PoC Week 2025-03-03

Posted on Mar 3, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-54820

  • Severity: 9.8 CRITICAL
  • Impacted Products: XOne Web Monitor v02.10.2024.530 framework 1.0.4.9
  • Description: SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2024-54820
  • PoC: https://github.com/jcarabantes/CVE-2024-54820/

CVE-2025-26794

CVE-2024-55460

  • Severity: 9.8 CRITICAL
  • Impacted Products: BoardRoom Limited Dividend Distribution Tax Election System Version v2.0
  • Description: A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2024-55460
  • PoC: https://github.com/Ap0k4L1p5/CVE-research/tree/master/CVE-2024-55460

CVE-2025-27364

  • Severity: 10 CRITICAL
  • Impacted Products: MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e
  • Description: Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera’s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-27364
  • PoC: https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e

CVE-2025-26615

  • Severity: 10 CRITICAL
  • Impacted Products: WeGIA < v.3.2.14
  • Description: A Path Traversal vulnerability was discovered in the WeGIA application, examples.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in config.php. config.php contains information that could allow direct access to the database.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-26615
  • PoC: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-p5wx-pv8j-f96h

CVE-2025-25279

  • Severity: 9.9 CRITICAL
  • Impacted Products: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2
  • Description: Failure to properly validate board blocks when importing boards allows an attacker to read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-25279
  • PoC: https://github.com/numanturle/CVE-2025-25279/

CVE-2025-24893

  • Severity: 9.8 CRITICAL
  • Impacted Products: XWiki Platform
  • Description: Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to <host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit Main.SolrSearchMacros in SolrSearchMacros.xml on line 955 to match the rawResponse macro in macros.vm#L2824 with a content type of application/xml, instead of simply outputting the content of the feed.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-24893
  • PoC: https://github.com/iSee857/CVE-2025-24893-PoC/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.