PoC Week 2025-05-26
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-31324
- Severity: 9.8 CRITICAL
- Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader
- Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-31324
- PoC: https://github.com/nullcult/CVE-2025-31324-File-Upload/
CVE-2025-4978
- Severity: 9.3 CRITICAL
- Impacted Products: Netgear DGND3700 1.1.00.15_1.00.15NA
- Description: This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-4978
- PoC: https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md
CVE-2025-47916
- Severity: 9.3 CRITICAL
- Impacted Products: Invision Community 5.0.0 before 5.0.7
- Description: Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-47916
- PoC: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/invision_customcss_rce.rb
CVE-2025-46724
- Severity: 9.8 CRITICAL
- Impacted Products: Langroid < 0.53.15
- Description: Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15,
TableChatAgent
usespandas eval()
. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input toTableChatAgent
by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. - Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-46724
- PoC: https://github.com/advisories/GHSA-jqq5-wc57-f8hj
CVE-2025-4664
- Severity: 4.3 MEDIUM
- Impacted Products: Google Chrome prior to 136.0.7103.113
- Description: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-4664
- PoC: https://x.com/slonser_/status/1919439380512469315
CVE-2025-4632
- Severity: 9.8 CRITICAL
- Impacted Products: Samsung MagicINFO 9 Server version before 21.1052
- Description: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-4632
- PoC: https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/
CVE-2025-45857
- Severity: 9.8 CRITICAL
- Impacted Products: EDIMAX CV7428NS v1.20
- Description: EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-45857
- PoC: https://github.com/Jiangxiazhe/IOT_hack/blob/main/EDIMAX/CV7428NS/1.md
CVE-2025-4427 & CVE-2025-4428
- Severity: 7.5 HIGH
- Impacted Products: Ivanti Endpoint Manager Mobile 12.5.0.0
- Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
- Remediation: Follow developer advice.
- More Info: NVD - CVE-2025-4427 & NVD - CVE-2025-4428
- PoC: https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
CVE-2024-46506
- Severity: 10.0 CRITICAL
- Impacted Products: NetAlertX 23.01.14 through 24.x before 24.10.12
- Description: Unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
- More Info: NVD - CVE-2024-46506
- PoC: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netalertx_rce_cve_2024_46506.rb
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.