diff --git a/cves/CVE-2019-12725.yaml b/cves/CVE-2019-12725.yaml
index a835f61674..66da9062b7 100644
--- a/cves/CVE-2019-12725.yaml
+++ b/cves/CVE-2019-12725.yaml
@@ -9,8 +9,9 @@ info:
     found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url.
     As sudo is configured to execute /bin/tar without a password (NOPASSWD)
     it is possible to run root commands using the "checkpoint" tar options.
-  references: https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
-  # https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
+  references:
+    - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
+    - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
 
 requests:
   - method: GET