CNNVD-202509-2702 Information
CNNVD ID
CNNVD-202509-2702
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.1之前版本存在安全漏洞,该漏洞源于未转义用户控制的LDAP查询字符串,可能导致修改LDAP授权数据。
Description (English)
CISA Thorium is a highly scalable, distributed malware analysis and data generation framework for the United States Cyber Security and Infrastructure Security Agency (CISA) government departments. There was a security loophole in the previous version of CISA Thorium 1.1.1, which originated from a LDAP query string that was not transferred to user-controlled, which could lead to changes in LDAP authorized data.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cisofy
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008 https://github.com/cisagov/thorium/releases/tag/1.1.1 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json https://www.cve.org/CVERecord?id=CVE-2025-35431
Patch
https://github.com/cisagov/thorium/releases
Share on: