@blamejs/exceptd-skills 0.13.89 → 0.13.91

package/data/atlas-ttps.json

@@ -1715,10 +1715,13 @@
       "CVE-2023-48022",
       "CVE-2023-51449",
       "CVE-2024-1561",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
       "CVE-2024-42479",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-64496",
       "CVE-2026-0766",
       "CVE-2026-24213",

package/data/attack-techniques.json

@@ -197,6 +197,9 @@
     "tactic": [
       "Credential Access",
       "Discovery"
+    ],
+    "cve_refs": [
+      "CVE-2025-30202"
     ]
   },
   "T1041": {
@@ -283,6 +286,7 @@
       "CVE-2025-1550",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-53773",
@@ -380,6 +384,7 @@
     "cve_refs": [
       "CVE-2021-26829",
       "CVE-2024-11182",
+      "CVE-2024-27132",
       "CVE-2024-27443",
       "CVE-2024-42009",
       "CVE-2025-0133",
@@ -887,10 +892,12 @@
       "CVE-2025-2776",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32706",
       "CVE-2025-32756",
@@ -2475,6 +2482,7 @@
     "name": "Drive-by Compromise",
     "version": "v19",
     "cve_refs": [
+      "CVE-2024-27132",
       "CVE-2025-10585",
       "CVE-2025-14174",
       "CVE-2025-24201",
@@ -2745,6 +2753,7 @@
     "last_verified": "2026-05-19",
     "notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
     "cve_refs": [
+      "CVE-2025-30202",
       "CVE-2025-6543",
       "CVE-2026-24215",
       "CVE-2026-45498"

package/data/cve-catalog.json

@@ -13610,6 +13610,317 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "NVIDIA Triton's DALI backend can be driven to uncontrolled resource consumption (CWE-400) for denial of service; fixed in r26.03."
   },
+  "CVE-2025-32444": {
+    "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). pickle-based serialization over unsecured ZeroMQ sockets in the Mooncake KV-transfer integration (CWE-502); network-reachable unauthenticated RCE.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-hj4w-hm2g-p6w5): a crafted serialized payload sent to the Mooncake ZeroMQ sockets executes code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; insecure deserialization in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.6.5 through 0.8.4 with the Mooncake integration enabled (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.6.5, <= 0.8.4 (Mooncake enabled)"
+    ],
+    "vector": "vLLM's Mooncake KV-transfer integration exchanges pickle-serialized data over unsecured ZeroMQ sockets (CWE-502). An unauthenticated network attacker who can reach those sockets sends a crafted serialized payload that executes code on the vLLM host. Unlike the off-by-default V0-engine flaw (CVE-2025-30165), the Mooncake sockets are network-reachable when the integration is enabled.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 31, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=26 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-32444",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM Mooncake ZeroMQ sockets receiving serialized payloads from peers outside the trusted node set.",
+        "Process or interpreter activity spawned during Mooncake KV-transfer deserialization.",
+        "Mooncake ZeroMQ sockets reachable from untrusted networks.",
+        "vLLM 0.6.5-0.8.4 with the Mooncake integration enabled - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5) and NVD CVE-2025-32444 (CWE-502)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 9.8) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM's Mooncake integration deserializes serialized data over unsecured ZeroMQ sockets (CWE-502), giving unauthenticated network RCE; fixed in 0.8.5."
+  },
+  "CVE-2025-30202": {
+    "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
+    "type": "INFO-DISCLOSURE",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, availability/exposure). In multi-node deployments the primary host binds an XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling denial of service.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-9f8f-2vmf-885j): an unauthorized client reaches the all-interface XPUB socket to read broadcast data and cause DoS.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unauthenticated socket exposure in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.5.2 through 0.8.4 in multi-node deployments (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.5.2, <= 0.8.4 (multi-node)"
+    ],
+    "vector": "vLLM's multi-node deployment binds the primary host's XPUB ZeroMQ socket to all interfaces without access control (CWE-770). An unauthorized network client can read the broadcast data stream and flood the socket to cause denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499",
+      "T1040"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30202",
+    "cwe_refs": [
+      "CWE-770"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM primary host's XPUB ZeroMQ socket bound to 0.0.0.0 / all interfaces and reachable from untrusted networks.",
+        "Unauthorized clients subscribing to or flooding the vLLM XPUB broadcast socket.",
+        "Resource exhaustion on the vLLM primary node correlated with XPUB socket traffic.",
+        "vLLM 0.5.2-0.8.4 multi-node deployment - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j) and NVD CVE-2025-30202 (CWE-770)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-770; NIST CVSS 7.5) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM binds its multi-node XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling DoS; fixed in 0.8.5."
+  },
+  "CVE-2024-27132": {
+    "name": "MLflow Recipe Template Injection XSS to Client-Side RCE",
+    "type": "RCE",
+    "cvss_score": 9.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.6 (CRITICAL, Scope:Changed). Insufficient sanitization of template variables when running an untrusted MLflow recipe leads to stored XSS and client-side code execution in the victim's browser/session.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the HiddenLayer security advisory and the MLflow GitHub advisory: running an untrusted MLflow recipe renders attacker-controlled template variables without sanitization, executing JavaScript in the victim's MLflow session (XSS, CWE-79) and enabling client-side remote code execution.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via HiddenLayer / the MLflow project. The abused surface is the recipe-rendering UI of MLflow, a widely used MLOps experiment-tracking platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; template injection / XSS in the MLOps platform UI.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "MLflow up to and including 2.9.2 (fixed in 2.10.0).",
+    "affected_versions": [
+      "MLflow <= 2.9.2"
+    ],
+    "vector": "MLflow does not sufficiently sanitize template variables when rendering a recipe, so an untrusted recipe injects script that executes in the victim's MLflow session (CWE-79 stored XSS, rooted in template injection / CWE-94). Because the MLflow UI is a privileged control surface, the resulting client-side code execution can pivot to tracking-server actions.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N / UI:R — requires a victim to run/view an untrusted recipe.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading MLflow to 2.10.0 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade MLflow to 2.10.0 or later. Do not run or render untrusted recipes, and do not expose the MLflow UI / tracking server to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the MLOps experiment-tracking platform as managed, user-facing software.",
+      "NIST-800-53-SI-10": "Output-encoding / input-sanitization control is not applied to recipe template variables rendered in the MLflow UI.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the MLOps platform's recipe-rendering UI as an injection surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the MLOps platform UI as a privileged control surface.",
+      "DORA-Art-9": "ICT protection measures do not model XSS-to-RCE in an MLOps platform as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for output-encoding untrusted content in the MLOps UI.",
+      "AU-ISM-1546": "Patch-application control does not single out MLOps experiment-tracking platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an untrusted MLflow recipe's template content as untrusted input requiring sanitization before rendering; the MLOps UI is a privileged surface."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1189",
+      "T1059.007"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 29, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=24 (MLflow is a widely used MLOps platform) minus patch 15. Note: NVD rates 9.6 CRITICAL; the client-side-RCE-via-XSS chain requires a victim to run an untrusted recipe (UI:R).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-27132",
+    "cwe_refs": [
+      "CWE-79",
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "An MLflow recipe containing script / HTML in template-variable fields rendered by the MLflow UI.",
+        "JavaScript executing in an MLflow user's session after viewing/running a recipe from an untrusted source.",
+        "Tracking-server actions (model registration, deletion) originating from a user's session shortly after rendering an untrusted recipe.",
+        "MLflow <= 2.9.2 with the recipe UI reachable by untrusted users — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2024-27132 (CWE-79) and the HiddenLayer / MLflow GitHub security advisory. The unsanitized recipe template variable rendered in the UI is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-27132",
+      "https://github.com/mlflow/mlflow/security/advisories"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "HiddenLayer / MLflow advisory",
+        "advisory_id": "CVE-2024-27132",
+        "url": "https://github.com/mlflow/mlflow/security/advisories",
+        "severity": "critical",
+        "published_date": "2024-02-23"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-27132",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27132",
+        "severity": "critical",
+        "published_date": "2024-02-23"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-79; NIST CVSS 9.6) + the HiddenLayer / MLflow security advisory. MLflow recipe template-injection XSS to client-side RCE; complements the existing MLflow path-traversal entry (CVE-2023-43472).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "MLflow renders untrusted recipe template variables without sanitization (CWE-79), executing script in the victim's session for client-side RCE; fixed in 2.10.0."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -252,6 +252,7 @@
     "evidence_cves": [
       "CVE-2021-26829",
       "CVE-2024-11182",
+      "CVE-2024-27132",
       "CVE-2024-27443",
       "CVE-2024-42009",
       "CVE-2025-27915",
@@ -372,6 +373,7 @@
       "CVE-2017-1000353",
       "CVE-2020-25078",
       "CVE-2022-48503",
+      "CVE-2024-27132",
       "CVE-2024-56145",
       "CVE-2025-11837",
       "CVE-2025-1550",
@@ -1321,6 +1323,7 @@
       "CVE-2025-24016",
       "CVE-2025-26399",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-40551",
       "CVE-2025-42999",
       "CVE-2025-49113",
@@ -3640,7 +3643,9 @@
       "CWE-2000"
     ],
     "related_weaknesses": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2025-30202"
+    ],
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,

package/data/framework-control-gaps.json

@@ -43,6 +43,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-1561",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
@@ -52,6 +53,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -1386,6 +1389,7 @@
       "CVE-2024-1561",
       "CVE-2024-1708",
       "CVE-2024-21762",
+      "CVE-2024-27132",
       "CVE-2024-27199",
       "CVE-2024-27443",
       "CVE-2024-37032",
@@ -1442,11 +1446,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -1800,6 +1806,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-1561",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
@@ -1812,6 +1819,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-38352",
       "CVE-2025-43300",
@@ -2176,6 +2185,8 @@
       "CVE-2024-42478",
       "CVE-2024-42479",
       "CVE-2025-23266",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-53767",
       "CVE-2026-34159",
       "CVE-2026-42897"
@@ -2248,6 +2259,7 @@
       "CVE-2024-11392",
       "CVE-2024-11393",
       "CVE-2024-11394",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-50050",
@@ -2412,6 +2424,7 @@
       "CVE-2024-1561",
       "CVE-2024-1708",
       "CVE-2024-21762",
+      "CVE-2024-27132",
       "CVE-2024-27199",
       "CVE-2024-27443",
       "CVE-2024-37032",
@@ -2470,11 +2483,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -4903,6 +4918,7 @@
       "CVE-2024-11394",
       "CVE-2024-1561",
       "CVE-2024-21762",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
@@ -4912,6 +4928,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5436,6 +5454,7 @@
       "CVE-2024-11394",
       "CVE-2024-1561",
       "CVE-2024-21762",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
@@ -5445,6 +5464,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5512,6 +5533,7 @@
       "CVE-2024-11394",
       "CVE-2024-1561",
       "CVE-2024-21762",
+      "CVE-2024-27132",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-42478",
@@ -5521,6 +5543,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",