regscale-cli 6.21.0.0__py3-none-any.whl → 6.21.2.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_five.py

@@ -1063,7 +1063,7 @@ def _update_existing_control(
         existing_control,
         control_dict.get("status"),
         new_statement if new_statement else control_dict.get("statement"),
-        control_dict.get("responsibility"),
+        control_dict.get("origination"),
         primary_role if primary_role and isinstance(primary_role, dict) and primary_role.get("id") else None,
         parent_id,
     )
@@ -1087,14 +1087,93 @@ def _update_existing_control(
 
 def add_roles_to_control_implementation(implementation: ControlImplementation, roles: List[Dict]):
     """
-    Adds roles to a control implementation.
+    Updates roles for a control implementation by checking existing roles and adding/removing as appropriate.
+    This prevents duplicate roles on successive imports.
+    :param ControlImplementation implementation: The control implementation.
+    :param List[Dict] roles: The list of roles to set.
+    """
+    if not implementation or not implementation.id:
+        logger.warning("Control implementation is missing or has no ID, cannot update roles")
+        return
+
+    try:
+        # Get existing roles for this control implementation
+        from regscale.models.regscale_models.implementation_role import ImplementationRole
+
+        # Get existing roles
+        existing_roles = ImplementationRole.get_all_by_parent(
+            parent_id=implementation.id, parent_module=implementation._module_string
+        )
+        existing_role_ids = {role.roleId for role in existing_roles if role and role.roleId}
+
+        # Get target role IDs from the new roles list
+        target_role_ids = {role.get("id") for role in roles if isinstance(role, dict) and role.get("id")}
+
+        # Find roles to add (in target but not in existing)
+        roles_to_add = target_role_ids - existing_role_ids
+
+        # Find roles to remove (in existing but not in target)
+        roles_to_remove = existing_role_ids - target_role_ids
+
+        # Add new roles
+        for role_id in roles_to_add:
+            try:
+                implementation.add_role(role_id)
+                logger.debug(f"Added role {role_id} to control implementation {implementation.id}")
+            except Exception as e:
+                logger.warning(f"Failed to add role {role_id} to control implementation {implementation.id}: {e}")
+
+        # Remove roles that are no longer needed
+        _remove_roles_from_control_implementation(implementation, roles_to_remove, existing_roles)
+
+        if roles_to_add or roles_to_remove:
+            logger.info(
+                f"Updated roles for control implementation {implementation.id}: added {len(roles_to_add)}, removed {len(roles_to_remove)}"
+            )
+        else:
+            logger.debug(f"No role changes needed for control implementation {implementation.id}")
+
+    except Exception as e:
+        logger.error(f"Error updating roles for control implementation {implementation.id}: {e}")
+        # Fallback to old behavior if there's an error
+        _fallback_add_roles_to_control_implementation(implementation, roles)
+
+
+def _remove_roles_from_control_implementation(
+    implementation: ControlImplementation, roles_to_remove: set, existing_roles: List
+):
+    """
+    Removes roles that are no longer needed from a control implementation.
+    :param ControlImplementation implementation: The control implementation to remove roles from.
+    :param set roles_to_remove: Set of role IDs that should be removed.
+    :param List existing_roles: List of existing ImplementationRole objects.
+    """
+    for role_id in roles_to_remove:
+        try:
+            # Find the ImplementationRole record to delete
+            for existing_role in existing_roles:
+                if existing_role.roleId == role_id:
+                    existing_role.delete()
+                    logger.debug(f"Removed role {role_id} from control implementation {implementation.id}")
+                    break
+        except Exception as e:
+            logger.warning(f"Failed to remove role {role_id} from control implementation {implementation.id}: {e}")
+
+
+def _fallback_add_roles_to_control_implementation(implementation: ControlImplementation, roles: List[Dict]):
+    """
+    Fallback method for adding roles to a control implementation when the main method fails.
+    This uses the old behavior of simply adding roles without checking for duplicates.
     :param ControlImplementation implementation: The control implementation.
-    :param List[Dict] roles: The list of roles.
+    :param List[Dict] roles: The list of roles to add.
     """
-    if roles and len(roles) > 0 and implementation:
+    if roles and len(roles) > 0:
         for role in roles:
             if isinstance(role, dict) and role.get("id"):
-                implementation.add_role(role.get("id"))
+                try:
+                    implementation.add_role(role.get("id"))
+                except Exception as add_error:
+                    logger.warning(f"Failed to add role {role.get('id')}: {add_error}")
 
 
 def get_primary_and_supporting_roles(roles: List, parent_id: int) -> Tuple[List, Dict]:
@@ -1446,7 +1525,9 @@ def handle_matching_objectives(
         part_statement = f"{part.get('value', '')}" if not new_statement else new_statement
         statements_used.append(part_statement)
 
-        has_existing_obj = check_for_existing_objective(control_implementation, objective, status, part_statement)
+        has_existing_obj = check_for_existing_objective(
+            control_implementation, objective, status, part_statement, origination
+        )
         if has_existing_obj:
             continue
         duplicate = True if part_statement in statements_used else False
@@ -1467,6 +1548,7 @@ def check_for_existing_objective(
     objective: ControlObjective,
     status: Optional[str],
     part_statement: str,
+    origination: Optional[str] = None,
 ) -> bool:
     """
     Check for existing implementation objectives.
@@ -1474,6 +1556,7 @@ def check_for_existing_objective(
     :param ControlObjective objective: The control objective object.
     :param Optional[str] status: The status of the implementation.
     :param str part_statement: The part statement.
+    :param Optional[str] origination: The origination of the implementation.
     :return: True if an existing implementation objective is found, False otherwise.
     :rtype: bool
     """
@@ -1495,6 +1578,8 @@ def check_for_existing_objective(
                     status = status.value
                 existing_obj.status = status_map.get(status, status)
             existing_obj.statement = part_statement
+            if origination is not None:
+                existing_obj.responsibility = origination
             existing_obj.parentObjectiveId = objective.id
             existing_obj.save()
             return True
@@ -1755,7 +1840,7 @@ def update_existing_control(
     if not control.stepsToImplement and steps_to_implement:
         control.stepsToImplement = steps_to_implement
     control.implementation = state_text
-    control.responsibility = responsibility
+    control.responsibility = map_responsibility(responsibility)
     control.systemRoleId = primary_role.get("id") if primary_role and isinstance(primary_role, dict) else None
     # Clean statement
     # So, exclusion
@@ -1764,7 +1849,7 @@ def update_existing_control(
 
     # Convert the model to a dict and back to a model to workaround these odd 400 errors.
     try:
-        ControlImplementation(**control.dict()).save()
+        control.save()
     except Exception as e:
         logger.warning(f"Error updating control: {control.id} - {e}")
 

regscale/integrations/public/fedramp/markdown_parser.py

@@ -7,6 +7,7 @@ import re
 import logging
 import zipfile  # Assuming you need this for other file handling
 import pypandoc
+import re
 from collections import defaultdict
 from typing import Dict, TextIO, Optional, Tuple
 from regscale.models import ProfileMapping
@@ -108,7 +109,12 @@ class MDDocParser:
         """
         # Extract control ID and clean it
         html_free_line = self.clean_html_and_newlines(line)
-        clean_line = html_free_line.replace(FULL_SUMMARY_TOKEN, "")
+        # Use regex to find "what" case-insensitively and split
+        pattern = re.compile(r"what", re.IGNORECASE)
+        if pattern.search(html_free_line):
+            clean_line = pattern.split(html_free_line)[0].strip()
+        else:
+            clean_line = html_free_line
         if not clean_line:
             return None
         clean_control_id_from_line = clean_line.strip()

regscale/integrations/scanner_integration.py

@@ -286,6 +286,8 @@ class IntegrationAsset:
 
     source_data: Optional[Dict[str, Any]] = None
     url: Optional[str] = None
+    software_function: Optional[str] = None
+    baseline_configuration: Optional[str] = None
     ports_and_protocols: List[Dict[str, Any]] = dataclasses.field(default_factory=list)
     software_inventory: List[Dict[str, Any]] = dataclasses.field(default_factory=list)
 
@@ -423,6 +425,9 @@ class IntegrationFinding:
     planned_milestone_changes: Optional[str] = None
     adjusted_risk_rating: Optional[str] = None
     risk_adjustment: str = "No"
+
+    # Compliance fields
+    assessment_id: Optional[int] = None
     operational_requirements: Optional[str] = None
     deviation_rationale: Optional[str] = None
     is_cwe: bool = False
@@ -456,7 +461,7 @@ class IntegrationFinding:
     source_rule_id: Optional[str] = None
     vulnerability_type: Optional[str] = None
 
-    # CoalFre POAM
+    # CoalFire POAM
     basis_for_adjustment: Optional[str] = None
     poam_id: Optional[str] = None
 
@@ -569,6 +574,11 @@ class ScannerIntegration(ABC):
 
     :param int plan_id: The ID of the security plan
     :param int tenant_id: The ID of the tenant, defaults to 1
+
+    Configuration options available via kwargs:
+    - suppress_asset_not_found_errors (bool): When True, suppresses "Asset not found" error messages
+      that are commonly logged when assets referenced in findings don't exist in RegScale.
+      This can help reduce log noise in environments with many missing assets.
     """
 
     stig_mapper = None
@@ -624,13 +634,18 @@ class ScannerIntegration(ABC):
     close_outdated_findings = True
     closed_count = 0
 
+    # Error suppression options
+    suppress_asset_not_found_errors = False
+
     def __init__(self, plan_id: int, tenant_id: int = 1, is_component: bool = False, **kwargs):
         """
         Initialize the ScannerIntegration.
 
         :param int plan_id: The ID of the security plan
         :param int tenant_id: The ID of the tenant, defaults to 1
+        :param bool is_component: Whether this is a component integration
         :param kwargs: Additional keyword arguments
+            - suppress_asset_not_found_errors (bool): If True, suppress "Asset not found" error messages
         """
         self.app = Application()
         self.alerted_assets: Set[str] = set()
@@ -639,6 +654,9 @@ class ScannerIntegration(ABC):
         self.plan_id: int = plan_id
         self.tenant_id: int = tenant_id
         self.is_component: bool = is_component
+
+        # Set configuration options from kwargs
+        self.suppress_asset_not_found_errors = kwargs.get("suppress_asset_not_found_errors", False)
         if self.is_component:
             self.component = regscale_models.Component.get_object(self.plan_id)
             self.parent_module: str = regscale_models.Component.get_module_string()
@@ -1135,6 +1153,8 @@ class ScannerIntegration(ABC):
             bAuthenticatedScan=asset.is_authenticated_scan,
             systemAdministratorId=asset.system_administrator_id,
             scanningTool=asset.scanning_tool,
+            softwareFunction=asset.software_function,
+            baselineConfiguration=asset.baseline_configuration,
         )
         if self.asset_identifier_field:
             setattr(new_asset, self.asset_identifier_field, asset.identifier)
@@ -1612,6 +1632,23 @@ class ScannerIntegration(ABC):
         issue.securityPlanId = self.plan_id if not self.is_component else None
         issue.identification = finding.identification
         issue.dateFirstDetected = finding.first_seen
+        # Ensure a due date is always set using configured policy defaults (e.g., FedRAMP)
+        if not finding.due_date:
+            try:
+                base_created = finding.date_created or issue.dateCreated
+                finding.due_date = issue_due_date(
+                    severity=finding.severity,
+                    created_date=base_created,
+                    title=self.title,
+                )
+            except Exception:
+                # Final fallback to a Low severity default if anything goes wrong
+                base_created = finding.date_created or issue.dateCreated
+                finding.due_date = issue_due_date(
+                    severity=regscale_models.IssueSeverity.Low,
+                    created_date=base_created,
+                    title=self.title,
+                )
         issue.dueDate = finding.due_date
         issue.description = description
         issue.sourceReport = finding.source_report or self.title
@@ -1622,15 +1659,21 @@ class ScannerIntegration(ABC):
         issue.integrationFindingId = self.get_finding_identifier(finding)
         issue.poamComments = finding.poam_comments
         issue.cve = finding.cve
+        issue.assessmentId = finding.assessment_id
         control_id = self.get_control_implementation_id_for_cci(finding.cci_ref) if finding.cci_ref else None
         issue.controlId = control_id  # TODO REMOVE
         # Add the control implementation ids and the cci ref if it exists
         # Get control implementation ID for CCI if it exists
         # Only add CCI control ID if it exists
         cci_control_ids = [control_id] if control_id is not None else []
-        issue.affectedControls = finding.affected_controls
+        # Ensure failed control labels (e.g., AC-4(21)) are present in affectedControls
+        if finding.affected_controls:
+            issue.affectedControls = finding.affected_controls
+        elif finding.control_labels:
+            issue.affectedControls = ", ".join(sorted({cl for cl in finding.control_labels if cl}))
 
         issue.controlImplementationIds = list(set(finding._control_implementation_ids + cci_control_ids))  # noqa
+        # Always ensure isPoam reflects current settings, even when updating existing issues
         issue.isPoam = is_poam
         issue.basisForAdjustment = (
             finding.basis_for_adjustment if finding.basis_for_adjustment else f"{self.title} import"
@@ -1647,6 +1690,8 @@ class ScannerIntegration(ABC):
         issue.operationalRequirement = finding.operational_requirements
         issue.deviationRationale = finding.deviation_rationale
         issue.dateLastUpdated = get_current_datetime()
+        ## set affected controls if they exist
+        issue.affectedControls = finding.affected_controls
 
         if finding.cve:
             issue = self.lookup_kev_and_update_issue(cve=finding.cve, issue=issue, cisa_kevs=self._kev_data)
@@ -2053,7 +2098,8 @@ class ScannerIntegration(ABC):
         asset = self.asset_map_by_identifier.get(identifier)
         if not asset and identifier not in self.alerted_assets:
             self.alerted_assets.add(identifier)
-            self.log_error("1. Asset not found for identifier %s", identifier)
+            if not getattr(self, "suppress_asset_not_found_errors", False):
+                self.log_error("1. Asset not found for identifier %s", identifier)
         return asset
 
     def get_issue_by_integration_finding_id(self, integration_finding_id: str) -> Optional[regscale_models.Issue]:
@@ -2078,7 +2124,8 @@ class ScannerIntegration(ABC):
         """
         logger.debug("Processing checklist %s", finding.external_id)
         if not (asset := self.get_asset_by_identifier(finding.asset_identifier)):
-            logger.error("2. Asset not found for identifier %s", finding.asset_identifier)
+            if not getattr(self, "suppress_asset_not_found_errors", False):
+                logger.error("2. Asset not found for identifier %s", finding.asset_identifier)
             return 0
 
         tool = regscale_models.ChecklistTool.STIGs
@@ -2305,7 +2352,8 @@ class ScannerIntegration(ABC):
         # Process checklist if applicable
         if self.type == ScannerIntegrationType.CHECKLIST:
             if not (asset := self.get_asset_by_identifier(finding.asset_identifier)):
-                logger.error("2. Asset not found for identifier %s", finding.asset_identifier)
+                if not getattr(self, "suppress_asset_not_found_errors", False):
+                    logger.error("2. Asset not found for identifier %s", finding.asset_identifier)
                 return
 
             tool = regscale_models.ChecklistTool.STIGs
@@ -2443,7 +2491,10 @@ class ScannerIntegration(ABC):
             return None
 
         if not asset:
-            logger.warning("VulnerabilityMapping Error: Asset not found for identifier %s", finding.asset_identifier)
+            if not getattr(self, "suppress_asset_not_found_errors", False):
+                logger.warning(
+                    "VulnerabilityMapping Error: Asset not found for identifier %s", finding.asset_identifier
+                )
             return None
 
         vulnerability = self.create_vulnerability_from_finding(finding, asset, scan_history)

regscale/models/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 """standard python imports"""
-from regscale.models.app_models.click import regscale_id, regscale_module, regscale_ssp_id
+from regscale.models.app_models.click import regscale_id, regscale_module, regscale_ssp_id, ssp_or_component_id
 from .app_models import *
 from .integration_models import *
 from .regscale_models import *

regscale/models/app_models/__init__.py

@@ -3,3 +3,4 @@
 from .mapping import Mapping
 from .import_validater import ImportValidater
 from .datetime_encoder import DateTimeEncoder
+from .click import NotRequiredIf, regscale_id, regscale_module

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,108 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.08.05",
-    "dateReleased": "2025-08-05T18:03:16.7522Z",
-    "count": 1394,
+    "catalogVersion": "2025.08.21",
+    "dateReleased": "2025-08-21T17:02:19.8046Z",
+    "count": 1401,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-43300",
+            "vendorProject": "Apple",
+            "product": "iOS, iPadOS, and macOS",
+            "vulnerabilityName": "Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-08-21",
+            "shortDescription": "Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I\/O framework.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/124925 ; https:\/\/support.apple.com\/en-us\/124926 ; https:\/\/support.apple.com\/en-us\/124927 ; https:\/\/support.apple.com\/en-us\/124928 ; https:\/\/support.apple.com\/en-us\/124929 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43300",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54948",
+            "vendorProject": "Trend Micro",
+            "product": "Apex One",
+            "vulnerabilityName": "Trend Micro Apex One OS Command Injection Vulnerability",
+            "dateAdded": "2025-08-18",
+            "shortDescription": "Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/success.trendmicro.com\/en-US\/solution\/KA-0020652 ; N\/A ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54948",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-8876",
+            "vendorProject": "N-able",
+            "product": "N-Central",
+            "vulnerabilityName": "N-able N-Central Command Injection Vulnerability",
+            "dateAdded": "2025-08-13",
+            "shortDescription": "N-able N-Central contains a command injection vulnerability via improper sanitization of user input.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/status.n-able.com\/2025\/08\/13\/announcing-the-ga-of-n-central-2025-3-1\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-8876",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-8875",
+            "vendorProject": "N-able",
+            "product": "N-Central",
+            "vulnerabilityName": "N-able N-Central Insecure Deserialization Vulnerability",
+            "dateAdded": "2025-08-13",
+            "shortDescription": "N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/status.n-able.com\/2025\/08\/13\/announcing-the-ga-of-n-central-2025-3-1\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-8875",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-8088",
+            "vendorProject": "RARLAB",
+            "product": "WinRAR",
+            "vulnerabilityName": "RARLAB WinRAR Path Traversal Vulnerability",
+            "dateAdded": "2025-08-12",
+            "shortDescription": "RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-02",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.win-rar.com\/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-8088",
+            "cwes": [
+                "CWE-35"
+            ]
+        },
+        {
+            "cveID": "CVE-2007-0671",
+            "vendorProject": "Microsoft",
+            "product": "Office",
+            "vulnerabilityName": "Microsoft Office Excel Remote Code Execution Vulnerability",
+            "dateAdded": "2025-08-12",
+            "shortDescription": "Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-02",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/learn.microsoft.com\/en-us\/security-updates\/securitybulletins\/2007\/ms07-015 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2007-0671",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2013-3893",
+            "vendorProject": "Microsoft",
+            "product": "Internet Explorer",
+            "vulnerabilityName": "Microsoft Internet Explorer Resource Management Errors Vulnerability",
+            "dateAdded": "2025-08-12",
+            "shortDescription": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-02",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/learn.microsoft.com\/en-us\/security-updates\/securitybulletins\/2013\/ms13-080 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-3893",
+            "cwes": [
+                "CWE-399"
+            ]
+        },
         {
             "cveID": "CVE-2020-25078",
             "vendorProject": "D-Link",
@@ -236,7 +335,7 @@
             "shortDescription": "Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-11",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX693420 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5777",
             "cwes": [
                 "CWE-125"