Share
## https://sploitus.com/exploit?id=E1D4CE5F-68E1-5BE7-94D2-6967A898462E
# Ethan Public Disclosures

Security vulnerability disclosures and advisories by Ethan Taebeom Kim ([Cremit](https://cremit.io))

## Disclosures

| ID | Target | Vulnerability | Severity | Reported Via | Disclosed |
|----|--------|---------------|----------|--------------|-----------|
| [CVE-2025-69871](./CVE-2025-69871-MedusaJS-TOCTOU.md) | MedusaJS - TOCTOU | Race Condition in Promotion Usage Limit | High (7.5) | MITRE | 2025-12 |
| [CVE-2025-69872](./CVE-2025-69872-DiskCache-Pickle-Deserialization.md) | DiskCache - Pickle Deserialization | Unsafe Pickle Deserialization โ†’ RCE | High (7.3) | MITRE | 2025-12 |
| [CVE-2025-69873](./CVE-2025-69873-ajv-ReDoS.md) | ajv - ReDoS | ReDoS via $data Reference | High (7.5) | MITRE | 2025-12 |
| [CVE-2025-69874](./CVE-2025-69874-nanotar-Path-Traversal.md) | nanotar - Path Traversal | Zip Slip in parseTar()/parseTarGzip() | High (7.5) | MITRE | 2025-12 |

## Contact

For questions about these disclosures, contact **ethan@cremit.io**.