PoC Week 2025-02-24

Posted on Feb 24, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

This one’s going out a few days late so will have some more recent CVEs.

CVE-2025-1094

  • Severity: 8.9 HIGH
  • Impacted Products: PostgreSQL
  • Description: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2025-1094
  • PoC: https://github.com/rapid7/metasploit-framework/blob/2d858ac1f0bb5bfaa9841ebbaa7c0aa7149c9000/modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb

CVE-2024-53704

  • Severity: 8.2 HIGH
  • Impacted Products: SonicWall, various versions
  • Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
  • Remediation: Follow Microsoft’s advisories for mitigation or patching strategies.
  • More Info: NVD - CVE-2024-53704
  • PoC: https://github.com/istagmbh/CVE-2024-53704/

CVE-2025-24016

  • Severity: 9.9 CRITICAL
  • Impacted Products: Wazuh v4.4.0 and prior to version 4.9.1
  • Description: Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using as_wazuh_object (in framework/wazuh/core/cluster/common.py). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (__unhandled_exc__) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2025-24016
  • PoC: https://github.com/MuhammadWaseem29/CVE-2025-24016/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.