PoC Week 2025-03-31

Posted on Mar 31, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-1974

  • Severity: 9.3 CRITICAL
  • Impacted Products: Kubernetes ingress-nginx, various versions
  • Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-1974
  • PoC: https://github.com/yoshino-s/CVE-2025-1974/

CVE-2025-30154

  • Severity: 8.6 HIGH
  • Impacted Products: Reviewdog action-setup, various versions and forks.
  • Description: reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v1 that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-30154
  • PoC: https://github.com/reviewdog/action-setup/commit/f0d342d

This ^ is a slightly weird one, in that the poc is the malicious commit itself, with b64 encoded payload.

CVE-2025-2746, CVE-2025-2747

CVE-2024-33452

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.