Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/12/GHSA-22hj-9cx7-p2hw/GHSA-22hj-9cx7-p2hw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22hj-9cx7-p2hw",
-  "modified": "2021-12-16T00:02:48Z",
+  "modified": "2026-02-03T15:30:21Z",
   "published": "2021-12-14T00:00:44Z",
   "aliases": [
     "CVE-2021-39935"
   ],
   "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-85h5-chmw-697j/GHSA-85h5-chmw-697j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-85h5-chmw-697j",
-  "modified": "2022-05-24T17:01:42Z",
+  "modified": "2026-02-03T15:30:19Z",
   "published": "2022-05-24T17:01:42Z",
   "aliases": [
     "CVE-2019-19006"
   ],
   "details": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -22,6 +27,10 @@
       "type": "WEB",
       "url": "https://pastebin.com/2CdsQMKW"
     },
+    {
+      "type": "WEB",
+      "url": "https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization"
+    },
     {
       "type": "WEB",
       "url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
@@ -32,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-287"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-328c-wrf2-c723/GHSA-328c-wrf2-c723.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-328c-wrf2-c723",
-  "modified": "2025-10-09T15:31:03Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T15:31:03Z",
   "aliases": [
     "CVE-2025-39960"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: acpi: initialize acpi_gpio_info struct\n\nSince commit 7c010d463372 (\"gpiolib: acpi: Make sure we fill struct\nacpi_gpio_info\"), uninitialized acpi_gpio_info struct are passed to\n__acpi_find_gpio() and later in the call stack info->quirks is used in\nacpi_populate_gpio_lookup. This breaks the i2c_hid_cpi driver:\n\n[   58.122916] i2c_hid_acpi i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ\n[   58.123097] i2c_hid_acpi i2c-UNIW0001:00: probe with driver i2c_hid_acpi failed with error -22\n\nFix this by initializing the acpi_gpio_info pass to __acpi_find_gpio()",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T13:15:32Z"

advisories/unreviewed/2025/10/GHSA-486r-g5rc-cq67/GHSA-486r-g5rc-cq67.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-486r-g5rc-cq67",
-  "modified": "2025-10-09T12:30:18Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T12:30:18Z",
   "aliases": [
     "CVE-2025-39956"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: don't fail igc_probe() on LED setup error\n\nWhen igc_led_setup() fails, igc_probe() fails and triggers kernel panic\nin free_netdev() since unregister_netdev() is not called. [1]\nThis behavior can be tested using fault-injection framework, especially\nthe failslab feature. [2]\n\nSince LED support is not mandatory, treat LED setup failures as\nnon-fatal and continue probe with a warning message, consequently\navoiding the kernel panic.\n\n[1]\n kernel BUG at net/core/dev.c:12047!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 0 UID: 0 PID: 937 Comm: repro-igc-led-e Not tainted 6.17.0-rc4-enjuk-tnguy-00865-gc4940196ab02 #64 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:free_netdev+0x278/0x2b0\n [...]\n Call Trace:\n  <TASK>\n  igc_probe+0x370/0x910\n  local_pci_probe+0x3a/0x80\n  pci_device_probe+0xd1/0x200\n [...]\n\n[2]\n #!/bin/bash -ex\n\n FAILSLAB_PATH=/sys/kernel/debug/failslab/\n DEVICE=0000:00:05.0\n START_ADDR=$(grep \" igc_led_setup\" /proc/kallsyms \\\n         | awk '{printf(\"0x%s\", $1)}')\n END_ADDR=$(printf \"0x%x\" $((START_ADDR + 0x100)))\n\n echo $START_ADDR > $FAILSLAB_PATH/require-start\n echo $END_ADDR > $FAILSLAB_PATH/require-end\n echo 1 > $FAILSLAB_PATH/times\n echo 100 > $FAILSLAB_PATH/probability\n echo N > $FAILSLAB_PATH/ignore-gfp-wait\n\n echo $DEVICE > /sys/bus/pci/drivers/igc/bind",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T10:15:36Z"

advisories/unreviewed/2025/10/GHSA-63w2-9qrq-4h94/GHSA-63w2-9qrq-4h94.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-63w2-9qrq-4h94",
-  "modified": "2025-10-09T12:30:18Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T12:30:18Z",
   "aliases": [
     "CVE-2025-39955"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n  1. accept()\n  2. connect(AF_UNSPEC)\n  3. connect() to another destination\n\nAs of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet's call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS:  0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n <IRQ>\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n </IRQ>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T10:15:36Z"

advisories/unreviewed/2025/10/GHSA-9p48-47pw-5x95/GHSA-9p48-47pw-5x95.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9p48-47pw-5x95",
-  "modified": "2025-10-09T12:30:19Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T12:30:18Z",
   "aliases": [
     "CVE-2025-39959"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: Fix incorrect retrival of acp_chip_info\n\nUse dev_get_drvdata(dev->parent) instead of dev_get_platdata(dev)\nto correctly obtain acp_chip_info members in the acp I2S driver.\nPreviously, some members were not updated properly due to incorrect\ndata access, which could potentially lead to null pointer\ndereferences.\n\nThis issue was missed in the earlier commit\n(\"ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot\"),\nwhich only addressed set_tdm_slot(). This change ensures that all\nrelevant functions correctly retrieve acp_chip_info, preventing\nfurther null pointer dereference issues.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T10:15:38Z"

advisories/unreviewed/2025/10/GHSA-cq2w-q6m3-mhw9/GHSA-cq2w-q6m3-mhw9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cq2w-q6m3-mhw9",
-  "modified": "2025-10-09T15:31:03Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T15:31:03Z",
   "aliases": [
     "CVE-2025-39961"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/pgtbl: Fix possible race while increase page table level\n\nThe AMD IOMMU host page table implementation supports dynamic page table levels\n(up to 6 levels), starting with a 3-level configuration that expands based on\nIOVA address. The kernel maintains a root pointer and current page table level\nto enable proper page table walks in alloc_pte()/fetch_pte() operations.\n\nThe IOMMU IOVA allocator initially starts with 32-bit address and onces its\nexhuasted it switches to 64-bit address (max address is determined based\non IOMMU and device DMA capability). To support larger IOVA, AMD IOMMU\ndriver increases page table level.\n\nBut in unmap path (iommu_v1_unmap_pages()), fetch_pte() reads\npgtable->[root/mode] without lock. So its possible that in exteme corner case,\nwhen increase_address_space() is updating pgtable->[root/mode], fetch_pte()\nreads wrong page table level (pgtable->mode). It does compare the value with\nlevel encoded in page table and returns NULL. This will result is\niommu_unmap ops to fail and upper layer may retry/log WARN_ON.\n\nCPU 0                                         CPU 1\n------                                       ------\nmap pages                                    unmap pages\nalloc_pte() -> increase_address_space()      iommu_v1_unmap_pages() -> fetch_pte()\n  pgtable->root = pte (new root value)\n                                             READ pgtable->[mode/root]\n\t\t\t\t\t       Reads new root, old mode\n  Updates mode (pgtable->mode += 1)\n\nSince Page table level updates are infrequent and already synchronized with a\nspinlock, implement seqcount to enable lock-free read operations on the read path.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T13:15:32Z"

advisories/unreviewed/2025/10/GHSA-g295-3qg8-vf4w/GHSA-g295-3qg8-vf4w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g295-3qg8-vf4w",
-  "modified": "2025-10-09T12:30:18Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-09T12:30:18Z",
   "aliases": [
     "CVE-2025-39954"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: mp: Fix dual-divider clock rate readback\n\nWhen dual-divider clock support was introduced, the P divider offset was\nleft out of the .recalc_rate readback function. This causes the clock\nrate to become bogus or even zero (possibly due to the P divider being\n1, leading to a divide-by-zero).\n\nFix this by incorporating the P divider offset into the calculation.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-369"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-09T10:15:31Z"

advisories/unreviewed/2025/10/GHSA-jc8g-4mch-vjcv/GHSA-jc8g-4mch-vjcv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jc8g-4mch-vjcv",
-  "modified": "2025-10-13T15:31:18Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-13T15:31:18Z",
   "aliases": [
     "CVE-2025-39965"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn't use 0 as SPI\n\nx->id.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn't remove those states from the byspi list,\nsince they shouldn't be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-13T14:15:34Z"

advisories/unreviewed/2025/10/GHSA-jrgc-8xmv-4r2m/GHSA-jrgc-8xmv-4r2m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jrgc-8xmv-4r2m",
-  "modified": "2025-10-15T09:30:16Z",
+  "modified": "2026-02-03T15:30:20Z",
   "published": "2025-10-15T09:30:16Z",
   "aliases": [
     "CVE-2025-39966"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix race during abort for file descriptors\n\nfput() doesn't actually call file_operations release() synchronously, it\nputs the file on a work queue and it will be released eventually.\n\nThis is normally fine, except for iommufd the file and the iommufd_object\nare tied to gether. The file has the object as it's private_data and holds\na users refcount, while the object is expected to remain alive as long as\nthe file is.\n\nWhen the allocation of a new object aborts before installing the file it\nwill fput() the file and then go on to immediately kfree() the obj. This\ncauses a UAF once the workqueue completes the fput() and tries to\ndecrement the users refcount.\n\nFix this by putting the core code in charge of the file lifetime, and call\n__fput_sync() during abort to ensure that release() is called before\nkfree. __fput_sync() is a bit too tricky to open code in all the object\nimplementations. Instead the objects tell the core code where the file\npointer is and the core will take care of the life cycle.\n\nIf the object is successfully allocated then the file will hold a users\nrefcount and the iommufd_object cannot be destroyed.\n\nIt is worth noting that close(); ioctl(IOMMU_DESTROY); doesn't have an\nissue because close() is already using a synchronous version of fput().\n\nThe UAF looks like this:\n\n    BUG: KASAN: slab-use-after-free in iommufd_eventq_fops_release+0x45/0xc0 drivers/iommu/iommufd/eventq.c:376\n    Write of size 4 at addr ffff888059c97804 by task syz.0.46/6164\n\n    CPU: 0 UID: 0 PID: 6164 Comm: syz.0.46 Not tainted syzkaller #0 PREEMPT(full)\n    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n    Call Trace:\n     <TASK>\n     __dump_stack lib/dump_stack.c:94 [inline]\n     dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n     print_address_description mm/kasan/report.c:378 [inline]\n     print_report+0xcd/0x630 mm/kasan/report.c:482\n     kasan_report+0xe0/0x110 mm/kasan/report.c:595\n     check_region_inline mm/kasan/generic.c:183 [inline]\n     kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189\n     instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n     atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:400 [inline]\n     __refcount_dec include/linux/refcount.h:455 [inline]\n     refcount_dec include/linux/refcount.h:476 [inline]\n     iommufd_eventq_fops_release+0x45/0xc0 drivers/iommu/iommufd/eventq.c:376\n     __fput+0x402/0xb70 fs/file_table.c:468\n     task_work_run+0x14d/0x240 kernel/task_work.c:227\n     resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n     exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n     exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n     syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n     syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n     do_syscall_64+0x41c/0x4c0 arch/x86/entry/syscall_64.c:100\n     entry_SYSCALL_64_after_hwframe+0x77/0x7f",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-15T08:15:34Z"