Publish Advisories

GHSA-fvxq-m6wq-rqqv
GHSA-hm47-446q-7w5f
GHSA-j6h7-76gh-2j3r

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-fvxq-m6wq-rqqv/GHSA-fvxq-m6wq-rqqv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fvxq-m6wq-rqqv",
+  "modified": "2025-06-14T00:30:22Z",
+  "published": "2025-06-14T00:30:22Z",
+  "aliases": [
+    "CVE-2025-24919"
+  ],
+  "details": "A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24919"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-13T22:15:18Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-hm47-446q-7w5f/GHSA-hm47-446q-7w5f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hm47-446q-7w5f",
-  "modified": "2025-06-13T21:31:10Z",
+  "modified": "2025-06-14T00:30:22Z",
   "published": "2025-06-13T21:31:10Z",
   "aliases": [
     "CVE-2025-6083"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://extreme-networks.my.site.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000126912"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/06/GHSA-j6h7-76gh-2j3r/GHSA-j6h7-76gh-2j3r.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j6h7-76gh-2j3r",
+  "modified": "2025-06-14T00:30:22Z",
+  "published": "2025-06-14T00:30:22Z",
+  "aliases": [
+    "CVE-2025-25215"
+  ],
+  "details": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25215"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-763"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-13T22:15:19Z"
+  }
+}