@blamejs/exceptd-skills 0.14.26 → 0.14.28

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.029,
+      "current_rate": 0.028,
       "current_floor_enforced_by_test": 0.028,
       "ladder_to_target": [
         0.028,
@@ -68,7 +68,7 @@
         0.3,
         0.4
       ],
-      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved).",
+      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved). v0.14.27: three non-AI CI/CD supply-chain entries grew the catalog to 423; observed rate 12/423 (0.0284), current_rate updated 0.029 -> 0.028; floor unchanged at 0.028 (still under observed).",
       "ladder_note": "Test floor advances when each rung is exceeded with a margin (>= floor + 0.05). Surfaces incremental tightening without coincidence-passing failures.",
       "gap_explanation": "Catalog skews toward 2024 vendor-disclosed CVEs (xz-utils, runc, CRI-O, MLflow, containerd, SolarWinds, Citrix, ConnectWise) and Pwn2Own Ireland 2025 entries (Synacktiv, DEVCORE, Summoning Team, CyCraft) where AI-tooling involvement was either not used or not credited in the public disclosure. The 41% figure in AGENTS.md Hard Rule #7 reflects the broader 2025 zero-day population reported by Google Threat Intelligence Group; catalog membership is curated against a different sampling frame (operational impact + framework-coverage need) and so will lag the population-level rate.",
       "discovery_source_enum": [
@@ -92,6 +92,746 @@
     },
     "last_threat_review": "2026-05-15"
   },
+  "CVE-2025-0282": {
+    "ai_assisted_weaponization": false,
+    "name": "Ivanti Connect Secure / Policy Secure / Neurons for ZTA stack-overflow preauth RCE",
+    "type": "stack-based-buffer-overflow-preauth-rce",
+    "cvss_score": 9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS 3.1 base 9.0 (AC:H reflects the constraint on reliably winning the overflow); unauthenticated network reach (PR:N/UI:N) with scope-changed full compromise of the appliance.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-01-08",
+    "poc_available": true,
+    "poc_description": "Stack-based buffer overflow in the Ivanti Connect Secure web/IF-T component reachable by an unauthenticated remote attacker. Mandiant and Ivanti disclosed active zero-day exploitation on 2025-01-08; public technical write-ups and detection content (watchTowr, Rapid7, Mandiant) followed within days. Exploitation deploys the SPAWN malware ecosystem (SPAWNANT installer, SPAWNMOLE tunneler, SPAWNSNAIL SSH backdoor), the PHASEJAM dropper, and the DRYHOOK credential stealer.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Discovered by Ivanti/Mandiant during active-incident investigation; no AI tooling credited.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Zero-day exploited from at least mid-December 2024 by the suspected China-nexus cluster UNC5337 (assessed within UNC5221) before the 2025-01-08 advisory. CISA KEV-listed same day; later flagged for known ransomware-campaign use. Ivanti's Integrity Checker Tool (ICT) is the primary on-box detection. CISA directed agencies to apply the patch and, where compromise indicators are present, factory-reset and rebuild rather than patch-in-place.",
+    "affected": "Ivanti Connect Secure before 22.7R2.5, Ivanti Policy Secure before 22.7R1.2, and Ivanti Neurons for ZTA gateways before 22.7R2.3. Any internet-facing Connect Secure VPN appliance is in scope.",
+    "affected_versions": [
+      "Ivanti Connect Secure < 22.7R2.5",
+      "Ivanti Policy Secure < 22.7R1.2",
+      "Ivanti Neurons for ZTA gateways < 22.7R2.3"
+    ],
+    "vector": "Unauthenticated remote attacker sends crafted input that overflows a stack buffer in the Connect Secure web surface, achieving code execution on the appliance. No interim configuration workaround fully mitigates an internet-exposed appliance; Ivanti's guidance is to patch and, on indicators of compromise, factory-reset.",
+    "complexity": "high",
+    "complexity_notes": "AC:H — reliably winning the overflow requires defeating appliance mitigations, but functioning exploitation was already in-the-wild at disclosure and mass-scanning followed.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Connect Secure firmware upgrade requires an appliance reboot; no live-patching primitive. Patch alone is insufficient where ICT indicates compromise — a factory reset / rebuild is required to evict SPAWN-ecosystem persistence.",
+    "vendor_update_paths": [
+      "Ivanti Connect Secure 22.7R2.5+",
+      "Ivanti Policy Secure 22.7R1.2+",
+      "Ivanti Neurons for ZTA gateways 22.7R2.3+",
+      "On any ICT compromise indicator: factory reset and rebuild rather than patch-in-place; rotate all appliance and downstream credentials"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "30-day patch SLA is orders of magnitude longer than the observed exploitation window (zero-day, in-the-wild weeks before disclosure, mass-scanning within hours of advisory). Reboot-required firmware upgrade breaks the standard maintenance-window assumption, and patch-in-place is insufficient where the appliance is already compromised.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; the standard 30-day interpretation is unsafe for an unauthenticated preauth flaw on an internet-facing appliance/server with public exploitation and confirmed in-wild use.",
+      "NIS2-Art21-network-security": "EU NIS2 treats this class as essential-function infrastructure but lacks a CISA-KEV-style compressed remediation SLA; operators typically learn of the flaw via vendor advisory, not a regulatory channel.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; the appliance/server exposure window opened hours after disclosure, far inside the financial-entity remediation SLA.",
+      "UK-CAF-B4": "System security principle is silent on the operational reality that a patched device can still carry attacker persistence seeded before the patch; cleanup/rebuild verification is required, not just patch application.",
+      "AU-ISM-1546": "Essential 8 patch-applications ML3 (48h) is closer to reality than NIST SI-2 but still misses the mass-scanning window for this internet-facing class.",
+      "PCI-DSS-4.0-6.3.3": "30-day critical-patch window is exploitation acceptance for an unauthenticated preauth flaw on a perimeter device/server in or adjacent to the CDE."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1133"
+    ],
+    "rwep_score": 85,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 30,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "RWEP 85. KEV (+25) + PoC/in-wild tradecraft (+20) + confirmed exploitation (+20) + blast_radius 30 (every internet-facing Connect Secure appliance; nation-state initial access plus later ransomware use) - patch_available (-15) + reboot_required (+5). Live-patch credit unavailable (appliance firmware). Σ factors === rwep_score.",
+    "epss_score": 0.94129,
+    "epss_date": "2026-05-28",
+    "epss_note": "FIRST EPSS 0.94129 (99.92nd percentile) as of 2026-05-28.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-0282",
+    "cwe_refs": [
+      "CWE-121",
+      "CWE-787"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Ivanti Integrity Checker Tool (ICT) reporting new or mismatched files / failed scan on a Connect Secure appliance.",
+        "SPAWN-ecosystem artifacts (SPAWNANT, SPAWNMOLE, SPAWNSNAIL) or PHASEJAM/DRYHOOK on the appliance.",
+        "Connect Secure appliance running a version below 22.7R2.5 and reachable from the internet."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-0282, CISA KEV, and the Mandiant / Ivanti / watchTowr public analyses."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-0282",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day",
+      "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-Gateways-CVE-2025-0282-CVE-2025-0283"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Ivanti",
+        "advisory_id": "CVE-2025-0282",
+        "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-Gateways-CVE-2025-0282-CVE-2025-0283",
+        "severity": "critical",
+        "published_date": "2025-01-08"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-0282",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0282",
+        "severity": "critical",
+        "published_date": "2025-01-08"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-0282 (CWE-121/CWE-787, CVSS 9.0) + CISA KEV (added 2025-01-08, ransomware-flagged) + Mandiant/Ivanti analyses. The January 2025 Connect Secure zero-day; complements the existing Ivanti EPMM/EPM entries (this is the Connect Secure VPN product) and the perimeter-appliance class exemplified by CVE-2024-21762.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Ivanti Connect Secure stack-overflow preauth RCE (CWE-121), zero-day exploited by a China-nexus cluster with the SPAWN malware ecosystem; patch to 22.7R2.5 and rebuild on any ICT compromise indicator."
+  },
+  "CVE-2025-22457": {
+    "ai_assisted_weaponization": false,
+    "name": "Ivanti Connect Secure / Policy Secure / ZTA Gateways stack-overflow preauth RCE (weaponized follow-on)",
+    "type": "stack-based-buffer-overflow-preauth-rce",
+    "cvss_score": 9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS 3.1 base 9.0. Initially assessed by Ivanti as a low-risk DoS and patched in 22.7R2.6 (2025-02-11); subsequently re-assessed as remotely exploitable for code execution after in-the-wild RCE exploitation was observed.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-04-04",
+    "poc_available": true,
+    "poc_description": "Stack-based buffer overflow in Connect Secure reachable unauthenticated. Mandiant/Ivanti reported active exploitation beginning mid-March 2025 by UNC5221, using the TRAILBLAZE in-memory dropper and the BRUSHFIRE passive backdoor alongside the SPAWN ecosystem. The bug was patched in 22.7R2.6 before it was understood to be RCE-capable, so unpatched fleets were exploited after the fix shipped.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Vendor/Mandiant incident-driven; no AI tooling credited.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Confirmed in-the-wild RCE exploitation from mid-March 2025 by UNC5221; CISA KEV-listed 2025-04-04, later ransomware-flagged. Demonstrates the 'mis-triaged severity' failure mode — a flaw patched as low-risk DoS was weaponized to RCE, so SLA prioritization keyed on the initial CVSS under-protected fleets.",
+    "affected": "Ivanti Connect Secure before 22.7R2.6, Ivanti Policy Secure before 22.7R1.4, and Ivanti ZTA Gateways before 22.8R2.2.",
+    "affected_versions": [
+      "Ivanti Connect Secure < 22.7R2.6",
+      "Ivanti Policy Secure < 22.7R1.4",
+      "Ivanti ZTA Gateways < 22.8R2.2"
+    ],
+    "vector": "Unauthenticated remote stack overflow in the Connect Secure web surface achieving code execution on the appliance. Patch-in-place insufficient on compromised devices; factory reset required where indicators are present.",
+    "complexity": "high",
+    "complexity_notes": "AC:H, but functioning exploitation was in-the-wild and the patch predated public RCE understanding, extending the effective exposure window.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Appliance firmware upgrade requires reboot; no live patch. Rebuild required on compromise indicators.",
+    "vendor_update_paths": [
+      "Ivanti Connect Secure 22.7R2.6+",
+      "Ivanti Policy Secure 22.7R1.4+",
+      "Ivanti ZTA Gateways 22.8R2.2+",
+      "On any compromise indicator: factory reset and rebuild; rotate appliance and downstream credentials"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "A flaw patched as low-risk DoS was later weaponized to RCE — SLA prioritization keyed on initial CVSS left fleets unpatched against the real (critical) risk. The 30-day window is far longer than the observed weaponization-to-mass-exploitation interval, and reboot-required firmware breaks the maintenance-window assumption.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; the standard 30-day interpretation is unsafe for an unauthenticated preauth flaw on an internet-facing appliance/server with public exploitation and confirmed in-wild use.",
+      "NIS2-Art21-network-security": "EU NIS2 treats this class as essential-function infrastructure but lacks a CISA-KEV-style compressed remediation SLA; operators typically learn of the flaw via vendor advisory, not a regulatory channel.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; the appliance/server exposure window opened hours after disclosure, far inside the financial-entity remediation SLA.",
+      "UK-CAF-B4": "System security principle is silent on the operational reality that a patched device can still carry attacker persistence seeded before the patch; cleanup/rebuild verification is required, not just patch application.",
+      "AU-ISM-1546": "Essential 8 patch-applications ML3 (48h) is closer to reality than NIST SI-2 but still misses the mass-scanning window for this internet-facing class.",
+      "PCI-DSS-4.0-6.3.3": "30-day critical-patch window is exploitation acceptance for an unauthenticated preauth flaw on a perimeter device/server in or adjacent to the CDE."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1133"
+    ],
+    "rwep_score": 83,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "RWEP 83. KEV (+25) + in-wild tradecraft (+20) + confirmed exploitation (+20) + blast_radius 28 (internet-facing Connect Secure fleet; weaponized follow-on to CVE-2025-0282) - patch_available (-15) + reboot_required (+5). Σ factors === rwep_score.",
+    "epss_score": 0.58941,
+    "epss_date": "2026-05-28",
+    "epss_note": "FIRST EPSS 0.58941 (98.25th percentile) as of 2026-05-28.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-22457",
+    "cwe_refs": [
+      "CWE-121",
+      "CWE-787"
+    ],
+    "iocs": {
+      "behavioral": [
+        "TRAILBLAZE / BRUSHFIRE or SPAWN-ecosystem artifacts on a Connect Secure appliance.",
+        "ICT scan failure or file-integrity mismatch on Connect Secure.",
+        "Connect Secure below 22.7R2.6 reachable from the internet (patched-but-still-vulnerable if the version predates the fix)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-22457, CISA KEV, and the Mandiant/Ivanti analyses."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-22457",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability",
+      "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Ivanti",
+        "advisory_id": "CVE-2025-22457",
+        "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457",
+        "severity": "critical",
+        "published_date": "2025-04-03"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-22457",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22457",
+        "severity": "critical",
+        "published_date": "2025-04-03"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-22457 (CWE-121/CWE-787, CVSS 9.0) + CISA KEV (added 2025-04-04, ransomware-flagged) + Mandiant/Ivanti analyses. Weaponized follow-on to the Connect Secure CVE-2025-0282 zero-day; same perimeter-appliance patch-SLA class.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Ivanti Connect Secure stack-overflow preauth RCE (CWE-121) initially mis-triaged as DoS then weaponized; patch to 22.7R2.6 and rebuild on compromise indicators."
+  },
+  "CVE-2025-31324": {
+    "ai_assisted_weaponization": false,
+    "name": "SAP NetWeaver Visual Composer Metadata Uploader unauthenticated file-upload RCE",
+    "type": "unrestricted-file-upload-preauth-rce",
+    "cvss_score": 10,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-04-29",
+    "poc_available": true,
+    "poc_description": "The Visual Composer Metadata Uploader endpoint (/developmentserver/metadatauploader) lacks an authorization check, letting an unauthenticated attacker upload an executable (JSP webshell) that runs with SAP service privileges. Mass exploitation observed from April 2025; ReliaQuest first reported in-wild use, with JSP webshells (helper.jsp, cache.jsp, randomly-named) dropped under the servlet path and later follow-on by ransomware affiliates.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Identified during active-incident investigation (ReliaQuest) and confirmed by SAP; no AI tooling credited.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Confirmed mass in-the-wild exploitation from April 2025; CISA KEV-listed 2025-04-29 and ransomware-flagged. Frequently chained with the SAP NetWeaver deserialization flaw CVE-2025-42999. Webshell access enabled hands-on-keyboard follow-on including ransomware staging.",
+    "affected": "SAP NetWeaver Visual Composer (VCFRAMEWORK 7.50) — the Metadata Uploader component is not gated by an authorization check. Internet-facing NetWeaver application servers with Visual Composer enabled are in scope.",
+    "affected_versions": [
+      "SAP NetWeaver Visual Composer VCFRAMEWORK 7.50 (Metadata Uploader unauthenticated)"
+    ],
+    "vector": "Unauthenticated POST to /developmentserver/metadatauploader uploads an executable binary / JSP webshell that the application server then serves and executes, yielding RCE as the SAP service account.",
+    "complexity": "low",
+    "complexity_notes": "Single unauthenticated request; public exploitation tooling and webshell IOCs widely documented.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Apply SAP Security Note 3594142 (and the related hardening notes)",
+      "Where patching is delayed, restrict/disable the Visual Composer Metadata Uploader endpoint and block /developmentserver/metadatauploader at the proxy",
+      "Hunt for and remove JSP webshells under the servlet_jsp / irj root; assume credential compromise and rotate"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "CVSS 10.0 unauthenticated file-upload RCE on an internet-facing ERP application server; the 30-day patch SLA is far longer than the observed mass-exploitation window (days from disclosure). Webshell persistence means patch-in-place without webshell hunting leaves the attacker resident.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; the standard 30-day interpretation is unsafe for an unauthenticated preauth flaw on an internet-facing appliance/server with public exploitation and confirmed in-wild use.",
+      "NIS2-Art21-network-security": "EU NIS2 treats this class as essential-function infrastructure but lacks a CISA-KEV-style compressed remediation SLA; operators typically learn of the flaw via vendor advisory, not a regulatory channel.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; the appliance/server exposure window opened hours after disclosure, far inside the financial-entity remediation SLA.",
+      "UK-CAF-B4": "System security principle is silent on the operational reality that a patched device can still carry attacker persistence seeded before the patch; cleanup/rebuild verification is required, not just patch application.",
+      "AU-ISM-1546": "Essential 8 patch-applications ML3 (48h) is closer to reality than NIST SI-2 but still misses the mass-scanning window for this internet-facing class.",
+      "PCI-DSS-4.0-6.3.3": "30-day critical-patch window is exploitation acceptance for an unauthenticated preauth flaw on a perimeter device/server in or adjacent to the CDE."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1505.003"
+    ],
+    "rwep_score": 78,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 78. KEV (+25) + PoC/webshell IOCs (+20) + confirmed mass exploitation (+20) + blast_radius 28 (internet-facing SAP NetWeaver ERP install base; webshell-to-ransomware chain) - patch_available (-15). No reboot. Σ factors === rwep_score.",
+    "epss_score": 0.3151,
+    "epss_date": "2026-05-28",
+    "epss_note": "FIRST EPSS 0.31510 (96.87th percentile) as of 2026-05-28.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-31324",
+    "cwe_refs": [
+      "CWE-434"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated POST requests to /developmentserver/metadatauploader on a NetWeaver server.",
+        "JSP files (helper.jsp, cache.jsp, or randomly-named) appearing under the irj/servlet_jsp servlet root.",
+        "SAP service account spawning shell / executing uploaded binaries."
+      ],
+      "indicators": [
+        "Webshell paths under j2ee/cluster/.../servlet_jsp/irj/root/ — common ReShell/Behinder/Godzilla artifacts."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-31324, CISA KEV, SAP Security Note 3594142, and the ReliaQuest analysis."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-31324",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html",
+      "https://www.reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "SAP",
+        "advisory_id": "SAP Security Note 3594142",
+        "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html",
+        "severity": "critical",
+        "published_date": "2025-04-24"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-31324",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31324",
+        "severity": "critical",
+        "published_date": "2025-04-24"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-31324 (CWE-434, CVSS 10.0) + CISA KEV (added 2025-04-29, ransomware-flagged) + SAP Security Note 3594142 + ReliaQuest analysis. Complements the existing SAP NetWeaver deserialization entry CVE-2025-42999 with which it was frequently chained in 2025.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "SAP NetWeaver Visual Composer Metadata Uploader missing-authorization file upload (CWE-434) → unauthenticated RCE via JSP webshell; apply SAP Note 3594142 and hunt for webshells."
+  },
+  "CVE-2025-31161": {
+    "ai_assisted_weaponization": false,
+    "name": "CrushFTP HTTP authorization-header authentication bypass (crushadmin takeover)",
+    "type": "authentication-bypass-account-takeover",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS 3.1 base 9.8. Subject of a disclosure-coordination dispute that produced a duplicate identifier (CVE-2025-2825); CVE-2025-31161 is the CNA-recognized id.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-04-07",
+    "poc_available": true,
+    "poc_description": "An authentication-bypass in the HTTP authorization-header handling lets an unauthenticated attacker authenticate as any known/guessable account, including crushadmin, taking over the instance (unless a DMZ proxy instance fronts it). Exploited in the wild in March-April 2025; technical details and detection content published by Outpost24, VulnCheck, and Rapid7.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Reported to CrushFTP by Outpost24; no AI tooling credited.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Confirmed in-the-wild exploitation March-April 2025; CISA KEV-listed 2025-04-07 with known ransomware-campaign use. crushadmin takeover yields full file-server control and downstream data access; observed follow-on tooling includes remote-management agents.",
+    "affected": "CrushFTP 10 before 10.8.4 and CrushFTP 11 before 11.3.1 (instances not fronted by a DMZ proxy instance).",
+    "affected_versions": [
+      "CrushFTP 10 < 10.8.4",
+      "CrushFTP 11 < 11.3.1"
+    ],
+    "vector": "Crafted HTTP Authorization header exploits a flaw in the authentication path to bypass authentication and assume the crushadmin (or other known) account, granting administrative control of the file-transfer server.",
+    "complexity": "low",
+    "complexity_notes": "Single crafted request; public exploitation details. The DMZ-proxy deployment mode mitigates, narrowing but not eliminating the exposed population.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Upgrade to CrushFTP 10.8.4+ or 11.3.1+",
+      "Where patching is delayed, deploy the DMZ proxy instance as an interim mitigation",
+      "Audit for unauthorized crushadmin sessions/created accounts and rotate credentials"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Unauthenticated admin takeover on an internet-facing managed-file-transfer server — the MFT class is a proven ransomware/data-extortion initial-access vector (MOVEit lineage). The 30-day patch SLA is exploitation acceptance; the exposure window opened within days of disclosure with public details.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; the standard 30-day interpretation is unsafe for an unauthenticated preauth flaw on an internet-facing appliance/server with public exploitation and confirmed in-wild use.",
+      "NIS2-Art21-network-security": "EU NIS2 treats this class as essential-function infrastructure but lacks a CISA-KEV-style compressed remediation SLA; operators typically learn of the flaw via vendor advisory, not a regulatory channel.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; the appliance/server exposure window opened hours after disclosure, far inside the financial-entity remediation SLA.",
+      "UK-CAF-B4": "System security principle is silent on the operational reality that a patched device can still carry attacker persistence seeded before the patch; cleanup/rebuild verification is required, not just patch application.",
+      "AU-ISM-1546": "Essential 8 patch-applications ML3 (48h) is closer to reality than NIST SI-2 but still misses the mass-scanning window for this internet-facing class.",
+      "PCI-DSS-4.0-6.3.3": "30-day critical-patch window is exploitation acceptance for an unauthenticated preauth flaw on a perimeter device/server in or adjacent to the CDE."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1078"
+    ],
+    "rwep_score": 76,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 76. KEV (+25) + public exploitation details (+20) + confirmed exploitation, ransomware-flagged (+20) + blast_radius 26 (internet-facing MFT servers; admin takeover, data-extortion class) - patch_available (-15). No reboot. Σ factors === rwep_score.",
+    "epss_score": 0.88937,
+    "epss_date": "2026-05-28",
+    "epss_note": "FIRST EPSS 0.88937 (99.54th percentile) as of 2026-05-28.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-31161",
+    "cwe_refs": [
+      "CWE-305"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unexpected crushadmin (or other privileged) logins, or newly-created admin accounts, on a CrushFTP instance.",
+        "HTTP requests with anomalous Authorization headers preceding admin access.",
+        "CrushFTP 10 < 10.8.4 or 11 < 11.3.1 reachable from the internet without a DMZ proxy instance."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-31161, CISA KEV, and the Outpost24 / VulnCheck / Rapid7 analyses."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-31161",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://outpost24.com/blog/crushftp-cve-2025-31161-auth-bypass/",
+      "https://www.rapid7.com/blog/post/2025/04/07/etr-active-exploitation-of-crushftp-cve-2025-31161/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-31161",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31161",
+        "severity": "critical",
+        "published_date": "2025-04-03"
+      },
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2025-31161",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "critical",
+        "published_date": "2025-04-07"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-31161 (CWE-305, CVSS 9.8) + CISA KEV (added 2025-04-07, ransomware-flagged) + Outpost24/VulnCheck/Rapid7 analyses. Distinct from the existing CrushFTP entry CVE-2025-54309 (alternate-channel); CVE-2025-31161 is the March-April 2025 authorization-header auth bypass (duplicate id CVE-2025-2825 noted).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "CrushFTP HTTP authorization-header authentication bypass (CWE-305) → crushadmin takeover; upgrade to 10.8.4/11.3.1 or front with a DMZ proxy."
+  },
+  "CVE-2025-30066": {
+    "name": "tj-actions/changed-files GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 8.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-03-18",
+    "poc_available": true,
+    "poc_description": "The compromise itself is the live exploit. On 2025-03-14/15 a threat actor used a leaked Personal Access Token to repoint the action's tags v1 through v45.0.7 at commit 0e58ed8, which carried a base64-encoded Python payload (a memory dump via the runner process) that printed CI/CD secrets — AWS keys, npm tokens, the repository GITHUB_TOKEN, RSA private keys — into the publicly readable GitHub Actions workflow logs. Documented by StepSecurity (Harden-Runner detection), Wiz, Semgrep, Sysdig, and Palo Alto Unit 42.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Human-operated supply-chain compromise; no AI involvement in discovery or weaponization is documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI tooling documented in the attack chain. The credential-harvesting payload was a static base64 Python memory dumper.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Actively exploited in the wild during the ~36-hour window the malicious tags were live; ~23,000 repositories referenced the action. CISA added to KEV 2025-03-18.",
+    "affected": "tj-actions/changed-files tags v1 through v45.0.7 (all consumers that referenced a mutable tag rather than a pinned commit SHA were served the malicious 0e58ed8 commit on 2025-03-14/15).",
+    "affected_versions": [
+      "tj-actions/changed-files v1 through v45.0.7 (mutable tags repointed to commit 0e58ed8)"
+    ],
+    "vector": "Mutable git-tag repointing. A stolen PAT moved the action's release tags to a malicious commit; every workflow that pinned the action by tag (the documented norm) pulled the trojaned code on its next run, which dumped the job's secrets to the workflow log.",
+    "complexity": "low",
+    "complexity_notes": "Once the tags were repointed, exploitation was automatic for any consumer pinning by tag — no per-target interaction required.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Upgrade to tj-actions/changed-files@v46.0.1 or later (post-remediation)",
+      "Pin ALL GitHub Actions to a full-length 40-character commit SHA, never a tag or branch",
+      "Rotate every secret exposed to any workflow that ran the action between 2025-03-14 and 2025-03-15",
+      "Audit public workflow logs for leaked secrets and review GitHub's audit log for the period"
+    ],
+    "framework_control_gaps": {
+      "SLSA-v1.0-Build-L3": "SLSA build provenance does not bind a consumer's tag reference to a specific source revision; a repointed mutable tag silently substitutes the build inputs.",
+      "NIST-800-218-SSDF-PW.4": "Reuse of well-maintained components assumes the upstream artifact is immutable; a tag is mutable and the action had no publisher-side tamper control.",
+      "NIST-800-53-SR-11": "Component-authenticity controls assume signed/versioned artifacts; unsigned GitHub Action tags carry no integrity guarantee an SR-11 process can verify.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development controls do not reach a third-party CI action maintained by an individual with no contractual relationship to the consumer.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse: pinning by floating tag is the documented usage pattern, so the control that would have prevented this (SHA pinning) was not the default."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552"
+    ],
+    "rwep_score": 78,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 78). KEV-listed (25) + confirmed in-the-wild exploitation (20) + the live malicious artifact as PoC (20) + very large blast radius (28; ~23,000 dependent repositories, secrets exfiltrated), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": 0.9183,
+    "epss_date": "2026-05-27",
+    "epss_note": "FIRST EPSS 0.9183 (99.70th percentile) as of 2026-05-27.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30066",
+    "iocs": {
+      "behavioral": [
+        "GitHub Actions workflow logs containing base64-encoded blobs or printed environment/secret values after a step running tj-actions/changed-files.",
+        "tj-actions/changed-files referenced by a tag (v1..v45) rather than a 40-char commit SHA during 2025-03-14/15.",
+        "Outbound network calls or memory-dump behavior from the changed-files step that are not part of its documented function."
+      ],
+      "indicators": [
+        "Malicious commit SHA 0e58ed8 in the tj-actions/changed-files history (tags repointed to it).",
+        "Payload fetched/embedded a memory-dumping Python script (gist-hosted in the original chain)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-30066, CISA KEV, and the StepSecurity / Wiz / Semgrep / Sysdig public analyses."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30066",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised",
+      "https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066",
+      "https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30066",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30066",
+        "severity": "high",
+        "published_date": "2025-03-15"
+      },
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2025-30066",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2025-03-18"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-30066 (CWE-506, CVSS 8.6) + CISA KEV (added 2025-03-18) + StepSecurity/Wiz/Semgrep/Sysdig public analyses. The March 2025 GitHub Actions supply-chain compromise; chained from the reviewdog/action-setup compromise (CVE-2025-30154), which is believed to have leaked the PAT used to repoint the changed-files tags.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "tj-actions/changed-files GitHub Action tags were repointed to malicious code (CWE-506) that dumped CI/CD secrets to publicly readable workflow logs; remediate by pinning actions to commit SHAs and rotating exposed secrets."
+  },
+  "CVE-2025-30154": {
+    "name": "reviewdog/action-setup GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 8.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-03-24",
+    "poc_available": true,
+    "poc_description": "The compromise itself is the live exploit. reviewdog/action-setup@v1 was modified on 2025-03-11 between 18:42 and 20:31 UTC to inject code that base64-encodes and prints exposed secrets into the GitHub Actions workflow logs. Because the tag v1 was repointed, every consumer pinning by tag — and every downstream reviewdog action that internally uses action-setup@v1 (action-shellcheck, action-composite-template, action-staticcheck, action-ast-grep, action-typos) — was affected regardless of how the downstream action itself was pinned. Documented by Wiz and the reviewdog GHSA.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Human-operated supply-chain compromise; no AI involvement documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI tooling documented. The reviewdog compromise is widely assessed to be the entry point that exposed the Personal Access Token later used in the tj-actions/changed-files compromise (CVE-2025-30066).",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Actively exploited in the wild during the compromise window; CISA added to KEV 2025-03-24. Transitive blast radius via the five downstream reviewdog actions that consume action-setup@v1.",
+    "affected": "reviewdog/action-setup@v1 (compromised 2025-03-11 18:42-20:31 UTC), and transitively reviewdog/action-shellcheck, action-composite-template, action-staticcheck, action-ast-grep, and action-typos which invoke action-setup@v1 internally.",
+    "affected_versions": [
+      "reviewdog/action-setup@v1 (tag repointed to malicious commit)",
+      "reviewdog/action-shellcheck (via action-setup@v1)",
+      "reviewdog/action-composite-template (via action-setup@v1)",
+      "reviewdog/action-staticcheck (via action-setup@v1)",
+      "reviewdog/action-ast-grep (via action-setup@v1)",
+      "reviewdog/action-typos (via action-setup@v1)"
+    ],
+    "vector": "Mutable git-tag repointing of a transitively-included action. action-setup@v1 was trojaned; downstream reviewdog actions that pin action-setup@v1 internally pulled the malicious code regardless of how the consumer pinned the downstream action, dumping job secrets to the workflow log.",
+    "complexity": "low",
+    "complexity_notes": "Automatic for any consumer of the affected actions during the window; the transitive inclusion defeated consumer-side SHA pinning of the outer action.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Pin reviewdog actions to a known-good full commit SHA predating 2025-03-11; the maintainer reverted the malicious changes",
+      "Pin ALL transitively-included actions by commit SHA where possible, and prefer actions that pin their own dependencies by SHA",
+      "Rotate every secret exposed to any workflow that ran an affected reviewdog action during the window",
+      "Audit public workflow logs and the GitHub audit log for the compromise period"
+    ],
+    "framework_control_gaps": {
+      "SLSA-v1.0-Build-L3": "Build provenance does not cover transitively-included actions; pinning the outer action by SHA still pulled a malicious inner action referenced by a mutable tag.",
+      "NIST-800-218-SSDF-PW.4": "Component-reuse controls do not address nested third-party CI actions whose own dependencies are tag-pinned outside the consumer's control.",
+      "NIST-800-53-SR-3": "Supply-chain controls inventory direct dependencies; a second-tier GitHub Action (action-setup pulled by action-shellcheck) routinely escapes that inventory.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse via transitive action inclusion — consumer-side SHA pinning is insufficient when the pinned action itself references a mutable tag.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development trust does not extend to the maintainers of an action's internal dependencies."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552"
+    ],
+    "rwep_score": 72,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 72). KEV-listed (25) + confirmed exploitation (20) + live malicious artifact as PoC (20) + broad transitive blast radius (22; five downstream actions, defeated consumer SHA pinning), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": 0.34556,
+    "epss_date": "2026-05-27",
+    "epss_note": "FIRST EPSS 0.34556 (97.07th percentile) as of 2026-05-27.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30154",
+    "iocs": {
+      "behavioral": [
+        "GitHub Actions workflow logs containing base64-encoded secret blobs after a step running any reviewdog action.",
+        "reviewdog/action-setup or a dependent reviewdog action referenced during 2025-03-11 18:42-20:31 UTC.",
+        "A consumer that SHA-pinned an outer reviewdog action but still received malicious code (signature of the transitive-tag compromise)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-30154, CISA KEV, the reviewdog GHSA-qmg3-hpqr-gqvc, and the Wiz analysis."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30154",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc",
+      "https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-qmg3-hpqr-gqvc",
+        "url": "https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc",
+        "severity": "high",
+        "published_date": "2025-03-19"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30154",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30154",
+        "severity": "high",
+        "published_date": "2025-03-19"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-30154 (CWE-506, CVSS 8.6) + CISA KEV (added 2025-03-24) + reviewdog GHSA-qmg3-hpqr-gqvc + Wiz analysis. The reviewdog/action-setup compromise of 2025-03-11; assessed as the upstream pivot of the tj-actions/changed-files compromise (CVE-2025-30066). Shares the CI/CD supply-chain control surface with that entry and the xz-utils backdoor (CVE-2024-3094).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "reviewdog/action-setup@v1 (and five reviewdog actions that include it transitively) was trojaned (CWE-506) to dump secrets to workflow logs; pin actions to commit SHAs and rotate exposed secrets."
+  },
+  "CVE-2026-48027": {
+    "name": "Nx Console IDE Extension Supply-Chain Compromise (malicious marketplace version)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_v4_score": 9.3,
+    "cvss_v4_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+    "cvss_score_note": "NVD CVSS 3.1 base 9.8 (nvd@nist.gov). GitHub (CNA) scored CVSS 4.0 base 9.3. The 3.1 vector is the catalog-primary; both recorded.",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-27",
+    "poc_available": true,
+    "poc_description": "The malicious extension is the live exploit. On 2026-05-19 a trojaned Nx Console 18.95.0 was published to the Visual Studio Marketplace (live 12:30-12:48 UTC, ~18 minutes) and OpenVSX (live 12:33-13:09 UTC, ~36 minutes). On install/activation it fetched an obfuscated second-stage payload that harvested credentials from multiple sources on the developer host. Documented by StepSecurity and the nrwl/nx-console GHSA.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "No AI involvement in discovery is documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "AI-CLI abuse is not asserted for this specific extension compromise. Context: the Nx ecosystem was previously hit by the August 2025 's1ngularity' npm-package compromise, whose payload notably weaponized installed AI CLI assistants to enumerate secrets — a distinct incident; this entry is scoped to the documented facts of CVE-2026-48027.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA added to KEV 2026-05-27. The malicious version was live in two marketplaces during the documented windows on 2026-05-19; auto-update of the widely-installed extension drove exposure within the windows.",
+    "affected": "Nx Console 18.95.0 (the malicious version published 2026-05-19; live ~18 min on Visual Studio Marketplace and ~36 min on OpenVSX).",
+    "affected_versions": [
+      "Nx Console 18.95.0 (malicious marketplace publication; removed shortly after)"
+    ],
+    "vector": "Trojanized IDE-extension marketplace publication. A malicious 18.95.0 build was pushed to the VS Code Marketplace and OpenVSX; installing or auto-updating to it ran an obfuscated credential-harvesting payload with the developer's local privileges.",
+    "complexity": "low",
+    "complexity_notes": "Install or auto-update of the extension during the publication window was sufficient; no additional interaction required.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Upgrade Nx Console to 18.100.0 (or later); 18.100.0 is confirmed clean",
+      "If 18.95.0 was installed on 2026-05-19, treat the host as compromised: rotate all developer credentials (Git/npm tokens, SSH keys, cloud keys, crypto wallets) and review for exfiltration",
+      "Disable IDE-extension auto-update for security-critical hosts and verify publisher/version before updating"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SR-11": "Component-authenticity verification does not extend to IDE marketplace extensions; VS Code/OpenVSX extensions carry no consumer-verifiable publisher signature an SR-11 process can gate on.",
+      "NIST-800-218-SSDF-PW.4": "Trusted-component reuse assumes the marketplace artifact matches the reviewed source; a malicious version published under the legitimate publisher identity defeats that assumption.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development controls do not address developer-endpoint IDE extensions installed outside any procurement or vetting process.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management for developer endpoints rarely inventories IDE extensions or their auto-update behavior as a managed software surface.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse extends to the developer IDE: a compromised extension harvests the same credentials the CI pipeline protects, upstream of any pipeline control."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552",
+      "T1567"
+    ],
+    "rwep_score": 74,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 74). KEV-listed (25) + confirmed exploitation (20) + the live malicious extension as PoC (20) + broad blast radius (24; widely-installed IDE extension, multi-source credential harvesting on the developer host, narrowed by the short publication window), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": null,
+    "epss_date": "2026-05-28",
+    "epss_note": "Not yet scored by FIRST EPSS as of 2026-05-28 (CVE published 2026-05-27); refresh on the next validate-cves --live run.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-48027",
+    "iocs": {
+      "behavioral": [
+        "Nx Console version 18.95.0 present in a VS Code / OpenVSX installation.",
+        "An IDE extension process making outbound network calls to fetch a second-stage payload shortly after install/update on 2026-05-19.",
+        "Access to developer credential stores (Git config, ~/.npmrc, SSH keys, cloud credential files, wallet files) by the extension host process."
+      ],
+      "indicators": [
+        "Nx Console 18.95.0 installed during 2026-05-19 12:30-12:48 UTC (VS Marketplace) or 12:33-13:09 UTC (OpenVSX)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-48027, CISA KEV, the nrwl/nx-console GHSA-c9j4-9m59-847w, and the StepSecurity analysis."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-48027",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w",
+      "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-c9j4-9m59-847w",
+        "url": "https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w",
+        "severity": "critical",
+        "published_date": "2026-05-27"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-48027",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48027",
+        "severity": "critical",
+        "published_date": "2026-05-27"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-48027 (CWE-506, CVSS 3.1 9.8 / CVSS 4.0 9.3) + CISA KEV (added 2026-05-27) + nrwl/nx-console GHSA-c9j4-9m59-847w + StepSecurity analysis. Trojanized Nx Console 18.95.0 published to the VS Code Marketplace and OpenVSX on 2026-05-19; clean at 18.100.0. Shares the developer-tooling supply-chain control surface with the tj-actions (CVE-2025-30066) and reviewdog (CVE-2025-30154) action compromises.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "A malicious Nx Console 18.95.0 was published to the VS Code Marketplace / OpenVSX (CWE-506) and harvested developer credentials; upgrade to 18.100.0 and rotate credentials if the bad version was installed on 2026-05-19."
+  },
   "CVE-2025-53773": {
     "name": "GitHub Copilot / VS Code 'YOLO mode' Prompt Injection RCE",
     "type": "RCE-via-prompt-injection",