diff --git a/data/cve/CVE-2025-37949.json b/data/cve/CVE-2025-37949.json
new file mode 100644
index 0000000000000000000000000000000000000000..5cde9ead3376f368fe9fe2dc2044b9592679256d
--- /dev/null
+++ b/data/cve/CVE-2025-37949.json
@@ -0,0 +1,71 @@
+{
+    "id": 28192,
+    "cve_id": "CVE-2025-37949",
+    "creator": null,
+    "publisher": "cve-center",
+    "publish_third_party_token": "cve-center",
+    "publish_date": "2025-05-21 00:15:32",
+    "cvss": {
+        "nvd_cvss": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+        "openanolis_cvss": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    "product": [
+        {
+            "product_id": 6,
+            "name_version": "Anolis OS 7",
+            "product_package_info": {
+                "src": [
+                    {
+                        "rpm_name": "kernel:4.19",
+                        "rpm_status": "out_scope"
+                    }
+                ]
+            }
+        },
+        {
+            "product_id": 5,
+            "name_version": "Anolis OS 8",
+            "product_package_info": {
+                "src": [
+                    {
+                        "rpm_name": "kernel:5.10",
+                        "rpm_status": "affected"
+                    }
+                ]
+            }
+        },
+        {
+            "product_id": 7,
+            "name_version": "Anolis OS 23",
+            "product_package_info": {
+                "src": [
+                    {
+                        "rpm_name": "kernel:6.6",
+                        "rpm_status": "unaffected"
+                    }
+                ]
+            }
+        }
+    ],
+    "affected_packages": [
+        "kernel:6.6",
+        "kernel:5.10",
+        "kernel:4.19"
+    ],
+    "score": 7.0,
+    "severity": "Moderate",
+    "status": 1,
+    "source": "Mitre",
+    "cve_source_link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37949",
+    "abstract": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n <TASK>\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req->cb(req).  req->cb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply().  It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req.  When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request.  One for the caller, and\none for xenbus_thread.  Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst",
+    "description": null,
+    "issue": null,
+    "acknowledgements": null,
+    "acknowledgements_en": null,
+    "reference": null,
+    "diagnose": null,
+    "statement": null,
+    "mitigation": null,
+    "update_user": null,
+    "errata": []
+}
\ No newline at end of file