From 91b9d54a8d165d78e00426b01ae676df6731340d Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Fri, 25 Nov 2022 09:59:03 +0000
Subject: [PATCH] Auto Generated CVE annotations [Fri Nov 25 09:59:03 UTC 2022]
 :robot:

---
 cves/2022/CVE-2022-25481.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cves/2022/CVE-2022-25481.yaml b/cves/2022/CVE-2022-25481.yaml
index 9cbf11bcf8..fb6550e8d7 100644
--- a/cves/2022/CVE-2022-25481.yaml
+++ b/cves/2022/CVE-2022-25481.yaml
@@ -3,15 +3,20 @@ id: CVE-2022-25481
 info:
   name: ThinkPHP 5.0.24 - Information Disclosure
   author: caon
-  severity: low
+  severity: high
   description: |
     ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
   reference:
     - https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
     - https://nvd.nist.gov/vuln/detail/CVE-2022-25481
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2022-25481
+    cwe-id: CWE-668
   metadata:
-    verified: true
     shodan-query: title:"ThinkPHP"
+    verified: "true"
   tags: cve,cve2022,thinkphp,exposure,oss
 
 requests: