PoC Week 2025-10-29

Posted on Oct 29, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-59287

Severity: 9.8 CRITICAL
Impacted Products: Windows Server - various versions
Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-59287
PoC: https://github.com/mrk336/Breaking-the-Update-Chain-Inside-CVE-2025-59287-and-the-WSUS-RCE-Threat/

CVE-2025-61882 & CVE-2025-61884

Severity: 7.5 HIGH
Impacted Products: Oracle Configurator
Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-61884
PoC: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882

CVE-2025-40778

Severity: 8.6 HIGH
Impacted Products: BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Description: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-40778
PoC: https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

CVE-2025-11391

Severity: 9.8 CRITICAL
Impacted Products: PPOM for WooCommerce <= 33.0.15
Description: The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. While the vulnerable code is in the free version, this only affected users with the paid version of the software installed and activated.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-11391
PoC: https://github.com/aritlhq/CVE-2025-11391

CVE-2025-10041

Severity: 9.8 CRITICAL
Impacted Products: Flex QR Code Generator <= 1.25
Description: The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-10041
PoC: https://github.com/Nxploited/CVE-2025-10041

CVE-2025-10916

Severity: 7.5 HIGH
Impacted Products: FormGent WordPress plugin before 1.0.4
Description: The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
Remediation: Follow developer advice.
More Info: NVD - CVE-2025-10916
PoC: https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.