@blamejs/exceptd-skills 0.13.107 → 0.13.108

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +464 -0
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +7 -1
  8. package/data/cve-catalog.json +207 -1
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +19 -1
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.108 — 2026-05-26
4
+
5
+ CVE catalog — Label Studio data-pipeline SSRF. Adds two server-side request forgery flaws in Label Studio, the data-labeling / annotation platform used in ML pipelines, where the server fetches caller-supplied URLs without validating the destination. **CVE-2025-25297** (CWE-918, NVD CVSS 7.7 HIGH; GitHub CNA 8.6) — the S3 storage feature accepts a custom endpoint URL without validation, so an attacker reaches internal services or cloud metadata via the server; fixed in 1.16.0. **CVE-2022-36551** (CWE-918, NIST CVSS 6.5 MEDIUM) — the Data Import module fetches a user-supplied URL with no restriction and self-registration is on by default, so any remote attacker reads arbitrary files or reaches internal services; fixed in 1.6.0. Both are patched and introduce NEW-CTRL-105: an ML data-pipeline platform's import/storage URL fetches must validate and allowlist destinations (block private, link-local, and cloud-metadata addresses and `file://` schemes) and restrict who can configure them. CVE count 392 → 394.
6
+
3
7
  ## 0.13.107 — 2026-05-26
4
8
 
5
9
  CVE catalog — MLflow model-artifact deserialization (a model is executable code). Adds two of the Protect AI / HiddenLayer MLflow model-flavor deserialization flaws, where loading a stored artifact runs arbitrary code. **CVE-2024-37052** (CWE-502, HiddenLayer CNA CVSS 8.8 HIGH; NVD unscored) — a maliciously crafted scikit-learn model in MLflow runs code when a user loads it. **CVE-2024-37060** (CWE-502, HiddenLayer CNA CVSS 8.8 HIGH; NVD unscored) — a maliciously crafted MLflow Recipe runs code when executed. Both affect MLflow up to 2.14.1 and have no patched version — loading an untrusted model artifact is inherently code execution — so they are scored without patch credit and the control is provenance verification plus sandboxed loading. Both map MITRE ATLAS AML.T0011.000 (unsafe AI artifacts) and ATT&CK T1204, and reuse the untrusted-model-artifact control (NEW-CTRL-091) shared with the Keras / Hugging Face / NeMo / PyTorch / H2O entries — a model artifact is executable code regardless of platform. CVE count 390 → 392.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-26T09:16:07.078Z",
3
+ "generated_at": "2026-05-26T09:35:30.755Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "df8f85afa0405b3ff9aefb48831e7cd492c9225cc88fec9f99f5ff608200fade",
8
- "data/atlas-ttps.json": "503911af9c49ceabaa7fd180b805de82fc34f378c0bd394e9c5d579be097906d",
9
- "data/attack-techniques.json": "e1ce625a1fed3532f1fd0cf3c211956fa4f7e8eb31faddbb6e0433b62bb5e235",
10
- "data/cve-catalog.json": "d0c7aac820109fdb75faa6ad75148fbb35d197cd350a55b759982657f6e2d2a0",
11
- "data/cwe-catalog.json": "d28ecf9ad95111bee0c64a9a8f7f97387f195cc6204f9a014d59acb19dd72d85",
7
+ "manifest.json": "6dfd4491ceb5206ae8f4910fc430b29932a4bebdb791fee7a503d6eb8aeb8191",
8
+ "data/atlas-ttps.json": "18a8977c143ee341aee864ded68de2a032d684527d61ed67c8377a24f7dd71ef",
9
+ "data/attack-techniques.json": "0e09b9da23995c300532ee24052ef54f006a0057ea9b5b7b764541cfe6ada49f",
10
+ "data/cve-catalog.json": "dc02816b7b1a6ebc6986f2bd30dcc618d89985bd9291a10df2376354ba899002",
11
+ "data/cwe-catalog.json": "f1f776d2d3fa1436aa3556b72c891b9404186e43ebd5bf0463c89d3d4c5b4490",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "3fe4663c19c83d089ea3bfa88dc042b03b9c4834dfe7ab76d02f0d31fa483397",
15
+ "data/framework-control-gaps.json": "a96e6241cc95dffaf4f39768164a4929e3f4c806897d091093114b1262d8811a",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "f1febf504c1916520d85f73b00e9362189d3b0263a6c896e3b21d29d172c3a02",
18
+ "data/zeroday-lessons.json": "3008d0cfa84f53f0015e61fca8e876f6f81928916ea3c2e230661ec4683cbb76",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 381,
75
+ "chains_cve_entries": 383,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 392
152
+ "entry_count": 394
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 387
168
+ "entry_count": 389
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 392,
65
+ "entry_count": 394,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 387,
241
+ "entry_count": 389,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -43222,6 +43222,462 @@
43222
43222
  ]
43223
43223
  }
43224
43224
  },
43225
+ "CVE-2025-25297": {
43226
+ "name": "Label Studio S3 Storage Endpoint Server-Side Request Forgery",
43227
+ "rwep": 23,
43228
+ "cvss": 7.7,
43229
+ "cisa_kev": false,
43230
+ "epss_score": null,
43231
+ "referencing_skills": [
43232
+ "ai-attack-surface",
43233
+ "compliance-theater",
43234
+ "ai-c2-detection",
43235
+ "dlp-gap-analysis"
43236
+ ],
43237
+ "chain": {
43238
+ "cwes": [
43239
+ {
43240
+ "id": "CWE-1039",
43241
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
43242
+ "category": "AI/ML"
43243
+ },
43244
+ {
43245
+ "id": "CWE-1426",
43246
+ "name": "Improper Validation of Generative AI Output",
43247
+ "category": "AI/ML"
43248
+ },
43249
+ {
43250
+ "id": "CWE-200",
43251
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
43252
+ "category": "Information Exposure"
43253
+ },
43254
+ {
43255
+ "id": "CWE-94",
43256
+ "name": "Improper Control of Generation of Code (Code Injection)",
43257
+ "category": "Injection"
43258
+ }
43259
+ ],
43260
+ "atlas": [
43261
+ {
43262
+ "id": "AML.T0016",
43263
+ "name": "Obtain Capabilities: Develop Capabilities",
43264
+ "tactic": "Resource Development"
43265
+ },
43266
+ {
43267
+ "id": "AML.T0017",
43268
+ "name": "Discover ML Model Ontology",
43269
+ "tactic": "Discovery"
43270
+ },
43271
+ {
43272
+ "id": "AML.T0018",
43273
+ "name": "Backdoor ML Model",
43274
+ "tactic": "Persistence"
43275
+ },
43276
+ {
43277
+ "id": "AML.T0020",
43278
+ "name": "Poison Training Data",
43279
+ "tactic": "ML Attack Staging"
43280
+ },
43281
+ {
43282
+ "id": "AML.T0043",
43283
+ "name": "Craft Adversarial Data",
43284
+ "tactic": "ML Attack Staging"
43285
+ },
43286
+ {
43287
+ "id": "AML.T0051",
43288
+ "name": "LLM Prompt Injection",
43289
+ "tactic": "Execution"
43290
+ },
43291
+ {
43292
+ "id": "AML.T0054",
43293
+ "name": "LLM Jailbreak",
43294
+ "tactic": "Defense Evasion"
43295
+ },
43296
+ {
43297
+ "id": "AML.T0096",
43298
+ "name": "AI API as Covert C2 Channel",
43299
+ "tactic": "Command and Control"
43300
+ }
43301
+ ],
43302
+ "d3fend": [
43303
+ {
43304
+ "id": "D3-CA",
43305
+ "name": "Certificate Analysis",
43306
+ "tactic": "Detect"
43307
+ },
43308
+ {
43309
+ "id": "D3-CSPP",
43310
+ "name": "Client-server Payload Profiling",
43311
+ "tactic": "Detect"
43312
+ },
43313
+ {
43314
+ "id": "D3-DA",
43315
+ "name": "Domain Analysis",
43316
+ "tactic": "Detect"
43317
+ },
43318
+ {
43319
+ "id": "D3-EAL",
43320
+ "name": "Executable Allowlisting",
43321
+ "tactic": "Harden"
43322
+ },
43323
+ {
43324
+ "id": "D3-IOPR",
43325
+ "name": "Input/Output Profiling Resource",
43326
+ "tactic": "Detect"
43327
+ },
43328
+ {
43329
+ "id": "D3-NI",
43330
+ "name": "Network Isolation",
43331
+ "tactic": "Isolate"
43332
+ },
43333
+ {
43334
+ "id": "D3-NTA",
43335
+ "name": "Network Traffic Analysis",
43336
+ "tactic": "Detect"
43337
+ },
43338
+ {
43339
+ "id": "D3-NTPM",
43340
+ "name": "Network Traffic Policy Mapping",
43341
+ "tactic": "Model"
43342
+ }
43343
+ ],
43344
+ "framework_gaps": [
43345
+ {
43346
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
43347
+ "framework": "ALL",
43348
+ "control_name": "AI Pipeline Integrity"
43349
+ },
43350
+ {
43351
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
43352
+ "framework": "ALL",
43353
+ "control_name": "Prompt Injection as Access Control Failure"
43354
+ },
43355
+ {
43356
+ "id": "CMMC-2.0-Level-2",
43357
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
43358
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
43359
+ },
43360
+ {
43361
+ "id": "FedRAMP-Rev5-Moderate",
43362
+ "framework": "FedRAMP Rev 5 Moderate",
43363
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
43364
+ },
43365
+ {
43366
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
43367
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
43368
+ "control_name": "Access control standard (technical safeguards)"
43369
+ },
43370
+ {
43371
+ "id": "ISO-27001-2022-A.8.16",
43372
+ "framework": "ISO/IEC 27001:2022",
43373
+ "control_name": "Monitoring activities"
43374
+ },
43375
+ {
43376
+ "id": "ISO-27001-2022-A.8.28",
43377
+ "framework": "ISO/IEC 27001:2022",
43378
+ "control_name": "Secure coding"
43379
+ },
43380
+ {
43381
+ "id": "ISO-IEC-23894-2023-clause-7",
43382
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
43383
+ "control_name": "AI risk management process"
43384
+ },
43385
+ {
43386
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
43387
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
43388
+ "control_name": "AI risk assessment"
43389
+ },
43390
+ {
43391
+ "id": "NIST-800-53-AC-2",
43392
+ "framework": "NIST SP 800-53 Rev 5",
43393
+ "control_name": "Account Management"
43394
+ },
43395
+ {
43396
+ "id": "NIST-800-53-SC-28",
43397
+ "framework": "NIST SP 800-53 Rev 5",
43398
+ "control_name": "Protection of Information at Rest"
43399
+ },
43400
+ {
43401
+ "id": "NIST-800-53-SC-7",
43402
+ "framework": "NIST SP 800-53 Rev 5",
43403
+ "control_name": "Boundary Protection"
43404
+ },
43405
+ {
43406
+ "id": "NIST-800-53-SI-3",
43407
+ "framework": "NIST SP 800-53 Rev 5",
43408
+ "control_name": "Malicious Code Protection"
43409
+ },
43410
+ {
43411
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
43412
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43413
+ "control_name": "Prompt Injection"
43414
+ },
43415
+ {
43416
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
43417
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43418
+ "control_name": "Sensitive Information Disclosure"
43419
+ },
43420
+ {
43421
+ "id": "SOC2-CC6-logical-access",
43422
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43423
+ "control_name": "Logical and Physical Access Controls"
43424
+ },
43425
+ {
43426
+ "id": "SOC2-CC7-anomaly-detection",
43427
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43428
+ "control_name": "System Operations — Threat and Vulnerability Management"
43429
+ }
43430
+ ],
43431
+ "attack_refs": [
43432
+ "T1041",
43433
+ "T1059",
43434
+ "T1071",
43435
+ "T1102",
43436
+ "T1190",
43437
+ "T1213",
43438
+ "T1530",
43439
+ "T1566",
43440
+ "T1567",
43441
+ "T1568"
43442
+ ],
43443
+ "rfc_refs": [
43444
+ "RFC-8446",
43445
+ "RFC-9000",
43446
+ "RFC-9114",
43447
+ "RFC-9180",
43448
+ "RFC-9421",
43449
+ "RFC-9458"
43450
+ ]
43451
+ }
43452
+ },
43453
+ "CVE-2022-36551": {
43454
+ "name": "Label Studio Data Import Server-Side Request Forgery",
43455
+ "rwep": 21,
43456
+ "cvss": 6.5,
43457
+ "cisa_kev": false,
43458
+ "epss_score": null,
43459
+ "referencing_skills": [
43460
+ "ai-attack-surface",
43461
+ "compliance-theater",
43462
+ "ai-c2-detection",
43463
+ "dlp-gap-analysis"
43464
+ ],
43465
+ "chain": {
43466
+ "cwes": [
43467
+ {
43468
+ "id": "CWE-1039",
43469
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
43470
+ "category": "AI/ML"
43471
+ },
43472
+ {
43473
+ "id": "CWE-1426",
43474
+ "name": "Improper Validation of Generative AI Output",
43475
+ "category": "AI/ML"
43476
+ },
43477
+ {
43478
+ "id": "CWE-200",
43479
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
43480
+ "category": "Information Exposure"
43481
+ },
43482
+ {
43483
+ "id": "CWE-94",
43484
+ "name": "Improper Control of Generation of Code (Code Injection)",
43485
+ "category": "Injection"
43486
+ }
43487
+ ],
43488
+ "atlas": [
43489
+ {
43490
+ "id": "AML.T0016",
43491
+ "name": "Obtain Capabilities: Develop Capabilities",
43492
+ "tactic": "Resource Development"
43493
+ },
43494
+ {
43495
+ "id": "AML.T0017",
43496
+ "name": "Discover ML Model Ontology",
43497
+ "tactic": "Discovery"
43498
+ },
43499
+ {
43500
+ "id": "AML.T0018",
43501
+ "name": "Backdoor ML Model",
43502
+ "tactic": "Persistence"
43503
+ },
43504
+ {
43505
+ "id": "AML.T0020",
43506
+ "name": "Poison Training Data",
43507
+ "tactic": "ML Attack Staging"
43508
+ },
43509
+ {
43510
+ "id": "AML.T0043",
43511
+ "name": "Craft Adversarial Data",
43512
+ "tactic": "ML Attack Staging"
43513
+ },
43514
+ {
43515
+ "id": "AML.T0051",
43516
+ "name": "LLM Prompt Injection",
43517
+ "tactic": "Execution"
43518
+ },
43519
+ {
43520
+ "id": "AML.T0054",
43521
+ "name": "LLM Jailbreak",
43522
+ "tactic": "Defense Evasion"
43523
+ },
43524
+ {
43525
+ "id": "AML.T0096",
43526
+ "name": "AI API as Covert C2 Channel",
43527
+ "tactic": "Command and Control"
43528
+ }
43529
+ ],
43530
+ "d3fend": [
43531
+ {
43532
+ "id": "D3-CA",
43533
+ "name": "Certificate Analysis",
43534
+ "tactic": "Detect"
43535
+ },
43536
+ {
43537
+ "id": "D3-CSPP",
43538
+ "name": "Client-server Payload Profiling",
43539
+ "tactic": "Detect"
43540
+ },
43541
+ {
43542
+ "id": "D3-DA",
43543
+ "name": "Domain Analysis",
43544
+ "tactic": "Detect"
43545
+ },
43546
+ {
43547
+ "id": "D3-EAL",
43548
+ "name": "Executable Allowlisting",
43549
+ "tactic": "Harden"
43550
+ },
43551
+ {
43552
+ "id": "D3-IOPR",
43553
+ "name": "Input/Output Profiling Resource",
43554
+ "tactic": "Detect"
43555
+ },
43556
+ {
43557
+ "id": "D3-NI",
43558
+ "name": "Network Isolation",
43559
+ "tactic": "Isolate"
43560
+ },
43561
+ {
43562
+ "id": "D3-NTA",
43563
+ "name": "Network Traffic Analysis",
43564
+ "tactic": "Detect"
43565
+ },
43566
+ {
43567
+ "id": "D3-NTPM",
43568
+ "name": "Network Traffic Policy Mapping",
43569
+ "tactic": "Model"
43570
+ }
43571
+ ],
43572
+ "framework_gaps": [
43573
+ {
43574
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
43575
+ "framework": "ALL",
43576
+ "control_name": "AI Pipeline Integrity"
43577
+ },
43578
+ {
43579
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
43580
+ "framework": "ALL",
43581
+ "control_name": "Prompt Injection as Access Control Failure"
43582
+ },
43583
+ {
43584
+ "id": "CMMC-2.0-Level-2",
43585
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
43586
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
43587
+ },
43588
+ {
43589
+ "id": "FedRAMP-Rev5-Moderate",
43590
+ "framework": "FedRAMP Rev 5 Moderate",
43591
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
43592
+ },
43593
+ {
43594
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
43595
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
43596
+ "control_name": "Access control standard (technical safeguards)"
43597
+ },
43598
+ {
43599
+ "id": "ISO-27001-2022-A.8.16",
43600
+ "framework": "ISO/IEC 27001:2022",
43601
+ "control_name": "Monitoring activities"
43602
+ },
43603
+ {
43604
+ "id": "ISO-27001-2022-A.8.28",
43605
+ "framework": "ISO/IEC 27001:2022",
43606
+ "control_name": "Secure coding"
43607
+ },
43608
+ {
43609
+ "id": "ISO-IEC-23894-2023-clause-7",
43610
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
43611
+ "control_name": "AI risk management process"
43612
+ },
43613
+ {
43614
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
43615
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
43616
+ "control_name": "AI risk assessment"
43617
+ },
43618
+ {
43619
+ "id": "NIST-800-53-AC-2",
43620
+ "framework": "NIST SP 800-53 Rev 5",
43621
+ "control_name": "Account Management"
43622
+ },
43623
+ {
43624
+ "id": "NIST-800-53-SC-28",
43625
+ "framework": "NIST SP 800-53 Rev 5",
43626
+ "control_name": "Protection of Information at Rest"
43627
+ },
43628
+ {
43629
+ "id": "NIST-800-53-SC-7",
43630
+ "framework": "NIST SP 800-53 Rev 5",
43631
+ "control_name": "Boundary Protection"
43632
+ },
43633
+ {
43634
+ "id": "NIST-800-53-SI-3",
43635
+ "framework": "NIST SP 800-53 Rev 5",
43636
+ "control_name": "Malicious Code Protection"
43637
+ },
43638
+ {
43639
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
43640
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43641
+ "control_name": "Prompt Injection"
43642
+ },
43643
+ {
43644
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
43645
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43646
+ "control_name": "Sensitive Information Disclosure"
43647
+ },
43648
+ {
43649
+ "id": "SOC2-CC6-logical-access",
43650
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43651
+ "control_name": "Logical and Physical Access Controls"
43652
+ },
43653
+ {
43654
+ "id": "SOC2-CC7-anomaly-detection",
43655
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43656
+ "control_name": "System Operations — Threat and Vulnerability Management"
43657
+ }
43658
+ ],
43659
+ "attack_refs": [
43660
+ "T1041",
43661
+ "T1059",
43662
+ "T1071",
43663
+ "T1102",
43664
+ "T1190",
43665
+ "T1213",
43666
+ "T1530",
43667
+ "T1566",
43668
+ "T1567",
43669
+ "T1568"
43670
+ ],
43671
+ "rfc_refs": [
43672
+ "RFC-8446",
43673
+ "RFC-9000",
43674
+ "RFC-9114",
43675
+ "RFC-9180",
43676
+ "RFC-9421",
43677
+ "RFC-9458"
43678
+ ]
43679
+ }
43680
+ },
43225
43681
  "CVE-2026-41091": {
43226
43682
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
43227
43683
  "rwep": 45,
@@ -70790,6 +71246,7 @@
70790
71246
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
70791
71247
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
70792
71248
  "CVE-2022-1471",
71249
+ "CVE-2022-36551",
70793
71250
  "CVE-2023-43472",
70794
71251
  "CVE-2023-43654",
70795
71252
  "CVE-2023-44467",
@@ -70833,6 +71290,7 @@
70833
71290
  "CVE-2025-1753",
70834
71291
  "CVE-2025-23254",
70835
71292
  "CVE-2025-23266",
71293
+ "CVE-2025-25297",
70836
71294
  "CVE-2025-27520",
70837
71295
  "CVE-2025-30165",
70838
71296
  "CVE-2025-30202",
@@ -71568,6 +72026,7 @@
71568
72026
  "related_cves": [
71569
72027
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
71570
72028
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
72029
+ "CVE-2022-36551",
71571
72030
  "CVE-2023-43472",
71572
72031
  "CVE-2023-48022",
71573
72032
  "CVE-2023-51449",
@@ -71594,6 +72053,7 @@
71594
72053
  "CVE-2025-14847",
71595
72054
  "CVE-2025-22226",
71596
72055
  "CVE-2025-23266",
72056
+ "CVE-2025-25297",
71597
72057
  "CVE-2025-27520",
71598
72058
  "CVE-2025-30202",
71599
72059
  "CVE-2025-32444",
@@ -78567,6 +79027,7 @@
78567
79027
  "related_cves": [
78568
79028
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
78569
79029
  "CVE-2022-1471",
79030
+ "CVE-2022-36551",
78570
79031
  "CVE-2023-43472",
78571
79032
  "CVE-2023-43654",
78572
79033
  "CVE-2023-44467",
@@ -78608,6 +79069,7 @@
78608
79069
  "CVE-2025-1753",
78609
79070
  "CVE-2025-23254",
78610
79071
  "CVE-2025-23266",
79072
+ "CVE-2025-25297",
78611
79073
  "CVE-2025-27520",
78612
79074
  "CVE-2025-30165",
78613
79075
  "CVE-2025-30202",
@@ -79866,6 +80328,7 @@
79866
80328
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
79867
80329
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
79868
80330
  "CVE-2022-1471",
80331
+ "CVE-2022-36551",
79869
80332
  "CVE-2023-43472",
79870
80333
  "CVE-2023-43654",
79871
80334
  "CVE-2023-44467",
@@ -79911,6 +80374,7 @@
79911
80374
  "CVE-2025-22226",
79912
80375
  "CVE-2025-23254",
79913
80376
  "CVE-2025-23266",
80377
+ "CVE-2025-25297",
79914
80378
  "CVE-2025-27520",
79915
80379
  "CVE-2025-30165",
79916
80380
  "CVE-2025-30202",
package/data/atlas-ttps.json CHANGED
@@ -1736,6 +1736,7 @@
1736
1736
  "stix_id": "attack-pattern--ebeed0c7-c5de-5049-8f27-efcae5f88b00",
1737
1737
  "is_subtechnique": false,
1738
1738
  "cve_refs": [
1739
+ "CVE-2022-36551",
1739
1740
  "CVE-2023-43654",
1740
1741
  "CVE-2023-48022",
1741
1742
  "CVE-2023-51449",
@@ -1755,6 +1756,7 @@
1755
1756
  "CVE-2024-42479",
1756
1757
  "CVE-2024-4889",
1757
1758
  "CVE-2024-6587",
1759
+ "CVE-2025-25297",
1758
1760
  "CVE-2025-27520",
1759
1761
  "CVE-2025-30202",
1760
1762
  "CVE-2025-32444",
package/data/attack-techniques.json CHANGED
@@ -867,6 +867,7 @@
867
867
  "CVE-2021-22681",
868
868
  "CVE-2021-26828",
869
869
  "CVE-2022-1471",
870
+ "CVE-2022-36551",
870
871
  "CVE-2022-37055",
871
872
  "CVE-2022-40799",
872
873
  "CVE-2022-48503",
@@ -927,6 +928,7 @@
927
928
  "CVE-2025-24016",
928
929
  "CVE-2025-24893",
929
930
  "CVE-2025-25257",
931
+ "CVE-2025-25297",
930
932
  "CVE-2025-26399",
931
933
  "CVE-2025-27520",
932
934
  "CVE-2025-2775",
@@ -3647,7 +3649,11 @@
3647
3649
  "Windows"
3648
3650
  ],
3649
3651
  "stix_id": "attack-pattern--731f4f55-b6d0-41d1-a7a9-072a66389aea",
3650
- "is_subtechnique": false
3652
+ "is_subtechnique": false,
3653
+ "cve_refs": [
3654
+ "CVE-2022-36551",
3655
+ "CVE-2025-25297"
3656
+ ]
3651
3657
  },
3652
3658
  "T1091": {
3653
3659
  "id": "T1091",