@blamejs/exceptd-skills 0.13.99 → 0.13.101

package/data/atlas-ttps.json

@@ -150,6 +150,7 @@
       "CVE-2024-11394",
       "CVE-2024-37032",
       "CVE-2025-1550",
+      "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-22778",
@@ -1281,6 +1282,7 @@
       "CVE-2024-11394",
       "CVE-2024-21513",
       "CVE-2025-1550",
+      "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-8747",
       "MAL-2024-PYPI-ULTRALYTICS-XMRIG"
@@ -1743,12 +1745,14 @@
       "CVE-2025-32444",
       "CVE-2025-64496",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2026-0766",
       "CVE-2026-24213",
       "CVE-2026-24214",
       "CVE-2026-24215",
       "CVE-2026-26190",
-      "CVE-2026-34159"
+      "CVE-2026-34159",
+      "CVE-2026-45829"
     ]
   },
   "AML.T0050": {
@@ -2841,8 +2845,10 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2025-1550",
+      "CVE-2025-32434",
       "CVE-2025-33236",
-      "CVE-2025-8747"
+      "CVE-2025-8747",
+      "CVE-2026-45829"
     ]
   },
   "AML.T0011.001": {

package/data/attack-techniques.json

@@ -295,6 +295,7 @@
       "CVE-2025-1753",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -326,6 +327,7 @@
       "CVE-2026-39884",
       "CVE-2026-39987",
       "CVE-2026-40933",
+      "CVE-2026-45829",
       "CVE-2026-6973"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
@@ -985,6 +987,7 @@
       "CVE-2025-6554",
       "CVE-2025-6558",
       "CVE-2025-66644",
+      "CVE-2025-67818",
       "CVE-2025-68613",
       "CVE-2025-68645",
       "CVE-2025-6965",
@@ -1048,6 +1051,7 @@
       "CVE-2026-42208",
       "CVE-2026-42897",
       "CVE-2026-42945",
+      "CVE-2026-45829",
       "CVE-2026-6973",
       "CVE-2026-7482",
       "CVE-2026-9082",
@@ -1128,6 +1132,7 @@
       "CVE-2024-11394",
       "CVE-2024-3094",
       "CVE-2025-1550",
+      "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-8747",
       "CVE-2026-45321",
@@ -4312,6 +4317,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2025-1550",
+      "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-8747"
     ]

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.032,
+      "current_rate": 0.031,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -15381,6 +15381,323 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "NVIDIA NeMo's SaveRestoreConnector extracts a .nemo (.tar) model archive without path restriction (CWE-22), so a malicious model writes to an arbitrary path and can execute code; fixed in r2.0.0rc0."
   },
+  "CVE-2025-32434": {
+    "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). torch.load executes code from a crafted checkpoint even when called with weights_only=True (CWE-502) - the very setting the ecosystem recommended as the safe way to load untrusted models.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the PyTorch GitHub security advisory GHSA-53q9-r3pm-6pq6: a maliciously crafted model checkpoint executes code when loaded with torch.load, even with weights_only=True set, defeating the recommended safe-load guidance.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_discovery_notes": "Disclosed via the PyTorch project's GitHub security advisory. PyTorch is the foundational deep-learning framework; the abused surface is its primary model-loading API.",
+    "ai_assisted_notes": "No AI-assisted weaponization; unsafe deserialization in the model-loading API, notable because it bypasses the documented safe-load mitigation.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "PyTorch up to and including 2.5.1 (torch.load); fixed in 2.6.0.",
+    "affected_versions": [
+      "PyTorch <= 2.5.1"
+    ],
+    "vector": "PyTorch's torch.load deserializes a model checkpoint in a way that executes attacker-controlled code even when weights_only=True is set (CWE-502). Because weights_only=True was the ecosystem's recommended safe way to load untrusted checkpoints, code that followed that guidance is still vulnerable - loading a malicious model from a hub or untrusted source is remote code execution.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N - loading an untrusted checkpoint; no user interaction beyond the load call.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading PyTorch to 2.6.0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade PyTorch to 2.6.0 or later. Do not rely on weights_only=True to make untrusted checkpoints safe on <= 2.5.1; only load models from trusted sources, verify provenance, prefer safetensors, and load untrusted models sandboxed."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the foundational deep-learning framework's model-loading API as managed, RCE-bearing software, nor that the documented safe-load setting (weights_only=True) was bypassable.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to model checkpoints that torch.load deserializes; the safe-load flag was trusted as sufficient.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the DL framework's model-loading path as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach DL-framework model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-checkpoint loading in PyTorch as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating model checkpoints as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out the foundational DL framework's model loaders.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model checkpoint as untrusted executable input; loading one with torch.load (even weights_only=True on <= 2.5.1) is RCE, and a 'safe' flag proved necessary-but-insufficient."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 33, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=28 (PyTorch is the foundational deep-learning framework) minus patch 15. Note: this bypasses the documented safe-load mitigation, so deployments that 'did the right thing' (weights_only=True on <= 2.5.1) remain exposed.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-32434",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during torch.load of an externally sourced checkpoint, including when weights_only=True is set.",
+        "A model checkpoint from a hub or shared store whose deserialization resolves to code execution.",
+        "Loading checkpoints without provenance verification through PyTorch <= 2.5.1.",
+        "PyTorch <= 2.5.1 loading untrusted checkpoints - the exposed precondition (weights_only=True does not mitigate on these versions)."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the PyTorch GitHub security advisory (https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6) and NVD CVE-2025-32434 (CWE-502). The torch.load code execution despite weights_only=True is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-32434",
+      "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (pytorch)",
+        "advisory_id": "GHSA-53q9-r3pm-6pq6",
+        "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
+        "severity": "critical",
+        "published_date": "2025-04-18"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-32434",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434",
+        "severity": "critical",
+        "published_date": "2025-04-18"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 9.8) + the PyTorch GitHub security advisory. The foundational DL framework's torch.load executes code even with weights_only=True on <= 2.5.1; same untrusted-model-artifact class as Keras / HF Transformers / NeMo (shares NEW-CTRL-091), and a documented-safe-mitigation bypass.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "PyTorch's torch.load executes code from a crafted checkpoint even with weights_only=True on <= 2.5.1 (CWE-502), defeating the recommended safe-load guidance; fixed in 2.6.0."
+  },
+  "CVE-2026-45829": {
+    "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
+    "type": "RCE",
+    "cvss_score": 10,
+    "cvss_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
+    "cvss_note": "CNA CVSS v4.0 base 10.0 (CRITICAL); NVD has not published its own CVSS 3.x assessment (awaiting enrichment). The FastAPI collections endpoint processes a caller-supplied embedding-function config (a model repo with trust_remote_code=true) before authentication, yielding unauthenticated code execution (CWE-94).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing advisory (SecurityWeek / ChromaDB advisory): an unauthenticated request to the collections endpoint loads a malicious model repo and executes code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via SecurityWeek / ChromaDB advisory. The abused surface is a widely used vector database (RAG persistence layer).",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; pre-auth code injection on the vector DB.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Public reporting urges urgent action on exposed instances; no confirmed in-the-wild exploitation as of curation. No fixed Python release published, so exposure persists.",
+    "affected": "ChromaDB (Python FastAPI server) 1.0.0 and later; the Rust 'chroma run' deployment and official Docker images are not affected.",
+    "affected_versions": [
+      "ChromaDB (Python FastAPI) >= 1.0.0"
+    ],
+    "vector": "ChromaDB's Python FastAPI server processes collection-creation logic - including a caller-supplied embedding-function configuration that can specify a model repository with trust_remote_code=true - before verifying the caller's identity, on /api/v2/tenants/{tenant}/databases/{db}/collections. An unauthenticated attacker therefore triggers remote code execution (CWE-94) by getting the server to load a malicious model repo. Disclosed as ChromaToast.",
+    "complexity": "low",
+    "complexity_notes": "AV:N / AC:L / PR:N - unauthenticated, network-reachable FastAPI server.",
+    "patch_available": false,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "No fixed release published as of curation; mitigate via network isolation and the non-FastAPI deployment (see vendor_update_paths).",
+    "vendor_update_paths": [
+      "No fixed ChromaDB Python release is published as of curation. Mitigate by restricting network access to the FastAPI port (do not expose to untrusted networks), using the Rust 'chroma run' deployment or official Docker images, and disabling trust_remote_code model loading."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Authentication is not enforced before the vector DB processes attacker-controlled collection config.",
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the vector database (RAG persistence layer) as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input validation is not applied to the embedding-function model-repo config before the vector DB acts on it.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the vector database's collection/embedding endpoints as a code-execution / file-write surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the vector DB as a privileged RAG data store.",
+      "DORA-Art-9": "ICT protection measures do not model vector-DB takeover (RAG data / host files) as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for input validation / path containment on the vector database.",
+      "AU-ISM-1546": "Patch-application control does not single out vector databases.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the vector database as a sensitive RAG store whose request/backup paths must validate untrusted input before code execution or file write."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 44,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": 0,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Elevated (RWEP 44, \"patch within 7 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation; no fixed release published, so no patch credit. poc_available=20 + blast_radius=24.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-45829",
+    "cwe_refs": [
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated POST requests to ChromaDB /api/v2/.../collections specifying an embedding-function config with a remote model repository and trust_remote_code=true.",
+        "ChromaDB FastAPI server fetching a remote model repo and executing its code during collection creation.",
+        "Code/process execution on the ChromaDB host triggered before any authenticated session.",
+        "ChromaDB Python FastAPI server >= 1.0.0 exposed to untrusted networks - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the SecurityWeek / ChromaDB advisory advisory (https://www.securityweek.com/unpatched-chromadb-vulnerability-can-lead-to-server-takeover/) and NVD CVE-2026-45829 (CWE-94)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-45829",
+      "https://www.securityweek.com/unpatched-chromadb-vulnerability-can-lead-to-server-takeover/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "SecurityWeek / ChromaDB advisory",
+        "advisory_id": "CVE-2026-45829",
+        "url": "https://www.securityweek.com/unpatched-chromadb-vulnerability-can-lead-to-server-takeover/",
+        "severity": "critical",
+        "published_date": "2026-05-18"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-45829",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45829",
+        "severity": "critical",
+        "published_date": "2026-05-18"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-94; CNA CVSS v4.0 10.0, no NVD 3.x score) + the SecurityWeek / ChromaDB advisory advisory. Vector-database flaw (RAG persistence layer); shares the vector-DB authentication control NEW-CTRL-101 with the Milvus entries.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "ChromaDB's Python FastAPI server runs collection-creation logic (embedding-function config with trust_remote_code) before auth, giving unauthenticated RCE (CWE-94, ChromaToast); no fixed release published - mitigate via network isolation / Rust deployment."
+  },
+  "CVE-2025-67818": {
+    "name": "Weaviate Backup Restore ZipSlip Path Traversal",
+    "type": "RCE",
+    "cvss_score": 7.2,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "CISA-ADP CVSS v3.1 base 7.2 (HIGH, PR:H); NVD has not published its own assessed score, and the GitHub (CNA) advisory rates it HIGH (CVSS v4.0 8.7). An attacker with data-write access crafts backup entries with absolute paths or ../ traversal that escape the restore root on restore (CWE-22 ZipSlip), creating/overwriting arbitrary files.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing advisory (GitHub Security Advisory): a write-capable attacker crafts a backup with traversal paths that escape the restore root.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory. The abused surface is a widely used vector database (RAG persistence layer).",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; path traversal on the vector DB's backup restore.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Weaviate OSS before the branch fixes 1.30.20, 1.31.19, 1.32.16, and 1.33.4 (the GHSA ships per-maintained-branch patches).",
+    "affected_versions": [
+      "Weaviate OSS < 1.30.20",
+        "Weaviate OSS >= 1.31.0-rc.0, < 1.31.19",
+        "Weaviate OSS >= 1.32.0-rc.0, < 1.32.16",
+        "Weaviate OSS >= 1.33.0-rc.0, < 1.33.4"
+    ],
+    "vector": "Weaviate OSS does not constrain backup entry paths during restore, so an attacker with insert/write access crafts entries with absolute or ../ traversal paths that escape the restore root (CWE-22 ZipSlip), creating or overwriting files in arbitrary locations on the Weaviate host.",
+    "complexity": "low",
+    "complexity_notes": "CISA-ADP AV:N / AC:L / PR:H - requires data-write access to craft the backup.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to the fixed release on your maintained branch (1.30.20 / 1.31.19 / 1.32.16 / 1.33.4); redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Weaviate OSS to the fixed release on your maintained branch (1.30.20, 1.31.19, 1.32.16, or 1.33.4). Restrict who can insert data / trigger restores and run Weaviate as a least-privilege user."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Authentication is relied upon but the backup-restore path is reachable by ordinary write-capable accounts.",
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the vector database (RAG persistence layer) as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input validation is not applied to backup entry paths before the vector DB acts on it.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the vector database's backup-restore path as a code-execution / file-write surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the vector DB as a privileged RAG data store.",
+      "DORA-Art-9": "ICT protection measures do not model vector-DB takeover (RAG data / host files) as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for input validation / path containment on the vector database.",
+      "AU-ISM-1546": "Patch-application control does not single out vector databases.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the vector database as a sensitive RAG store whose request/backup paths must validate untrusted input before code execution or file write."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190"
+    ],
+    "rwep_score": 25,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 25, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=20 minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-67818",
+    "cwe_refs": [
+      "CWE-22"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Weaviate backup archives whose entries contain absolute paths or ../ traversal sequences.",
+        "Files written by Weaviate outside the restore root during a backup restore.",
+        "Restore operations triggered by accounts that should not have that capability.",
+        "Weaviate OSS < 1.33.4 with restore reachable by write-capable accounts - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the GitHub Security Advisory advisory (https://github.com/advisories/GHSA-7v39-2hx7-7c43) and NVD CVE-2025-67818 (CWE-22)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-67818",
+      "https://github.com/advisories/GHSA-7v39-2hx7-7c43"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2025-67818",
+        "url": "https://github.com/advisories/GHSA-7v39-2hx7-7c43",
+        "severity": "high",
+        "published_date": "2025-12-12"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-67818",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67818",
+        "severity": "high",
+        "published_date": "2025-12-12"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from the GitHub (CNA) advisory (GHSA-7v39-2hx7-7c43, CWE-22) + CISA-ADP (CVSS v3.1 7.2; NVD has not published its own score). Vector-database flaw (RAG persistence layer); shares the AI-app path-traversal control NEW-CTRL-094.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Weaviate OSS backup restore does not constrain entry paths (CWE-22 ZipSlip), letting a write-capable attacker create/overwrite arbitrary host files; fixed per branch (1.30.20 / 1.31.19 / 1.32.16 / 1.33.4)."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -109,6 +109,7 @@
       "CVE-2025-27920",
       "CVE-2025-4632",
       "CVE-2025-6218",
+      "CVE-2025-67818",
       "CVE-2025-8110",
       "CVE-2026-25592",
       "CVE-2026-34926"
@@ -408,6 +409,7 @@
       "CVE-2026-30615",
       "CVE-2026-33017",
       "CVE-2026-34197",
+      "CVE-2026-45829",
       "CVE-2026-6973",
       "MAL-2026-3083"
     ],
@@ -1335,6 +1337,7 @@
       "CVE-2025-24016",
       "CVE-2025-26399",
       "CVE-2025-30165",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-40551",
       "CVE-2025-42999",

package/data/framework-control-gaps.json

@@ -63,6 +63,7 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -71,6 +72,7 @@
       "CVE-2025-60455",
       "CVE-2025-64496",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -87,7 +89,8 @@
       "CVE-2026-30624",
       "CVE-2026-30625",
       "CVE-2026-34159",
-      "CVE-2026-40933"
+      "CVE-2026-40933",
+      "CVE-2026-45829"
     ],
     "atlas_refs": [
       "AML.T0018",
@@ -1477,6 +1480,7 @@
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
@@ -1567,6 +1571,7 @@
       "CVE-2025-6558",
       "CVE-2025-66376",
       "CVE-2025-66644",
+      "CVE-2025-67818",
       "CVE-2025-68461",
       "CVE-2025-68613",
       "CVE-2025-68645",
@@ -1641,6 +1646,7 @@
       "CVE-2026-41940",
       "CVE-2026-42945",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-5281",
@@ -1859,6 +1865,7 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -1869,6 +1876,7 @@
       "CVE-2025-60455",
       "CVE-2025-64496",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -1893,6 +1901,7 @@
       "CVE-2026-41091",
       "CVE-2026-45321",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-9082",
@@ -2317,9 +2326,11 @@
       "CVE-2025-1753",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32434",
       "CVE-2025-33236",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-67818",
       "CVE-2025-6965",
       "CVE-2025-8747",
       "CVE-2026-0766",
@@ -2328,6 +2339,7 @@
       "CVE-2026-24215",
       "CVE-2026-39884",
       "CVE-2026-42208",
+      "CVE-2026-45829",
       "CVE-2026-9082"
     ],
     "atlas_refs": [
@@ -2550,6 +2562,7 @@
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
@@ -2644,6 +2657,7 @@
       "CVE-2025-6558",
       "CVE-2025-66376",
       "CVE-2025-66644",
+      "CVE-2025-67818",
       "CVE-2025-68461",
       "CVE-2025-68613",
       "CVE-2025-68645",
@@ -2725,6 +2739,7 @@
       "CVE-2026-43284",
       "CVE-2026-43500",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-5281",
@@ -5010,6 +5025,7 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -5018,6 +5034,7 @@
       "CVE-2025-60455",
       "CVE-2025-64496",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2025-8747",
       "CVE-2026-0300",
       "CVE-2026-0766",
@@ -5043,6 +5060,7 @@
       "CVE-2026-42897",
       "CVE-2026-42945",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-9082"
@@ -5556,6 +5574,7 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -5563,6 +5582,7 @@
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-67818",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -5581,6 +5601,7 @@
       "CVE-2026-40933",
       "CVE-2026-41091",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-9082",
@@ -5647,6 +5668,7 @@
       "CVE-2025-23266",
       "CVE-2025-30165",
       "CVE-2025-30202",
+      "CVE-2025-32434",
       "CVE-2025-32444",
       "CVE-2025-33236",
       "CVE-2025-34291",
@@ -5655,6 +5677,7 @@
       "CVE-2025-60455",
       "CVE-2025-64496",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -5676,6 +5699,7 @@
       "CVE-2026-40933",
       "CVE-2026-41091",
       "CVE-2026-45498",
+      "CVE-2026-45829",
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-9082"
@@ -5958,10 +5982,12 @@
       "CVE-2024-4889",
       "CVE-2024-6587",
       "CVE-2025-64513",
+      "CVE-2025-67818",
       "CVE-2026-20182",
       "CVE-2026-24206",
       "CVE-2026-24207",
-      "CVE-2026-26190"
+      "CVE-2026-26190",
+      "CVE-2026-45829"
     ],
     "atlas_refs": [],
     "attack_refs": [