{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10975", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-09-25T14:12:06.699Z", "datePublished": "2025-09-25T21:32:07.791Z", "dateUpdated": "2025-09-26T17:53:07.057Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-25T21:32:07.791Z"}, "title": "GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "Deserialization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "Improper Input Validation"}]}], "affected": [{"vendor": "GuanxingLu", "product": "vlarl", "versions": [{"version": "31abc0baf53ef8f5db666a1c882e1ea64def2997", "status": "affected"}], "modules": ["ZeroMQ"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided."}, {"lang": "de", "value": "In GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997 wurde eine Schwachstelle gefunden. Es geht um die Funktion experiments.robot.bridge.reasoning_server::run_reasoning_server der Datei experiments/robot/bridge/reasoning_server.py der Komponente ZeroMQ. Durch Beeinflussen des Arguments Message mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. Das Produkt nutzt ein Rolling Release f\u00fcr die kontinuierliche Auslieferung. Deshalb gibt es keine Versionsangaben zu betroffenen oder aktualisierten Releases."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-09-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-25T16:17:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zznQ (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.325846", "name": "VDB-325846 | GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.325846", "name": "VDB-325846 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.653279", "name": "Submit #653279 | vlarl latest Insecure Deserialization(leads to Remote Code Execution)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18", "tags": ["issue-tracking"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/GuanxingLu/vlarl/issues/18", "tags": ["exploit"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-26T17:36:49.431563Z", "id": "CVE-2025-10975", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-26T17:53:07.057Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "zznQ (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "GuanxingLu", "modules": ["ZeroMQ"], "product": "vlarl", "versions": [{"status": "affected", "version": "31abc0baf53ef8f5db666a1c882e1ea64def2997"}]}], "timeline": [{"lang": "en", "time": "2025-09-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-25T16:17:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.325846", "name": "VDB-325846 | GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.325846", "name": "VDB-325846 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.653279", "name": "Submit #653279 | vlarl latest Insecure Deserialization(leads to Remote Code Execution)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18", "tags": ["issue-tracking"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided."}, {"lang": "de", "value": "In GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997 wurde eine Schwachstelle gefunden. Es geht um die Funktion experiments.robot.bridge.reasoning_server::run_reasoning_server der Datei experiments/robot/bridge/reasoning_server.py der Komponente ZeroMQ. Durch Beeinflussen des Arguments Message mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. Das Produkt nutzt ein Rolling Release f\u00fcr die kontinuierliche Auslieferung. Deshalb gibt es keine Versionsangaben zu betroffenen oder aktualisierten Releases."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-25T21:32:07.791Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10975", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-26T17:36:49.431563Z"}}}], "references": [{"url": "https://github.com/GuanxingLu/vlarl/issues/18", "tags": ["exploit"]}, {"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-09-26T17:36:57.686Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-10975", "state": "PUBLISHED", "dateUpdated": "2025-09-25T21:32:07.791Z", "dateReserved": "2025-09-25T14:12:06.699Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-25T21:32:07.791Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided."}], "id": "CVE-2025-10975", "lastModified": "2025-09-26T18:15:34.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-09-25T22:15:34.503", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/GuanxingLu/vlarl/issues/18"}, {"source": "cna@vuldb.com", "url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.325846"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.325846"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.653279"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/GuanxingLu/vlarl/issues/18"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"created": "2025-09-26T11:35:29.900574+00:00", "updated": "2025-09-26T11:35:29.900629+00:00", "vendors": ["zeromq", "zeromq$PRODUCT$zeromq"]}