TODO: check
+	- rust-wasmtime <unfixed>
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc
 CVE-2025-53888 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
 	NOT-FOR-US: RIOT-OS
 CVE-2025-53762 (Permissive list of allowed inputs in Microsoft Purview allows an autho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-52924 (In One Identity OneLogin before 2025.2.0, the SQL connection "applicat ...)
 	NOT-FOR-US: One Identity OneLogin
 CVE-2025-52169 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovere ...)
@@ -148,9 +151,9 @@ CVE-2025-50057 (A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla w
 CVE-2025-50056 (A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 2 ...)
 	NOT-FOR-US: Joomla
 CVE-2025-49747 (Missing authorization in Azure Machine Learning allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49746 (Improper authorization in Azure Machine Learning allows an authorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49486 (A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 f ...)
 	NOT-FOR-US: Joomla
 CVE-2025-49485 (A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1. ...)
@@ -158,21 +161,21 @@ CVE-2025-49485 (A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-
 CVE-2025-49484 (A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4 ...)
 	NOT-FOR-US: Joomla
 CVE-2025-47995 (Weak authentication in Azure Machine Learning allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47158 (Authentication bypass by assumed-immutable data in Azure DevOps allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-46732 (OpenCTI is an open source platform for managing cyber threat intellige ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2025-46002 (An issue in Filemanager v2.5.0 and below allows attackers to execute a ...)
-	TODO: check
+	NOT-FOR-US: Filemanager
 CVE-2025-46001 (An arbitrary file upload vulnerability in the is_allowed_file_type() f ...)
-	TODO: check
+	NOT-FOR-US: Filemanager
 CVE-2025-46000 (An arbitrary file upload vulnerability in the component /rsc/filemanag ...)
-	TODO: check
+	NOT-FOR-US: Filemanager
 CVE-2025-45157 (Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers ...)
-	TODO: check
+	NOT-FOR-US: Splashin iOS
 CVE-2025-45156 (Splashin iOS v2.0 fails to enforce server-side interval restrictions f ...)
-	TODO: check
+	NOT-FOR-US: Splashin iOS
 CVE-2025-33014 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
 	NOT-FOR-US: IBM
 CVE-2025-2425 (Time-of-check to time-of-use race condition vulnerability potentially  ...)
@@ -304,7 +307,7 @@ CVE-2025-5344 (Bluebird devices contain a pre-loaded kiosk application. This app
 CVE-2025-54070 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2025-54068 (Livewire is a full-stack framework for Laravel. In Livewire v3 up to a ...)
-	TODO: check
+	NOT-FOR-US: Livewire
 CVE-2025-54066 (DiracX-Web is a web application that provides an interface to interact ...)
 	NOT-FOR-US: DiracX-Web
 CVE-2025-54064 (Rucio is a software framework that provides functionality to organize, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a019f19956a26b33ba6a60cd61dd5a55d1d9e41c...70f4ffa2208f16ed5f19388c4e461f538e459b00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a019f19956a26b33ba6a60cd61dd5a55d1d9e41c...70f4ffa2208f16ed5f19388c4e461f538e459b00
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250719/adab2c8b/attachment.htm>

More information about the debian-security-tracker-commits mailing list