tonyharris.io

PoC Week 2025-08-11

Posted on Aug 11, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-53770

  • Severity: 9.8 CRITICAL
  • Impacted Products: Hosted Sharepoint Server
  • Description: Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-53770
  • PoC: https://github.com/B1ack4sh/Blackash-CVE-2025-53770/

CVE-2025-6558

  • Severity: 8.8 HIGH
  • Impacted Products: Google Chrome prior to 138.0.7204.157
  • Description: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-6558
  • PoC: https://github.com/DevBuiHieu/CVE-2025-6558-Proof-Of-Concept

CVE-2025-54381

  • Severity: 8.8 HIGH
  • Impacted Products: BentoML 1.4.0 until 1.4.19
  • Description: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-54381
  • PoC: https://github.com/B1ack4sh/Blackash-CVE-2025-54381/

CVE-2025-54253

CVE-2025-48384

  • Severity: 8 HIGH
  • Impacted Products: git prior to v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1
  • Description: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-48384
  • PoC: https://github.com/nguyentranbaotran/cve-2025-48384-poc/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.